Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hacking Team Malware and Certificate Info
- CopyrightCopyright (c) 2012 Cypress Semiconductor Corporation
- Publisher sahiram
- Product Trackpad Bus Monitor
- File version 2.5.0.16
- Description Trackpad Bus Monitor
- Signature verification Signed file, verified signature
- Signers
- [+] sahiram
- [+] COMODO Code Signing CA 2
- [+] UTN-USERFirst-Object
- [+] USERTrust
- MD5 cb8259668b17059f1078227995aad4c2
- SHA-1 f86ac5954b6e1cbfc73a908b4a2f17570bb3f966
- SHA-256 d2d2824a63be0c29db8e63c6185ff0df24447c9457f617cf12e9a2c5a813ece3
- ssdeep 3072:4gYAULWesJeYjDez3G16gDcd8HR/K6HT53W//oESu7WaT6/Sr04AJ23c:4grQH/Y3ez37Mi6Hxw6slT6222 3c
- First submission 2013-11-11 21:39:12 UTC ( 4 months, 1 week ago )
- Last submission 2014-02-18 22:25:28 UTC ( 1 month ago )
- Filename DSCN21092013.exe 7cb779b8 (web) IT
- Copyright(c) 2010 Dell Inc.
- Publisher sahiram
- Product QuickSet
- File version 11.1.27.2
- Description QuickSet
- Signature verification Signed file, verified signature
- Signers
- [+] sahiram
- [+] COMODO Code Signing CA 2
- [+] UTN-USERFirst-Object
- [+] USERTrust
- MD5 bf8aba6f7640f470a8f75e9adc5b940d
- SHA-1 9f3bcbee85dce5fa76ef278f697e9c6211c6983f
- SHA-256 b30e2d39ad6dc94d9c2995c5db38ab406d4475ff22a68a26ebaeeb5240fb17de
- ssdeep 3072:YJWuuWkxZ9xxNqMa2i3sJDcrGNWkAXZpRQOn7TJ9X4V6FzXQ5PiN+OgAVeAtNpes:YA735xjLaa0gOgtZni jMcD8mtv
- imphash 20424e5d42a86b17a3901dad94acb6b4
- Size 229.9 KB (235416 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 3 / 49
- First submission 2014-02-07 17:28:31 UTC ( 1 month, 1 week ago )
- Last submission 2014-02-18 22:24:45 UTC ( 1 month ago )
- Filename 2014-02-07 17:28:31 quickset.exe e9c5c898 (web) DE
- Copyright(c) 2010 Dell Inc.
- Publisher sahiram
- Product QuickSet
- File version 11.1.27.2
- Description QuickSet
- Signature verification Signed file, verified signature
- Signers
- [+] sahiram
- [+] COMODO Code Signing CA 2
- [+] UTN-USERFirst-Object
- [+] USERTrust
- Also submitted with this:
- 2014-02-07 18:01:47 bb.wma.exe e9c5c898 (web) DE
- MD5 b4f1a5d253ca612d0f0e14f4cf3e74db
- SHA-1 62af09d47fc1ba21217a22cfb7ae66e19a095e55
- SHA-256 4d433c12f8008a1b5e1a1b1e88949721ce3a3e5b5986bd2f6ad5e5719ae965e8
- ssdeep 3072:egXdZt9P6D3XJxMxQNu7eLj7XijTB6us6fjI899Titxp3pBk5ricgO:ee34oxQNjXXijTB62I8mtxpZBgri cd
- imphash 7fa974366048f9c551ef45714595665e
- Size 165.8 KB (169755 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID NSIS - Nullsoft Scriptable Install System (94.8%) Win32 Executable MS Visual C++ (generic) (3.4%) Win32 Dynamic Link Library (generic) (0.7%) Win32 Executable (generic) (0.5%) Generic Win/DOS Executable (0.2%)
- Packers identified F-PROT NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS
- PE header basic information
- Target machine Intel 386 or later processors and compatible processors
- Compilation timestamp 2009-12-05 22:50:52
- Link date 11:50 PM 12/5/2009
- Entry Point 0x000030FA
- Number of sections 5
- ## https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/
- cd1fe50dbde70fb2f20d90b27a4cfe5676fa0e566a4ac14dc8dfd5c232b93933 veryimportant.doc
- The executable code is downloaded from: http://ar-24.com/0000000031/veryimportant.doc3
- 277cae7c249cb22ae43a605fbe901a0dc03f11e006b02d53426a6d11ad241a74 veryimportant.doc3
- On execution, “veryimportant.doc3” writes the following files to disk:
- C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\dXRhzmn8.nmN
- C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\V46lMhsH.shv
- C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\uVvJfjYa.YjG
- C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\m0CRIsaV.as_
- C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\iZ90AoPk.Pos
- C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\0j-GU9H4.H9C
- The following command is run, executing the file: “V46lMhsH.shv”
- C:\WINDOWS\System32\rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\V46lMhsH.shv”,F7ed728
- This then infects the following processes:
- explorer.exe
- iexplore.exe
- wscntfy.exe
- reader_sl.exe
- VMwareUser.exe
- A registry key is added which ensures the persistence of the backdoor after reboot:
- HKU\s-1-5-21-1177238915-1336601894-725345543-500\software\microsoft\windows\currentversion\run\*U1o4r7M C:\WINDOWS\system32\rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\V46lMhsH.shv”,F7ed728 REG_EXPAND_SZ 0
- The file “V46lMhsH.shv” appears to perform the main backdoor functionality:
- 1df1bd11154224bcf015db8980a3c490b1584f49d4a34dde19c19bc0662ebda2 V46lMhsH.shv
- The Windows implant includes a signed AMD64 driver. The certificate was issued by Verisign to “OPM Security Corporation”.
- CommonName: OPM Security Corporation
- Status: Valid
- Validity (GMT): Mar 28, 2012 – Mar 28, 2015
- Class: Digital ID Class 3 – Software Validation
- Organization: OPM Security Corporation
- Organizational Unit: Digital ID Class 3 – Microsoft Software Validation v2 Applications
- State: Panama
- City/Location: Panama
- Country: PA
- Serial Number: 21f33716e4db06fcf8641e0287e1e657
- Issuer Digest: 4bc6f9b106c333db6c6a5b28e6738f7e
- OPM security appears to be a Panama based company:8
- Calle 50 Edificio Credicorpbank, Office 604
- Panama
- Republic of Panamá
- Telephone +507-832-7893
- Payload: Downloads a second stage from http://62.109.31.96/0000000025/1.doc2. The second stage downloads a Hacking Team RCS payload from http://62.109.31.96/0000000025/0000000025.exe.
- Analysis: The exploit uses LZMA compression. The metadata is almost identical to that of Exploit 5.
- MD5 6edb63325ed83e1f8166e3147a9f162a
- SHA1 d5056edd306d26e7baef0f28bc389af0eefcb144
- SHA256: 1a89b84dc91bbb93ebe90fc1a6b5b2e4d3ffe761cc948977f0a0c0ba11eda7ea
- File name: 12433701
- Authenticode signature block
- CopyrightCopyright (c) Intel Corporation 2009-2010
- Publisher Kamel Abed
- Product IAStorIcon
- Version 10.1.0.1008
- File version 10.1.0.1008
- Description IAStorIcon
- Signature verification A certificate was explicitly revoked by its issuer.
