2d54c7cdd38bfaf7ceddc167d84c93a8b4ddf6553bb8fe0689fcf54bd2627438

Sharing

Copy URL

Twitter E-mail

General

Target

2d54c7cdd38bfaf7ceddc167d84c93a8b4ddf6553bb8fe0689fcf54bd2627438
Size

394KB
MD5

98cb5876b9eec6f9001e63232a23fd81
SHA1

78ec03f83e565b912e434b4b576462900501265a
SHA256

2d54c7cdd38bfaf7ceddc167d84c93a8b4ddf6553bb8fe0689fcf54bd2627438
SHA512

e1673ca4d38f14e035723c569118ce9c6dd520d2f4206d74d49140ce1a1fe6f1ebb1cba4735d9a285450b384565a96228628da5f93e2b5308587920ea452a9d8
SSDEEP

6144:vrdWssVvjkwIoawy206BJnBOwl+TV0kOiifNVBSKBV+UdvrEFp7hKcca:v0sUApoaylBnOFhIiifn5BjvrEH7Nt

Score

1^/10

Malware Config

Signatures

Files

2d54c7cdd38bfaf7ceddc167d84c93a8b4ddf6553bb8fe0689fcf54bd2627438
.exe windows:5 windows x86 arch:x86

d0c51893a1980a1f897e3d11ac6bea46

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21-03-2008 00:00

Not After

23-04-2011 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:32:18:19:fd:bd:b6:d1:fc:32:8b:ec:3c:79:a2:cf:e0:78:2a:90
Signer

Actual PE Digest

da:32:18:19:fd:bd:b6:d1:fc:32:8b:ec:3c:79:a2:cf:e0:78:2a:90

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ccViews\autobuild1_BR-1010-00QP_7.0_Snapshot\AMT_Development\SW\Src\Services\LMS\Release\LMS.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

ws2_32

htons
connect
select
__WSAFDIsSet
ioctlsocket
bind
listen
socket
setsockopt
WSAAccept
freeaddrinfo
accept
shutdown
closesocket
getsockname
WSAStartup
ntohl
htonl
ntohs
WSACreateEvent
WSAGetLastError
WSACloseEvent
WSAResetEvent
WSAAddressToStringA
WSASetEvent
recv
send
getpeername
getaddrinfo

iphlpapi

GetExtendedTcpTable
GetAdaptersAddresses
NotifyAddrChange
SetTcpEntry

dnsapi

DnsModifyRecordsInSet_A

crypt32

CryptProtectData
CryptUnprotectData

kernel32

VirtualAlloc
HeapReAlloc
HeapCreate
HeapSize
GetConsoleCP
VirtualFree
GetLastError
WaitForSingleObject
FormatMessageA
GetComputerNameExA
CreateEventA
DuplicateHandle
GetCurrentProcess
CloseHandle
SetEvent
ResetEvent
CreateFileA
GetOverlappedResult
GetConsoleMode
WriteFile
DeviceIoControl
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
Sleep
GetVersionExA
GetModuleHandleA
SetConsoleCtrlHandler
LocalFree
GlobalFree
GlobalAlloc
GetStdHandle
AllocConsole
GetCurrentProcessId
CreateSemaphoreA
ReleaseSemaphore
GetCurrentThreadId
ResumeThread
GetTickCount
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetStartupInfoA
SetHandleCount
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetProcessHeap
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
ReadFile
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
RtlUnwind
HeapAlloc
HeapFree
ExitThread
CreateThread
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
GetFileType
DeleteFileA
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError

user32

RegisterDeviceNotificationA
DestroyWindow
CreateWindowExA
RegisterClassA
UnregisterDeviceNotification
DefWindowProcA

advapi32

CreateServiceA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerExA
StartServiceA
RegDeleteValueA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
ChangeServiceConfig2A
CloseServiceHandle
StartServiceCtrlDispatcherA
GetUserNameA
LookupAccountNameA
IsValidSid
GetLengthSid
CopySid

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0c51893a1980a1f897e3d11ac6bea46

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

da:32:18:19:fd:bd:b6:d1:fc:32:8b:ec:3c:79:a2:cf:e0:78:2a:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

ws2_32

iphlpapi

dnsapi

crypt32

kernel32

user32

advapi32

Sections

.text Size: 265KB - Virtual size: 265KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

da:32:18:19:fd:bd:b6:d1:fc:32:8b:ec:3c:79:a2:cf:e0:78:2a:90
Signer

.text
Size: 265KB - Virtual size: 265KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB