API tools faq
paste
Advertisement
Guest User

Hacking Team Malware

a guest
Mar 23rd, 2014
2,202
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.91 KB | None | 0 0
raw download clone embed print report
  1. Hacking Team Malware and Certificate Info
  2.  
  3. CopyrightCopyright (c) 2012 Cypress Semiconductor Corporation
  4. Publisher sahiram
  5. Product Trackpad Bus Monitor
  6. File version 2.5.0.16
  7. Description Trackpad Bus Monitor
  8. Signature verification Signed file, verified signature
  9. Signers
  10. [+] sahiram
  11. [+] COMODO Code Signing CA 2
  12. [+] UTN-USERFirst-Object
  13. [+] USERTrust
  14.  
  15.  
  16.  
  17.  
  18. MD5 cb8259668b17059f1078227995aad4c2
  19. SHA-1 f86ac5954b6e1cbfc73a908b4a2f17570bb3f966
  20. SHA-256 d2d2824a63be0c29db8e63c6185ff0df24447c9457f617cf12e9a2c5a813ece3
  21. ssdeep 3072:4gYAULWesJeYjDez3G16gDcd8HR/K6HT53W//oESu7WaT6/Sr04AJ23c:4grQH/Y3ez37Mi6Hxw6slT6222 3c
  22. First submission 2013-11-11 21:39:12 UTC ( 4 months, 1 week ago )
  23. Last submission 2014-02-18 22:25:28 UTC ( 1 month ago )
  24. Filename DSCN21092013.exe 7cb779b8 (web) IT
  25.  
  26. Copyright(c) 2010 Dell Inc.
  27. Publisher sahiram
  28. Product QuickSet
  29. File version 11.1.27.2
  30. Description QuickSet
  31. Signature verification Signed file, verified signature
  32. Signers
  33. [+] sahiram
  34. [+] COMODO Code Signing CA 2
  35. [+] UTN-USERFirst-Object
  36. [+] USERTrust
  37.  
  38.  
  39. MD5 bf8aba6f7640f470a8f75e9adc5b940d
  40. SHA-1 9f3bcbee85dce5fa76ef278f697e9c6211c6983f
  41. SHA-256 b30e2d39ad6dc94d9c2995c5db38ab406d4475ff22a68a26ebaeeb5240fb17de
  42. ssdeep 3072:YJWuuWkxZ9xxNqMa2i3sJDcrGNWkAXZpRQOn7TJ9X4V6FzXQ5PiN+OgAVeAtNpes:YA735xjLaa0gOgtZni jMcD8mtv
  43. imphash 20424e5d42a86b17a3901dad94acb6b4
  44. Size 229.9 KB (235416 bytes)
  45. Type Win32 EXE
  46. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  47. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  48. Detection ratio 3 / 49
  49. First submission 2014-02-07 17:28:31 UTC ( 1 month, 1 week ago )
  50. Last submission 2014-02-18 22:24:45 UTC ( 1 month ago )
  51.  
  52. Filename 2014-02-07 17:28:31 quickset.exe e9c5c898 (web) DE
  53.  
  54. Copyright(c) 2010 Dell Inc.
  55. Publisher sahiram
  56. Product QuickSet
  57. File version 11.1.27.2
  58. Description QuickSet
  59. Signature verification Signed file, verified signature
  60. Signers
  61. [+] sahiram
  62. [+] COMODO Code Signing CA 2
  63. [+] UTN-USERFirst-Object
  64. [+] USERTrust
  65.  
  66. Also submitted with this:
  67. 2014-02-07 18:01:47 bb.wma.exe e9c5c898 (web) DE
  68.  
  69. MD5 b4f1a5d253ca612d0f0e14f4cf3e74db
  70. SHA-1 62af09d47fc1ba21217a22cfb7ae66e19a095e55
  71. SHA-256 4d433c12f8008a1b5e1a1b1e88949721ce3a3e5b5986bd2f6ad5e5719ae965e8
  72. ssdeep 3072:egXdZt9P6D3XJxMxQNu7eLj7XijTB6us6fjI899Titxp3pBk5ricgO:ee34oxQNjXXijTB62I8mtxpZBgri cd
  73. imphash 7fa974366048f9c551ef45714595665e
  74. Size 165.8 KB (169755 bytes)
  75. Type Win32 EXE
  76. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  77. TrID NSIS - Nullsoft Scriptable Install System (94.8%) Win32 Executable MS Visual C++ (generic) (3.4%) Win32 Dynamic Link Library (generic) (0.7%) Win32 Executable (generic) (0.5%) Generic Win/DOS Executable (0.2%)
  78.  
  79.  
  80. Packers identified F-PROT NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS
  81. PE header basic information
  82. Target machine Intel 386 or later processors and compatible processors
  83. Compilation timestamp 2009-12-05 22:50:52
  84. Link date 11:50 PM 12/5/2009
  85. Entry Point 0x000030FA
  86. Number of sections 5
  87.  
  88.  
  89.  
  90.  
  91. ## https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/
  92.  
  93. cd1fe50dbde70fb2f20d90b27a4cfe5676fa0e566a4ac14dc8dfd5c232b93933 veryimportant.doc
  94. The executable code is downloaded from: http://ar-24.com/0000000031/veryimportant.doc3
  95.  
  96. 277cae7c249cb22ae43a605fbe901a0dc03f11e006b02d53426a6d11ad241a74 veryimportant.doc3
  97.  
  98. On execution, “veryimportant.doc3” writes the following files to disk:
  99.  
  100. C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\dXRhzmn8.nmN
  101. C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\V46lMhsH.shv
  102. C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\uVvJfjYa.YjG
  103. C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\m0CRIsaV.as_
  104. C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\iZ90AoPk.Pos
  105. C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\0j-GU9H4.H9C
  106.  
  107. The following command is run, executing the file: “V46lMhsH.shv”
  108.  
  109. C:\WINDOWS\System32\rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\V46lMhsH.shv”,F7ed728
  110. This then infects the following processes:
  111.  
  112. explorer.exe
  113. iexplore.exe
  114. wscntfy.exe
  115. reader_sl.exe
  116. VMwareUser.exe
  117.  
  118. A registry key is added which ensures the persistence of the backdoor after reboot:
  119.  
  120. HKU\s-1-5-21-1177238915-1336601894-725345543-500\software\microsoft\windows\currentversion\run\*U1o4r7M C:\WINDOWS\system32\rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\V46lMhsH.shv”,F7ed728 REG_EXPAND_SZ 0
  121. The file “V46lMhsH.shv” appears to perform the main backdoor functionality:
  122.  
  123. 1df1bd11154224bcf015db8980a3c490b1584f49d4a34dde19c19bc0662ebda2 V46lMhsH.shv
  124.  
  125. The Windows implant includes a signed AMD64 driver. The certificate was issued by Verisign to “OPM Security Corporation”.
  126.  
  127. CommonName: OPM Security Corporation
  128. Status: Valid
  129. Validity (GMT): Mar 28, 2012 – Mar 28, 2015
  130. Class: Digital ID Class 3 – Software Validation
  131. Organization: OPM Security Corporation
  132. Organizational Unit: Digital ID Class 3 – Microsoft Software Validation v2 Applications
  133. State: Panama
  134. City/Location: Panama
  135. Country: PA
  136. Serial Number: 21f33716e4db06fcf8641e0287e1e657
  137. Issuer Digest: 4bc6f9b106c333db6c6a5b28e6738f7e
  138. OPM security appears to be a Panama based company:8
  139.  
  140. Calle 50 Edificio Credicorpbank, Office 604
  141. Panama
  142. Republic of Panamá
  143. Telephone +507-832-7893
  144.  
  145. Payload: Downloads a second stage from http://62.109.31.96/0000000025/1.doc2. The second stage downloads a Hacking Team RCS payload from http://62.109.31.96/0000000025/0000000025.exe.
  146. Analysis: The exploit uses LZMA compression. The metadata is almost identical to that of Exploit 5.
  147.  
  148. MD5 6edb63325ed83e1f8166e3147a9f162a
  149. SHA1 d5056edd306d26e7baef0f28bc389af0eefcb144
  150. SHA256: 1a89b84dc91bbb93ebe90fc1a6b5b2e4d3ffe761cc948977f0a0c0ba11eda7ea
  151. File name: 12433701
  152.  
