84e8f0d140ea5c237cdd559fd4e6ba45d7c12edbf007ccf2e8ec74f8d8d92794

Sharing

Copy URL Twitter E-mail

General

Target

84e8f0d140ea5c237cdd559fd4e6ba45d7c12edbf007ccf2e8ec74f8d8d92794
Size

191KB
MD5

13c4a79ad2d4009a6f4ef3fb1b568d1d
SHA1

248611ae91761307aef11d166845c11832d66ab9
SHA256

84e8f0d140ea5c237cdd559fd4e6ba45d7c12edbf007ccf2e8ec74f8d8d92794
SHA512

eda4d8627347def8b3e7b8ae1dcf0f7c93143a960e07c11ad40ff93ca64eac198ecbf90041c72168f1b16add53d28c199fa0dad52a17cf1da591117044486633
SSDEEP

3072:YQDv6NlXAooQuFR8mFzXQ2Qpn0czeoAeDmoE7Pj9vrmk/UY2GuQsLx5l+:YSv6wjDdhoVmB7PZzreEsNr+

Score

1^/10

Malware Config

Signatures

Files

84e8f0d140ea5c237cdd559fd4e6ba45d7c12edbf007ccf2e8ec74f8d8d92794
.exe windows:0 windows x86 arch:x86

c933904851039a567466ba8d96fb5c4b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:25:a3:a0:14:e5:9c:32:27:65:01:b6:81:f9:2d:5e:fb:87:3f:e4
Signer

Actual PE Digest

7a:25:a3:a0:14:e5:9c:32:27:65:01:b6:81:f9:2d:5e:fb:87:3f:e4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_resetstkoflw
_initterm
memmove
iswspace
wcsncat
qsort
_wtoi64
wcsstr
towlower
iswxdigit
wcstol
_wcsnicmp
_wtol
wcsrchr
wcscat
wcspbrk
wcsncpy
wcschr
wcscpy
_wcsicmp
bsearch
wcscmp
wcslen
_purecall
realloc
free
malloc

ntdll

RtlLookupElementGenericTableAvl
RtlAllocateHeap
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlCopySid
RtlLengthSid
RtlDeleteResource
RtlValidSid
RtlNumberGenericTableElementsAvl
RtlEnumerateGenericTableAvl
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
NtCreateFile
RtlFreeHeap
NtClose
RtlEqualSid
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlImageNtHeader
RtlInsertElementGenericTableAvl
RtlConvertExclusiveToShared
RtlInitString
RtlEnterCriticalSection
RtlLeaveCriticalSection
NtAllocateLocallyUniqueId
RtlInitializeCriticalSection
RtlInitializeResource
RtlConvertSharedToExclusive
RtlNtStatusToDosError
RtlDeleteCriticalSection

user32

wsprintfW
CharNextW
CharPrevW
GetDC
OpenIcon
OemToCharA
GetUpdateRect
UnregisterMessagePumpHook
SubtractRect
BroadcastSystemMessageExA
RemoveMenu
MapWindowPoints
TranslateMessageEx
GetPriorityClipboardFormat
ImpersonateDdeClientWindow
CreateCaret
SetMenuContextHelpId
GetClassInfoExA
RegisterMessagePumpHook
LoadIconA
SetProcessWindowStation
AdjustWindowRect
UnregisterClassW
SetActiveWindow
SetRectEmpty
CreateDialogParamA
SetWindowLongA
ReleaseCapture
GetCursorPos
VkKeyScanW
EmptyClipboard
GetClassWord
ToUnicodeEx
InSendMessageEx
CheckDlgButton
DestroyMenu
MoveWindow
PackDDElParam
SetWindowTextA
SetWindowPlacement
IsWinEventHookInstalled
SetTaskmanWindow
WinHelpA
SetUserObjectSecurity
IMPGetIMEW
UserLpkTabbedTextOut
MessageBoxExW
DrawMenuBar
SendInput
GetMonitorInfoW
GetMenuStringA
GetRawInputDeviceInfoW
DlgDirSelectComboBoxExA
SetWindowsHookExA
ShowCursor
EnumDisplayMonitors
SetClipboardViewer
DdeCmpStringHandles
CreateAcceleratorTableW
CreateDialogIndirectParamAorW
DrawTextA
GetRawInputBuffer
IsWindow
CalcMenuBar
CallMsgFilterW
LoadBitmapA
CheckMenuItem
GetDlgItemInt
RegisterClassExA
DdeGetData
GetActiveWindow
TranslateMDISysAccel
CtxInitUser32
SetWindowStationUser
MenuWindowProcA
DlgDirListA
EndPaint
SetClassLongA
PrivateExtractIconExW
IsRectEmpty
IsIconic
MonitorFromWindow
EnumDisplaySettingsExW
IsWindowEnabled
GetTabbedTextExtentW
FindWindowA
CreateDialogIndirectParamA
GetAppCompatFlags2
DdeEnableCallback
WinHelpW
GetDlgCtrlID
MonitorFromRect
EnableWindow
GetTopWindow
UpdateLayeredWindow
RegisterDeviceNotificationW
DispatchMessageW
AllowSetForegroundWindow
CreateDialogParamW
ShowCaret
EnumDesktopWindows
CloseWindowStation
SetClipboardData
SwitchDesktop
DestroyCaret
ClipCursor
DdeDisconnectList

