dce31271f848fd04527e91a79f6d7aaec29a44314899ebac4f18cc1faa27ef68N

Sharing

Copy URL

Twitter E-mail

General

Target

dce31271f848fd04527e91a79f6d7aaec29a44314899ebac4f18cc1faa27ef68N
Size

825KB
MD5

f680511cb11f33c90ed9c9446755a870
SHA1

fec1803e7bec0081e7c03b73903a5911fa1731f7
SHA256

dce31271f848fd04527e91a79f6d7aaec29a44314899ebac4f18cc1faa27ef68
SHA512

d8482ecbc848fb871df3085b330fb16cfa461407c299f960c4229731a1327a73df3b25a0eeb3d17c8c78795ee6511415d09756367eb0b772552faef4f9d31d2d
SSDEEP

24576:XphFQncsgaCX0MmwTwHeeXV9s7EKb/kKTH:dQcsTMmwql9s/b/kKTH

Score

1^/10

Malware Config

Signatures

Files

dce31271f848fd04527e91a79f6d7aaec29a44314899ebac4f18cc1faa27ef68N
.exe windows:4 windows x86 arch:x86

b526732b8ad0f4659b27f6f99d8ff553

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:56:1c:79:a3:95:e9:18:6d:49:7e:ac:d1:66:7c:c8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/07/2006, 00:00

Not After

10/08/2009, 23:59

Subject

CN=IncrediMail Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=IncrediMail Ltd.,L=Tel-Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:2f:52:11:09:dd:78:98:e6:5f:04:64:34:59:b4:f7:7f:dc:71:15
Signer

Actual PE Digest

f1:2f:52:11:09:dd:78:98:e6:5f:04:64:34:59:b4:f7:7f:dc:71:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToCacheFileA

wininet

InternetAutodial
InternetGetConnectedState
DeleteUrlCacheEntry
InternetReadFile
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA
HttpQueryInfoA
InternetOpenUrlA
InternetGetCookieA
InternetCloseHandle

comctl32

ImageList_Add
ImageList_Draw
ImageList_Create
ImageList_AddMasked
InitCommonControlsEx
ImageList_Destroy

kernel32

InterlockedDecrement
lstrcmpiA
SetEvent
CloseHandle
WaitForSingleObject
QueueUserAPC
EnterCriticalSection
LeaveCriticalSection
CreateThread
CreateEventA
GetModuleFileNameA
InterlockedIncrement
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
ReleaseMutex
GetCurrentThreadId
GetCommandLineA
CreateMutexA
TlsSetValue
GetLocalTime
OutputDebugStringA
WriteFile
TlsGetValue
VirtualQuery
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
SetUnhandledExceptionFilter
FlushInstructionCache
SleepEx
GlobalFree
GlobalAlloc
GetVersionExA
CreateFileA
DeleteFileA
TerminateProcess
ReadFile
GetFileSize
SetThreadPriority
OpenProcess
LocalFree
FormatMessageA
SetLastError
GetSystemDefaultLangID
SetFilePointer
WaitForMultipleObjects
GetExitCodeThread
FindClose
FindFirstFileA
SetCurrentDirectoryA
GetExitCodeProcess
GetSystemDirectoryA
CopyFileA
GetACP
GetLongPathNameA
GetEnvironmentVariableA
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
FindResourceA
GetTempFileNameA
TlsAlloc
TlsFree
GetTempPathA
GetSystemTime
LocalLock
CreateDirectoryA
FindNextFileA
GetFileAttributesA
GetPrivateProfileSectionNamesA
RemoveDirectoryA
SetFileAttributesA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetFileTime
DosDateTimeToFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentDirectoryA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetSystemTimeAsFileTime
ExitThread
GetSystemInfo
VirtualProtect
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
HeapDestroy
HeapCreate
ExitProcess
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
RaiseException
Sleep
lstrlenW
lstrlenA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetStdHandle
HeapSize
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetTickCount
GetCPInfo

user32

DestroyAcceleratorTable
FillRect
ReleaseCapture
IsChild
SetCapture
InvalidateRgn
ClientToScreen
GetClassInfoExA
EnableWindow
CallWindowProcA
CopyRect
DrawFocusRect
GetSysColor
GetWindowPlacement
LoadStringA
WaitForInputIdle
MsgWaitForMultipleObjectsEx
RemoveMenu
LoadCursorA
SetCursor
GetKeyState
GetFocus
GetDesktopWindow
CreateAcceleratorTableA
GetWindowTextLengthA
GetWindowTextA
RegisterWindowMessageA
UnregisterClassA
ExitWindowsEx
CharLowerW
LoadIconA
LoadImageA
LoadBitmapA
DialogBoxParamA
CreateDialogParamA
SetDlgItemTextA
SetFocus
MoveWindow
GetSystemMenu
SendMessageA
DrawIcon
DestroyIcon
SetRectEmpty
GetDlgItem
ReleaseDC
GetDC
EndPaint
BeginPaint
EndDialog
GetWindow
SystemParametersInfoA
MapWindowPoints
GetForegroundWindow
GetParent
GetWindowRect
GetSystemMetrics
ScreenToClient
SetRect
RedrawWindow
InvalidateRect
InflateRect
GetNextDlgTabItem
CharLowerA
GetClientRect
SetWindowPos
SetWindowTextA
GetWindowLongA
GetActiveWindow
SetWindowLongA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA
FindWindowA
GetWindowThreadProcessId
EnumThreadWindows
PostMessageA
IsWindowVisible
GetClassNameA
IsIconic
ShowWindow
SetForegroundWindow
PostQuitMessage
DefWindowProcA
PostThreadMessageA
IsWindow
DestroyWindow
CreateWindowExA
CharNextA
CharLowerBuffA
SendDlgItemMessageA

gdi32

SetBkColor
ExtTextOutA
GetTextExtentPoint32A
CreateSolidBrush
CreateCompatibleBitmap
GetDeviceCaps
SetTextColor
GetObjectA
BitBlt
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
SetBkMode
GetStockObject
DeleteObject
CreateFontIndirectA

advapi32

RegSetValueExA
RegQueryValueExA
DuplicateTokenEx
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegNotifyChangeKeyValue
OpenProcessToken
CreateProcessAsUserA
SetTokenInformation
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetMalloc

ole32

CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
ProgIDFromCLSID
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VarBstrCmp
SysAllocStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringLen

shlwapi

UrlUnescapeA
UrlEscapeA
PathFindFileNameA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 524KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b526732b8ad0f4659b27f6f99d8ff553

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4e:56:1c:79:a3:95:e9:18:6d:49:7e:ac:d1:66:7c:c8Certificate

Extended Key Usages

Key Usages

f1:2f:52:11:09:dd:78:98:e6:5f:04:64:34:59:b4:f7:7f:dc:71:15Signer

Headers

File Characteristics

Imports

urlmon

wininet

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Sections

.text Size: 524KB - Virtual size: 522KB

.rdata Size: 128KB - Virtual size: 125KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 148KB - Virtual size: 144KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4e:56:1c:79:a3:95:e9:18:6d:49:7e:ac:d1:66:7c:c8
Certificate

f1:2f:52:11:09:dd:78:98:e6:5f:04:64:34:59:b4:f7:7f:dc:71:15
Signer

.text
Size: 524KB - Virtual size: 522KB

.rdata
Size: 128KB - Virtual size: 125KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 148KB - Virtual size: 144KB