  153. Authenticode signature block
  154. CopyrightCopyright (c) Intel Corporation 2009-2010
  155. Publisher Kamel Abed
  156. Product IAStorIcon
  157. Version 10.1.0.1008
  158. File version 10.1.0.1008
  159. Description IAStorIcon
  160. Signature verification A certificate was explicitly revoked by its issuer.
  161. Signers
  162. [+] Kamel Abed
  163. [+] GlobalSign CodeSigning CA - G2
  164. [+] GlobalSign
  165. Target machine Intel 386 or later processors and compatible processors
  166. Compilation timestamp 2012-12-12 12:36:23
  167. Link date 1:36 PM 12/12/2012
  168. Entry Point 0x000030E7
  169. Number of sections 5
  170.  
  171. ### Same signer as above ###
  172. MD5 72215df1a69e4de5f9a825201e273677
  173. SHA-1 22e76fd0b11c8416e6805f455be51230c7c5c37b
  174. SHA-256 f50e12470f8147583b8f2b4b5e3e053c4f9243b2074993b8ad1279d50f846ce3
  175. ssdeep 12288:uPH+ZkgAB9+2mr7uWsHPlllhllGllXlxlZLIyGyEJqDit:AEkP9WdKoEJv
  176. imphash b9cebfed2939781ff349987e0ea28847
  177. Size 564.3 KB (577792 bytes)
  178. Type Win32 EXE
  179. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  180. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  181. Detection ratio 17 / 34
  182. First submission 2014-02-10 21:48:09 UTC ( 1 month, 1 week ago )
  183. Last submission 2014-02-10 21:48:09 UTC ( 1 month, 1 week ago )
  184.  
  185.  
  186. MD5 71bc0694f8301b7e0929b773c1a3e6ee
  187. SHA-1 b4e52c97dceda556a42a24f759d25c392f60cf67
  188. SHA-256 33c5e9cd997e9d9ab83b402703e3649f6b8e580042f1197e6b73ea5693b523e3
  189. ssdeep 6144:rPH+NzkgAB9+2hObr7/wy1O3Ne8dNZI20ve29YA0/:rPH+ZkgAB9+2mr7r1y7N+20W299w
  190. imphash b9cebfed2939781ff349987e0ea28847
  191. Size 416.3 KB (426240 bytes)
  192. Type Win32 EXE
  193. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  194. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  195. Detection ratio 35 / 50
  196. First submission 2014-02-10 18:58:03 UTC ( 1 month, 1 week ago )
  197. Last submission 2014-02-19 16:48:44 UTC ( 1 month ago )
  198.  
  199. MD5 946ea5bd506d1ad1d6fac3de1e010cd3
  200. SHA-1 401446bc89d641da1e3b545a5a5af35f6882c8f2
  201. SHA-256 d7364785cef732b41894f3d4523d28a396944dc1de8fbbc6a0df5a0b6aeb887e
  202. ssdeep 6144:KPH+NzkgAB9+2hObr7s+sdooACc3ddrWA0+:KPH+ZkgAB9+2mr7mNATLnl
  203. imphash b9cebfed2939781ff349987e0ea28847
  204. Size 296.3 KB (303360 bytes)
  205. Type Win32 EXE
  206. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  207. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  208. Detection ratio 35 / 50
  209. First submission 2013-05-24 21:12:15 UTC ( 10 months ago )
  210. Last submission 2014-03-07 07:58:25 UTC ( 2 weeks, 2 days ago )
  211.  
  212. MD5 6f2b145f3d078762daa7e0d33b18ad11
  213. SHA-1 4bcd7d27506a0c7c235ea6ee444d7ce30647ae18
  214. SHA-256 2e5fbffd9b5edf34d4e317957aaf2fb4304f10724d3f394812f9bc08dc81537c
  215. ssdeep 6144:xPH+NzkgAB9+2hObr7C+y1O3Ne8dNZI20ve29YA0i:xPH+ZkgAB9+2mr7U1y7N+20W299l
  216. imphash b9cebfed2939781ff349987e0ea28847
  217. Size 417.3 KB (427304 bytes)
  218. Type Win32 EXE
  219. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  220. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  221. Detection ratio 35 / 48
  222. First submission 2013-09-20 23:15:07 UTC ( 6 months ago )
  223. Last submission 2014-03-07 07:58:40 UTC ( 2 weeks, 2 days ago )
  224.  