kernel32

DelayLoadFailureHook
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
lstrcpyW
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
HeapDestroy
lstrcpynW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
lstrcatW
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LocalFree
LocalAlloc
CloseHandle
DeleteTimerQueueEx
CreateTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetCurrentThread
GetCurrentProcess
GetSystemTimeAsFileTime
GetFileAttributesW
GetVolumeInformationW
GetFileAttributesExW
CompareFileTime
DeleteFileW
CreateFileW
GetFullPathNameW
CompareStringW
SetLastError
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitializeEx
CoTaskMemFree

advapi32

AddAccessAllowedObjectAce
GetAclInformation
GetAce
IsValidSid
RegQueryValueExW
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CopySid
OpenProcessToken
DuplicateTokenEx
EqualDomainSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetTokenInformation
OpenThreadToken
SetThreadToken
GetLengthSid
CreateWellKnownSid
LsaOpenPolicy
LsaNtStatusToWinError
LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
ConvertStringSidToSidW
ConvertSidToStringSidW
LookupAccountSidW
LookupAccountNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AddAccessAllowedAceEx
SetSecurityDescriptorSacl
AddAuditAccessAceEx
MakeSelfRelativeSD
AdjustTokenPrivileges

authz

AuthzGetInformationFromContext
AuthziFreeAuditEventType
AuthziInitializeAuditEventType
AuthzFreeAuditEvent
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken
AuthzAddSidsToContext
AuthzFreeContext
AuthziFreeAuditParams
AuthzAccessCheck
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthziAllocateAuditParams
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditEvent
AuthziLogAuditEvent

rpcrt4

RpcStringFreeW
UuidCreate
UuidFromStringW
UuidToStringW

wininet

InternetCanonicalizeUrlW

ntdsapi

DsQuoteRdnValueW
DsBindW
DsUnBindW
DsCrackNamesW
DsFreeNameResultW

gdi32

GetTextCharset

msi

MsiVerifyPackageW
MsiGetDatabaseState
MsiViewGetErrorW
MsiProvideQualifiedComponentExA
MsiQueryProductStateA
MsiSourceListClearAllExA
MsiEnableLogA
MsiSetTargetPathA
MsiQueryFeatureStateFromDescriptorW
DllGetClassObject
MsiDeleteUserDataW
MsiSourceListEnumMediaDisksA
MsiEnableLogW
MsiSourceListClearMediaDiskA
MsiInstallMissingComponentW
MsiSourceListAddSourceExA
MsiReinstallFeatureFromDescriptorA
MsiSourceListGetInfoW
MsiVerifyDiskSpace
MsiInstallMissingFileA
MsiGetProductInfoFromScriptW
MsiConfigureFeatureW
MsiGetFeatureValidStatesA
MsiMessageBoxA
MsiGetProductCodeFromPackageCodeW
MsiNotifySidChangeW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c933904851039a567466ba8d96fb5c4b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

7a:25:a3:a0:14:e5:9c:32:27:65:01:b6:81:f9:2d:5e:fb:87:3f:e4Signer

Headers

File Characteristics

Imports

msvcrt

ntdll

user32

kernel32

ole32

advapi32

authz

rpcrt4

wininet

ntdsapi

gdi32

msi

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 141KB - Virtual size: 381KB

.reloc Size: 8KB - Virtual size: 67KB

.rsrc Size: 1024B - Virtual size: 628B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

7a:25:a3:a0:14:e5:9c:32:27:65:01:b6:81:f9:2d:5e:fb:87:3f:e4
Signer

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 141KB - Virtual size: 381KB

.reloc
Size: 8KB - Virtual size: 67KB

.rsrc
Size: 1024B - Virtual size: 628B