- Signers
- [+] Kamel Abed
- [+] GlobalSign CodeSigning CA - G2
- [+] GlobalSign
- Target machine Intel 386 or later processors and compatible processors
- Compilation timestamp 2012-12-12 12:36:23
- Link date 1:36 PM 12/12/2012
- Entry Point 0x000030E7
- Number of sections 5
- ### Same signer as above ###
- MD5 72215df1a69e4de5f9a825201e273677
- SHA-1 22e76fd0b11c8416e6805f455be51230c7c5c37b
- SHA-256 f50e12470f8147583b8f2b4b5e3e053c4f9243b2074993b8ad1279d50f846ce3
- ssdeep 12288:uPH+ZkgAB9+2mr7uWsHPlllhllGllXlxlZLIyGyEJqDit:AEkP9WdKoEJv
- imphash b9cebfed2939781ff349987e0ea28847
- Size 564.3 KB (577792 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 17 / 34
- First submission 2014-02-10 21:48:09 UTC ( 1 month, 1 week ago )
- Last submission 2014-02-10 21:48:09 UTC ( 1 month, 1 week ago )
- MD5 71bc0694f8301b7e0929b773c1a3e6ee
- SHA-1 b4e52c97dceda556a42a24f759d25c392f60cf67
- SHA-256 33c5e9cd997e9d9ab83b402703e3649f6b8e580042f1197e6b73ea5693b523e3
- ssdeep 6144:rPH+NzkgAB9+2hObr7/wy1O3Ne8dNZI20ve29YA0/:rPH+ZkgAB9+2mr7r1y7N+20W299w
- imphash b9cebfed2939781ff349987e0ea28847
- Size 416.3 KB (426240 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 35 / 50
- First submission 2014-02-10 18:58:03 UTC ( 1 month, 1 week ago )
- Last submission 2014-02-19 16:48:44 UTC ( 1 month ago )
- MD5 946ea5bd506d1ad1d6fac3de1e010cd3
- SHA-1 401446bc89d641da1e3b545a5a5af35f6882c8f2
- SHA-256 d7364785cef732b41894f3d4523d28a396944dc1de8fbbc6a0df5a0b6aeb887e
- ssdeep 6144:KPH+NzkgAB9+2hObr7s+sdooACc3ddrWA0+:KPH+ZkgAB9+2mr7mNATLnl
- imphash b9cebfed2939781ff349987e0ea28847
- Size 296.3 KB (303360 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 35 / 50
- First submission 2013-05-24 21:12:15 UTC ( 10 months ago )
- Last submission 2014-03-07 07:58:25 UTC ( 2 weeks, 2 days ago )
- MD5 6f2b145f3d078762daa7e0d33b18ad11
- SHA-1 4bcd7d27506a0c7c235ea6ee444d7ce30647ae18
- SHA-256 2e5fbffd9b5edf34d4e317957aaf2fb4304f10724d3f394812f9bc08dc81537c
- ssdeep 6144:xPH+NzkgAB9+2hObr7C+y1O3Ne8dNZI20ve29YA0i:xPH+ZkgAB9+2mr7U1y7N+20W299l
- imphash b9cebfed2939781ff349987e0ea28847
- Size 417.3 KB (427304 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 35 / 48
- First submission 2013-09-20 23:15:07 UTC ( 6 months ago )
- Last submission 2014-03-07 07:58:40 UTC ( 2 weeks, 2 days ago )
- MD5 f8abcba6172d31a6602a85d7fcd30454
- SHA-1 75391db8c7ead630becdceb6e7f80a05501a515b
- SHA-256 8293e0ef81cbda78ece813824ddc6d156efc9dad10254743d8ddddc511217283
- ssdeep 6144:MPH+NzkgAB9+2hObr7L+y1O3Ne8dNZI20ve29YA0L:MPH+ZkgAB9+2mr7d1y7N+20W2994
- imphash b9cebfed2939781ff349987e0ea28847
- Size 417.3 KB (427304 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 37 / 50
- First submission 2013-09-13 07:40:11 UTC ( 6 months, 1 week ago )
- Last submission 2014-03-07 07:58:48 UTC ( 2 weeks, 2 days ago )
- MD5 f97ffa555493fc3c563322a249f0b557
- SHA-1 c46921df74112bc3a59b98d3d7d759096ed86d80
- SHA-256 3c8ba40fb1847def3f6f599626f8b2d1a3516e9313ce244239b93c9c69d396d3
- ssdeep 12288:1PH+ZkgAB9+2mr76sHPlllhllGllXlxlZLIyGyEJqDiO:5EkP9WuKoEJM
- imphash b9cebfed2939781ff349987e0ea28847
- Size 565.3 KB (578856 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 34 / 50
- First submission 2013-02-25 18:52:38 UTC ( 1 year ago )
- Last submission 2014-03-07 07:59:06 UTC ( 2 weeks, 2 days ago )
- MD5 bf080077d9d3c362e1f5c2b9e771fb8c
- SHA-1 2b48e38a5dbf9d87ce6e4cf583d7552198fb5778
- SHA-256 5bf7f44273b84bbf13d8f84ba76d473956e1fc73ccb2af61d3b095db7cc0aa44
- ssdeep 12288:9TWpQRAx187876LsHPlllhllGllXlxlZLIyGyEJqDgR:VyQa1XmKoEJZ
- imphash 57622ee668b6c21ee0f7f1a2d6941780
- Size 564.3 KB (577832 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 32 / 48
- First submission 2013-06-25 11:23:55 UTC ( 9 months ago )
- Last submission 2014-03-14 11:51:20 UTC ( 1 week, 2 days ago )
- MD5 66741da348171175d7be67b8b0e01318
- SHA-1 beb163d816b5a87eb7505b83d46247b5cc0738bc
- SHA-256 e0be88ec83d63823f5fde48002131a6f2fa5e4a232a55ecf1d5630dbbfa2bd9d
- ssdeep 6144:EPH+NzkgAB9+2hObr7s+y1O3Ne8dNZI20ve29YA0G:EPH+ZkgAB9+2mr7a1y7N+20W2991
- imphash b9cebfed2939781ff349987e0ea28847
- Size 417.3 KB (427304 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 37 / 50
- First submission 2013-02-04 12:32:38 UTC ( 1 year, 1 month ago )
- Last submission 2014-03-14 12:25:37 UTC ( 1 week, 2 days ago )
- MD5 bed5b4149280c159247f169a45c6d780
- SHA-1 501eb02b5722d63af172a2ec43febebcc7d548d4
- SHA-256 228d69d344c202515841380b1cd9671aa34ffb925abda3b0c52c4505d3de95da
- ssdeep 12288:sPH+ZkgAB9+2mr7ZsHPlllhllGllXlxlZLIyGyEJqDiQ:iEkP9WFKoEJW
- imphash b9cebfed2939781ff349987e0ea28847
- Size 564.3 KB (577792 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 38 / 50
- First submission 2013-02-26 18:04:11 UTC ( 1 year ago )
- Last submission 2014-03-14 12:30:11 UTC ( 1 week, 2 days ago )
- MD5 c18ec79c933d8dec08c92de1139d9972
- SHA-1 ba1346c0539e5151a1e45f40b34aa711895a355d
- SHA-256 ee632186cc7417abb7517f69650235ba885c96d7f20be79a404287603041e9ba
- ssdeep 6144:xNL6w9QRAoaw8Xwsimhkmo30MrbIru1LloMqNmgqJ:x8oQWhwmIkMr8SFy/mgqJ
- imphash 59edde489e5489a45a01913ecf65cb4e
- Size 226.5 KB (231944 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 25 / 50
- First submission 2013-04-24 17:02:10 UTC ( 11 months ago )
- Last submission 2014-02-17 19:30:16 UTC ( 1 month ago )
- CopyrightCopyright (c) Microsoft Corporation.All rights reserved.
- Publisher Andrea Renzo Torello Viera
- Product Microsoft Silverlight Out-of-Browser Launcher
- File version 5.1.10411.3
- Description Microsoft Silverlight Out-of-Browser Launcher
- Signature verification A certificate was explicitly revoked by its issuer.
- Signers
- [+] Andrea Renzo Torello Viera
- [+] DigiCert Assured ID Code Signing CA-1
- [+] DigiCert
- MD5 702ba96ac299e62a20c3c5c015599021
- SHA-1 7e94b0c8afd6c86a11143bee96affde1136d78ff
- SHA-256 777198bad04b3694f4c292de5e5dfc21d338c7c3a52f3e31be2957c5f50cf0be
- ssdeep 12288:EvxT7QsUm0iPKujlaOOHHocwwwwwwwwwwww45uN7qm6ozUF2utgfWZlEUCy:EvGsUmRPKujlaOOHHDwwww wwwwwwww7o
- imphash 59edde489e5489a45a01913ecf65cb4e
- Size 624.0 KB (638984 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 8 / 50
- First submission 2013-09-09 06:35:08 UTC ( 6 months, 2 weeks ago )
- Last submission 2014-02-18 15:33:11 UTC ( 1 month ago )
- MD5 cf0ad0117aab82c222b319c80db36dee
- SHA-1 1739605376619d0abf7b2bd7931055fda3672345
- SHA-256 cebecae925e00dc9dc24078653a9a7f5e1fbc6d7072f3a410217d30abfc8e583
- ssdeep 6144:mN4HN6SxOBgH0vVzJq3aWg8CZwKNXRJjiil5DCyTb8K:bcgUvxyHg7iKNXDh5DCyTb8K
- imphash 59edde489e5489a45a01913ecf65cb4e
- Size 476.0 KB (487432 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 7 / 50
- First submission 2013-09-30 09:16:58 UTC ( 5 months, 3 weeks ago )
- Last submission 2014-02-18 22:25:46 UTC ( 1 month ago )
- Publisher Andrea Renzo Torello Viera
- Product PowerDVD RC Service
- File version 9.0.3401.1
- Description PowerDVD RC Service
- Signature verification A certificate was explicitly revoked by its issuer.
