947575cba1b1ffeda1e3cbb765c219bd2ecc7a1a91eba1e721255dae4528e670[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

947575cba1b1ffeda1e3cbb765c219bd2ecc7a1a91eba1e721255dae4528e670.exe
Size

671KB
MD5

a5061d94383fb1fd3d259cf335ff0c5b
SHA1

6672cdc9c160235bacdc4e0995541c29d55ca4fc
SHA256

947575cba1b1ffeda1e3cbb765c219bd2ecc7a1a91eba1e721255dae4528e670
SHA512

a19425b5217492a25c2cdd8b65bac9ec4c94cfea1c49c1e8f4270d29cc54390df0ad4aa16d60e1f43207a4158bb0421214a8dd5c208857c213b38a56dd087195
SSDEEP

6144:pl2lQM1Q9Ix/ADJHo0Sdw6nu7RlJj3zzbgykcNPfLjJGHIwjGk9sHY5/gkz14IZ1:DniYHRj3zzFtZGxzb5/xCtD/1yGcP

Score

1^/10

Malware Config

Signatures

Files

947575cba1b1ffeda1e3cbb765c219bd2ecc7a1a91eba1e721255dae4528e670.exe
.exe windows:4 windows x86 arch:x86

971e32bc69f14f9272d4290df2269a8d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:f7:2a:8b:f2:40:9b:90:df:af:ec:6b:a5:7e:c6:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/11/2011, 00:00

Not After

08/11/2014, 23:59

Subject

CN=STOPzilla,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technology,O=STOPzilla,L=Boynton Beach,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:46:cd:9b:d7:8b:fa:ab:42:d0:5a:86:c9:a0:cd:94:0d:16:c2:44
Signer

Actual PE Digest

36:46:cd:9b:d7:8b:fa:ab:42:d0:5a:86:c9:a0:cd:94:0d:16:c2:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringW
GetModuleHandleA
GlobalFlags
TlsGetValue
GlobalReAlloc
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
IsProcessorFeaturePresent
InterlockedCompareExchange
GetVolumeInformationW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
VirtualProtect
FreeResource
LocalFree
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
ConvertDefaultLocale
GetVersion
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetPrivateProfileStringW
lstrcpyW
ReadProcessMemory
EnumResourceLanguagesW
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryW
GetShortPathNameW
GetFullPathNameW
lstrlenA
FormatMessageW
InterlockedExchangeAdd
CreateThread
TerminateThread
ResumeThread
SuspendThread
MoveFileW
Sleep
EnumResourceNamesW
FindResourceExW
GetLogicalDriveStringsW
GetDriveTypeW
QueryDosDeviceW
CreateDirectoryW
GetWindowsDirectoryW
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
ExpandEnvironmentStringsW
GetTempPathW
WideCharToMultiByte
OpenProcess
DuplicateHandle
CloseHandle
GetVersionExW
GlobalHandle
GlobalFree
LocalAlloc
OutputDebugStringW
LoadLibraryExW
FreeLibrary
SetLastError
GlobalLock
GlobalUnlock
GetModuleFileNameW
MulDiv
lstrcmpW
SetPriorityClass
GetCurrentThread
SetThreadPriority
GetCurrentThreadId
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
GlobalAlloc
FlushInstructionCache
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleW
GetProcAddress
GetCurrentProcess
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
RaiseException

user32

GetClassLongW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
SetForegroundWindow
GetMenu
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetPropW
GetCapture
GetPropW
RemovePropW
GetAsyncKeyState
SetActiveWindow
CreateDialogIndirectParamW
UnhookWindowsHookEx
GetMenuItemID
WinHelpW
GetSubMenu
MessageBoxW
SetWindowLongW
UnregisterClassA
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetNextDlgTabItem
SetWindowContextHelpId
MapDialogRect
GetWindowRect
SystemParametersInfoW
MapWindowPoints
ShowWindow
EndDialog
UpdateWindow
LoadIconW
KillTimer
SetTimer
PostMessageW
SendDlgItemMessageA
SendDlgItemMessageW
IsDialogMessageW
CharNextW
CharUpperW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetSysColorBrush
UnregisterClassW
DestroyMenu
GetMenuItemCount
DefWindowProcW
wsprintfW
GetSysColor
MoveWindow
EnableWindow
GetActiveWindow
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetSystemMetrics
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos

gdi32

EnumFontFamiliesExW
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
CreateBitmap
PtVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
ImpersonateSelf
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
IsValidSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
EqualSid

shell32

ShellExecuteExW
ShellExecuteW

ole32

OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantChangeType
GetErrorInfo

msi

ord118
ord158
ord159
ord160
ord32
ord66
ord90
ord92
ord173
ord70
ord8

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW
PathStripPathW
PathRemoveExtensionW
SHDeleteKeyW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetOpenUrlW
InternetSetOptionW
HttpSendRequestA
HttpOpenRequestW
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW

Sections

.text
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

971e32bc69f14f9272d4290df2269a8d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

42:f7:2a:8b:f2:40:9b:90:df:af:ec:6b:a5:7e:c6:d1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

36:46:cd:9b:d7:8b:fa:ab:42:d0:5a:86:c9:a0:cd:94:0d:16:c2:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

ole32

oleaut32

msi

shlwapi

version

wininet

rpcrt4

Sections

.text Size: 320KB - Virtual size: 317KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 168KB - Virtual size: 166KB

.reloc Size: 44KB - Virtual size: 41KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

42:f7:2a:8b:f2:40:9b:90:df:af:ec:6b:a5:7e:c6:d1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

36:46:cd:9b:d7:8b:fa:ab:42:d0:5a:86:c9:a0:cd:94:0d:16:c2:44
Signer

.text
Size: 320KB - Virtual size: 317KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 168KB - Virtual size: 166KB

.reloc
Size: 44KB - Virtual size: 41KB