  225. MD5 f8abcba6172d31a6602a85d7fcd30454
  226. SHA-1 75391db8c7ead630becdceb6e7f80a05501a515b
  227. SHA-256 8293e0ef81cbda78ece813824ddc6d156efc9dad10254743d8ddddc511217283
  228. ssdeep 6144:MPH+NzkgAB9+2hObr7L+y1O3Ne8dNZI20ve29YA0L:MPH+ZkgAB9+2mr7d1y7N+20W2994
  229. imphash b9cebfed2939781ff349987e0ea28847
  230. Size 417.3 KB (427304 bytes)
  231. Type Win32 EXE
  232. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  233. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  234. Detection ratio 37 / 50
  235. First submission 2013-09-13 07:40:11 UTC ( 6 months, 1 week ago )
  236. Last submission 2014-03-07 07:58:48 UTC ( 2 weeks, 2 days ago )
  237.  
  238. MD5 f97ffa555493fc3c563322a249f0b557
  239. SHA-1 c46921df74112bc3a59b98d3d7d759096ed86d80
  240. SHA-256 3c8ba40fb1847def3f6f599626f8b2d1a3516e9313ce244239b93c9c69d396d3
  241. ssdeep 12288:1PH+ZkgAB9+2mr76sHPlllhllGllXlxlZLIyGyEJqDiO:5EkP9WuKoEJM
  242. imphash b9cebfed2939781ff349987e0ea28847
  243. Size 565.3 KB (578856 bytes)
  244. Type Win32 EXE
  245. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  246. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  247. Detection ratio 34 / 50
  248. First submission 2013-02-25 18:52:38 UTC ( 1 year ago )
  249. Last submission 2014-03-07 07:59:06 UTC ( 2 weeks, 2 days ago )
  250.  
  251. MD5 bf080077d9d3c362e1f5c2b9e771fb8c
  252. SHA-1 2b48e38a5dbf9d87ce6e4cf583d7552198fb5778
  253. SHA-256 5bf7f44273b84bbf13d8f84ba76d473956e1fc73ccb2af61d3b095db7cc0aa44
  254. ssdeep 12288:9TWpQRAx187876LsHPlllhllGllXlxlZLIyGyEJqDgR:VyQa1XmKoEJZ
  255. imphash 57622ee668b6c21ee0f7f1a2d6941780
  256. Size 564.3 KB (577832 bytes)
  257. Type Win32 EXE
  258. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  259. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  260. Detection ratio 32 / 48
  261. First submission 2013-06-25 11:23:55 UTC ( 9 months ago )
  262. Last submission 2014-03-14 11:51:20 UTC ( 1 week, 2 days ago )
  263.  
  264. MD5 66741da348171175d7be67b8b0e01318
  265. SHA-1 beb163d816b5a87eb7505b83d46247b5cc0738bc
  266. SHA-256 e0be88ec83d63823f5fde48002131a6f2fa5e4a232a55ecf1d5630dbbfa2bd9d
  267. ssdeep 6144:EPH+NzkgAB9+2hObr7s+y1O3Ne8dNZI20ve29YA0G:EPH+ZkgAB9+2mr7a1y7N+20W2991
  268. imphash b9cebfed2939781ff349987e0ea28847
  269. Size 417.3 KB (427304 bytes)
  270. Type Win32 EXE
  271. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  272. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  273. Detection ratio 37 / 50
  274. First submission 2013-02-04 12:32:38 UTC ( 1 year, 1 month ago )
  275. Last submission 2014-03-14 12:25:37 UTC ( 1 week, 2 days ago )
  276.  
  277. MD5 bed5b4149280c159247f169a45c6d780
  278. SHA-1 501eb02b5722d63af172a2ec43febebcc7d548d4
  279. SHA-256 228d69d344c202515841380b1cd9671aa34ffb925abda3b0c52c4505d3de95da
  280. ssdeep 12288:sPH+ZkgAB9+2mr7ZsHPlllhllGllXlxlZLIyGyEJqDiQ:iEkP9WFKoEJW
  281. imphash b9cebfed2939781ff349987e0ea28847
  282. Size 564.3 KB (577792 bytes)
  283. Type Win32 EXE
  284. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  285. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  286. Detection ratio 38 / 50
  287. First submission 2013-02-26 18:04:11 UTC ( 1 year ago )
  288. Last submission 2014-03-14 12:30:11 UTC ( 1 week, 2 days ago )
  289.  
  290.  
  291. MD5 c18ec79c933d8dec08c92de1139d9972
  292. SHA-1 ba1346c0539e5151a1e45f40b34aa711895a355d
  293. SHA-256 ee632186cc7417abb7517f69650235ba885c96d7f20be79a404287603041e9ba
  294. ssdeep 6144:xNL6w9QRAoaw8Xwsimhkmo30MrbIru1LloMqNmgqJ:x8oQWhwmIkMr8SFy/mgqJ
  295. imphash 59edde489e5489a45a01913ecf65cb4e
  296. Size 226.5 KB (231944 bytes)
  297. Type Win32 EXE
  298. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  299. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  300. Detection ratio 25 / 50
  301. First submission 2013-04-24 17:02:10 UTC ( 11 months ago )
  302. Last submission 2014-02-17 19:30:16 UTC ( 1 month ago )
  303. CopyrightCopyright (c) Microsoft Corporation.All rights reserved.
  304. Publisher Andrea Renzo Torello Viera
  305. Product Microsoft Silverlight Out-of-Browser Launcher
  306. File version 5.1.10411.3
  307. Description Microsoft Silverlight Out-of-Browser Launcher
  308. Signature verification A certificate was explicitly revoked by its issuer.
  309. Signers
  310. [+] Andrea Renzo Torello Viera
  311. [+] DigiCert Assured ID Code Signing CA-1
  312. [+] DigiCert
  313.  
  314. MD5 702ba96ac299e62a20c3c5c015599021
  315. SHA-1 7e94b0c8afd6c86a11143bee96affde1136d78ff
  316. SHA-256 777198bad04b3694f4c292de5e5dfc21d338c7c3a52f3e31be2957c5f50cf0be
  317. ssdeep 12288:EvxT7QsUm0iPKujlaOOHHocwwwwwwwwwwww45uN7qm6ozUF2utgfWZlEUCy:EvGsUmRPKujlaOOHHDwwww wwwwwwww7o
  318. imphash 59edde489e5489a45a01913ecf65cb4e
  319. Size 624.0 KB (638984 bytes)
  320. Type Win32 EXE
  321. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  322. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  323. Detection ratio 8 / 50
  324. First submission 2013-09-09 06:35:08 UTC ( 6 months, 2 weeks ago )
  325. Last submission 2014-02-18 15:33:11 UTC ( 1 month ago )
  326.  
  327. MD5 cf0ad0117aab82c222b319c80db36dee
  328. SHA-1 1739605376619d0abf7b2bd7931055fda3672345
  329. SHA-256 cebecae925e00dc9dc24078653a9a7f5e1fbc6d7072f3a410217d30abfc8e583
  330. ssdeep 6144:mN4HN6SxOBgH0vVzJq3aWg8CZwKNXRJjiil5DCyTb8K:bcgUvxyHg7iKNXDh5DCyTb8K
  331. imphash 59edde489e5489a45a01913ecf65cb4e
  332. Size 476.0 KB (487432 bytes)
  333. Type Win32 EXE
  334. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  335. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  336. Detection ratio 7 / 50
  337. First submission 2013-09-30 09:16:58 UTC ( 5 months, 3 weeks ago )
  338. Last submission 2014-02-18 22:25:46 UTC ( 1 month ago )
  339. Publisher Andrea Renzo Torello Viera
  340. Product PowerDVD RC Service
  341. File version 9.0.3401.1
  342. Description PowerDVD RC Service
  343. Signature verification A certificate was explicitly revoked by its issuer.
  344. Signers
  345. [+] Andrea Renzo Torello Viera
  346. [+] DigiCert Assured ID Code Signing CA-1
  347. [+] DigiCert
  348.  
  349. MD5 b04ab81b9b796042c46966705cd2d201
  350. SHA-1 286da1942254f51baaf277577dcb1b559dda1757
  351. SHA-256 5cb1b01f62cb2310a2a8a3a6da5cb90f994f7600ccbd03e6e36f25510236fecc
  352. ssdeep 6144:Xo3VENfnfMjVkMhWdg+CZJUFCSu4Aq44444447UXIj:Xo3y1nfMjVkMhIg3ZJUFZakIj
  353. imphash e42646af54f7999fc51fc06c9287d5ec
  354. Size 247.8 KB (253712 bytes)
  355. Type Win32 EXE
  356. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  357. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  358. Detection ratio 14 / 50
  359. First submission 2014-01-16 04:22:04 UTC ( 2 months ago )
  360. Last submission 2014-02-25 22:20:35 UTC ( 3 weeks, 4 days ago )
  361. Copyright(c) 2012 Cypress Semiconductor Inc. All rights reserved.
  362. Publisher sahiram
  363. Product Trackpad Gesture Engine Monitor
  364. File version 2.5.0.16
  365. Description Trackpad Gesture Engine Monitor
  366. Signature verification Signed file, verified signature
  367. Signers
  368. [+] sahiram
  369. [+] COMODO Code Signing CA 2
  370. [+] USERTrust
  371.  
  372. MD5 5ff61876e3fa55128554e413e77c3e55
  373. SHA-1 8435d815385275cf90d8e037b58988a07f6c07b7
  374. SHA-256 c0966884a98d963ab50de87eca7e6e92a82bb621b1dab61a71b3e29c02ac6e36
  375. ssdeep 3072:6T+/nDWbsXmYRVwsh+VG4Dc79d9vp1PHTT29xv2pF/DKSrMCUNQBy1QjDQ6i:6TuDW9YPwshvpzJ3PHOXWP Qj1P6i
  376. imphash e76afd8b61a3ffcd4dd177acb90633de
  377. Size 239.5 KB (245256 bytes)
  378. Type Win32 EXE
  379. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  380. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  381. Detection ratio 30 / 50
  382. First submission 2013-09-12 16:59:38 UTC ( 6 months, 1 week ago )
  383. Last submission 2014-03-14 12:42:08 UTC ( 1 week, 2 days ago )
  384. CopyrightCopyright (c) Microsoft Corporation.All rights reserved.
  385. Publisher Andrea Renzo Torello Viera
  386. Product Microsoft (r) Windows Live ID Service Monitor
  387. File version 7.250.4225.2
  388. Description Microsoft (r) Windows Live ID Service Monitor
  389. Signature verification A certificate was explicitly revoked by its issuer.
  390. Signers
  391. [+] Andrea Renzo Torello Viera
  392. [+] DigiCert Assured ID Code Signing CA-1
  393. [+] DigiCert
  394.  
  395. MD5 c17e788e28d47891f94c64739ee7fffb
  396. SHA-1 0e326c39c91efeff1d045bec3c7e7c38405d0430
  397. SHA-256 9577aabf5e31af1409e2abe8c29ac918d7f8784dec75b4088a60fce6a45e9fc7
  398. ssdeep 3072:Fx2z5je7c5YH6NwXendUsb6QKHYDwxJf1zMZr7aRdTbbbKXMDTXy56nXiOdZ6aSU:L7cyaNw8H1SRNMB7aD mkTXUeXiOqMJ
  399. imphash 59edde489e5489a45a01913ecf65cb4e
  400. Size 227.5 KB (232968 bytes)
  401. Type Win32 EXE
  402. Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
  403. TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
  404. Detection ratio 21 / 46
  405. First submission 2013-06-22 02:52:09 UTC ( 9 months ago )
  406. Last submission 2014-02-14 03:57:31 UTC ( 1 month, 1 week ago )
  407. CopyrightCopyright (c) Microsoft Corporation.All rights reserved.
  408. Publisher Andrea Renzo Torello Viera
  409. Product Microsoft Silverlight Out-of-Browser Launcher
  410. File version 5.1.10411.3
  411. Description Microsoft Silverlight Out-of-Browser Launcher
  412. Signature verification A certificate was explicitly revoked by its issuer.
  413. Signers
  414. [+] Andrea Renzo Torello Viera
  415. [+] DigiCert Assured ID Code Signing CA-1
  416. [+] DigiCert
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!