- Signers
- [+] Andrea Renzo Torello Viera
- [+] DigiCert Assured ID Code Signing CA-1
- [+] DigiCert
- MD5 b04ab81b9b796042c46966705cd2d201
- SHA-1 286da1942254f51baaf277577dcb1b559dda1757
- SHA-256 5cb1b01f62cb2310a2a8a3a6da5cb90f994f7600ccbd03e6e36f25510236fecc
- ssdeep 6144:Xo3VENfnfMjVkMhWdg+CZJUFCSu4Aq44444447UXIj:Xo3y1nfMjVkMhIg3ZJUFZakIj
- imphash e42646af54f7999fc51fc06c9287d5ec
- Size 247.8 KB (253712 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 14 / 50
- First submission 2014-01-16 04:22:04 UTC ( 2 months ago )
- Last submission 2014-02-25 22:20:35 UTC ( 3 weeks, 4 days ago )
- Copyright(c) 2012 Cypress Semiconductor Inc. All rights reserved.
- Publisher sahiram
- Product Trackpad Gesture Engine Monitor
- File version 2.5.0.16
- Description Trackpad Gesture Engine Monitor
- Signature verification Signed file, verified signature
- Signers
- [+] sahiram
- [+] COMODO Code Signing CA 2
- [+] USERTrust
- MD5 5ff61876e3fa55128554e413e77c3e55
- SHA-1 8435d815385275cf90d8e037b58988a07f6c07b7
- SHA-256 c0966884a98d963ab50de87eca7e6e92a82bb621b1dab61a71b3e29c02ac6e36
- ssdeep 3072:6T+/nDWbsXmYRVwsh+VG4Dc79d9vp1PHTT29xv2pF/DKSrMCUNQBy1QjDQ6i:6TuDW9YPwshvpzJ3PHOXWP Qj1P6i
- imphash e76afd8b61a3ffcd4dd177acb90633de
- Size 239.5 KB (245256 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 30 / 50
- First submission 2013-09-12 16:59:38 UTC ( 6 months, 1 week ago )
- Last submission 2014-03-14 12:42:08 UTC ( 1 week, 2 days ago )
- CopyrightCopyright (c) Microsoft Corporation.All rights reserved.
- Publisher Andrea Renzo Torello Viera
- Product Microsoft (r) Windows Live ID Service Monitor
- File version 7.250.4225.2
- Description Microsoft (r) Windows Live ID Service Monitor
- Signature verification A certificate was explicitly revoked by its issuer.
- Signers
- [+] Andrea Renzo Torello Viera
- [+] DigiCert Assured ID Code Signing CA-1
- [+] DigiCert
- MD5 c17e788e28d47891f94c64739ee7fffb
- SHA-1 0e326c39c91efeff1d045bec3c7e7c38405d0430
- SHA-256 9577aabf5e31af1409e2abe8c29ac918d7f8784dec75b4088a60fce6a45e9fc7
- ssdeep 3072:Fx2z5je7c5YH6NwXendUsb6QKHYDwxJf1zMZr7aRdTbbbKXMDTXy56nXiOdZ6aSU:L7cyaNw8H1SRNMB7aD mkTXUeXiOqMJ
- imphash 59edde489e5489a45a01913ecf65cb4e
- Size 227.5 KB (232968 bytes)
- Type Win32 EXE
- Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
- TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)
- Detection ratio 21 / 46
- First submission 2013-06-22 02:52:09 UTC ( 9 months ago )
- Last submission 2014-02-14 03:57:31 UTC ( 1 month, 1 week ago )
- CopyrightCopyright (c) Microsoft Corporation.All rights reserved.
- Publisher Andrea Renzo Torello Viera
- Product Microsoft Silverlight Out-of-Browser Launcher
- File version 5.1.10411.3
- Description Microsoft Silverlight Out-of-Browser Launcher
- Signature verification A certificate was explicitly revoked by its issuer.
- Signers
- [+] Andrea Renzo Torello Viera
- [+] DigiCert Assured ID Code Signing CA-1
- [+] DigiCert
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement