b88ed10ae95066643a0669b07afa0af3f8dde206e48af16b7fd4035ee8a0d7c4[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b88ed10ae95066643a0669b07afa0af3f8dde206e48af16b7fd4035ee8a0d7c4.exe
Size

201KB
MD5

a3d687fa9689a7fd5c70160c13fa3d0d
SHA1

ef3cc5d3ae239590755fafe3d7a8e59f3bc8a71b
SHA256

b88ed10ae95066643a0669b07afa0af3f8dde206e48af16b7fd4035ee8a0d7c4
SHA512

fc4d0c5171b5cba9c60c65c61612bef50b976b1c3e940d4ef4af226f52188350f77b544a8a9d624b08e33244edba18bb017195ad25e025d1ac3963ccd1885f6d
SSDEEP

6144:gt++Jbojf5Vq5OC4qZhZcKYhc/ZfUozYM:j+cff22qZhZcKYhc/3

Score

1^/10

Malware Config

Signatures

Files

b88ed10ae95066643a0669b07afa0af3f8dde206e48af16b7fd4035ee8a0d7c4.exe
.exe windows:4 windows x86 arch:x86

98aa7065495f35513795744857924eba

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-01-2007 00:00

Not After

15-02-2008 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFile
IsBadStringPtrW
CreateMailslotW
GetEnvironmentVariableA
GetWindowsDirectoryW
SetUnhandledExceptionFilter
lstrcpynW
GetTempPathW
GetLogicalDriveStringsA
ConnectNamedPipe
lstrcpyn
GetProcAddress
GetNumberFormatA
GetOEMCP
OpenMutexW
FileTimeToSystemTime
CreateEventW
GetModuleHandleA
CreateSemaphoreW
GetLongPathNameW
lstrcpy
SetCalendarInfoA
GetCommandLineW
DosDateTimeToFileTime
QueryPerformanceFrequency
FileTimeToLocalFileTime

user32

IsDlgButtonChecked
GetWindowTextA
GetWindowLongA
GetAsyncKeyState
GetActiveWindow
MonitorFromRect
GetMenuStringA
BringWindowToTop
CharUpperA
CheckMenuItem
GetActiveWindow
GetDlgItemTextW
GetParent
UpdateLayeredWindow
GetDCEx
GetMessageW
GetCursorPos
LoadMenuA

gdi32

SetArcDirection
ColorMatchToTarget
ExtFloodFill
LPtoDP
SetStretchBltMode
SetSystemPaletteUse
SetMiterLimit
ColorCorrectPalette
CopyEnhMetaFileW
SetWindowExtEx
ExtTextOutW
FillRgn
IntersectClipRect
CreateCompatibleDC
GetTextColor
SetViewportOrgEx
RestoreDC
PolylineTo

advapi32

RegReplaceKeyA
RegRestoreKeyA
RegDeleteValueA
RegEnumValueW
RegCreateKeyExA

shlwapi

UrlCombineA

comctl32

ImageList_SetFlags

wininet

SetUrlCacheEntryInfoA

winspool.drv

ConvertUnicodeDevModeToAnsiDevmode
EnumJobsA
AdvancedDocumentPropertiesW
SplDriverUnloadComplete
ExtDeviceMode
QuerySpoolMode
SetDefaultPrinterA
ConfigurePortA
GetPrinterDataExW
DeviceCapabilitiesA

wsock32

ntohs
dn_expand
rexec
getservbyport
GetNameByTypeA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.WjTd
Size: 1KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.H
Size: 3KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Grrl
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Lx
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eB
Size: 1KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98aa7065495f35513795744857924eba

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

wininet

winspool.drv

wsock32

Sections

.text Size: 12KB - Virtual size: 11KB

.WjTd Size: 1KB - Virtual size: 38KB

.H Size: 3KB - Virtual size: 31KB

.Grrl Size: 1KB - Virtual size: 4KB

.data Size: 10KB - Virtual size: 10KB

.Lx Size: 1KB - Virtual size: 34KB

.eB Size: 1KB - Virtual size: 269KB

.rsrc Size: 164KB - Virtual size: 163KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

.text
Size: 12KB - Virtual size: 11KB

.WjTd
Size: 1KB - Virtual size: 38KB

.H
Size: 3KB - Virtual size: 31KB

.Grrl
Size: 1KB - Virtual size: 4KB

.data
Size: 10KB - Virtual size: 10KB

.Lx
Size: 1KB - Virtual size: 34KB

.eB
Size: 1KB - Virtual size: 269KB

.rsrc
Size: 164KB - Virtual size: 163KB