Hacking Team Malware and Certificate Info

CopyrightCopyright (c) 2012 Cypress Semiconductor Corporation

Publisher sahiram

Product Trackpad Bus Monitor

File version 2.5.0.16

Description Trackpad Bus Monitor

Signature verification Signed file, verified signature

Signers

[+] sahiram

[+] COMODO Code Signing CA 2

[+] UTN-USERFirst-Object

[+] USERTrust

MD5 cb8259668b17059f1078227995aad4c2

SHA-1 f86ac5954b6e1cbfc73a908b4a2f17570bb3f966

SHA-256 d2d2824a63be0c29db8e63c6185ff0df24447c9457f617cf12e9a2c5a813ece3

ssdeep 3072:4gYAULWesJeYjDez3G16gDcd8HR/K6HT53W//oESu7WaT6/Sr04AJ23c:4grQH/Y3ez37Mi6Hxw6slT6222 3c

First submission 2013-11-11 21:39:12 UTC ( 4 months, 1 week ago )

Last submission 2014-02-18 22:25:28 UTC ( 1 month ago )

Filename DSCN21092013.exe 7cb779b8 (web) IT

Copyright(c) 2010 Dell Inc.

Publisher sahiram

Product QuickSet

File version 11.1.27.2

Description QuickSet

Signature verification Signed file, verified signature

Signers

[+] sahiram

[+] COMODO Code Signing CA 2

[+] UTN-USERFirst-Object

[+] USERTrust

MD5 bf8aba6f7640f470a8f75e9adc5b940d

SHA-1 9f3bcbee85dce5fa76ef278f697e9c6211c6983f

SHA-256 b30e2d39ad6dc94d9c2995c5db38ab406d4475ff22a68a26ebaeeb5240fb17de

ssdeep 3072:YJWuuWkxZ9xxNqMa2i3sJDcrGNWkAXZpRQOn7TJ9X4V6FzXQ5PiN+OgAVeAtNpes:YA735xjLaa0gOgtZni jMcD8mtv

imphash 20424e5d42a86b17a3901dad94acb6b4

Size 229.9 KB (235416 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 3 / 49

First submission 2014-02-07 17:28:31 UTC ( 1 month, 1 week ago )

Last submission 2014-02-18 22:24:45 UTC ( 1 month ago )

Filename 2014-02-07 17:28:31 quickset.exe e9c5c898 (web) DE

Copyright(c) 2010 Dell Inc.

Publisher sahiram

Product QuickSet

File version 11.1.27.2

Description QuickSet

Signature verification Signed file, verified signature

Signers

[+] sahiram

[+] COMODO Code Signing CA 2

[+] UTN-USERFirst-Object

[+] USERTrust

Also submitted with this:

2014-02-07 18:01:47 bb.wma.exe e9c5c898 (web) DE

MD5 b4f1a5d253ca612d0f0e14f4cf3e74db

SHA-1 62af09d47fc1ba21217a22cfb7ae66e19a095e55

SHA-256 4d433c12f8008a1b5e1a1b1e88949721ce3a3e5b5986bd2f6ad5e5719ae965e8

ssdeep 3072:egXdZt9P6D3XJxMxQNu7eLj7XijTB6us6fjI899Titxp3pBk5ricgO:ee34oxQNjXXijTB62I8mtxpZBgri cd

imphash 7fa974366048f9c551ef45714595665e

Size 165.8 KB (169755 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%) Win32 Executable MS Visual C++ (generic) (3.4%) Win32 Dynamic Link Library (generic) (0.7%) Win32 Executable (generic) (0.5%) Generic Win/DOS Executable (0.2%)

Packers identified F-PROT NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2009-12-05 22:50:52

Link date 11:50 PM 12/5/2009

Entry Point 0x000030FA

Number of sections 5

## https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/

cd1fe50dbde70fb2f20d90b27a4cfe5676fa0e566a4ac14dc8dfd5c232b93933 veryimportant.doc

The executable code is downloaded from: http://ar-24.com/0000000031/veryimportant.doc3

277cae7c249cb22ae43a605fbe901a0dc03f11e006b02d53426a6d11ad241a74 veryimportant.doc3

On execution, “veryimportant.doc3” writes the following files to disk:

C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\dXRhzmn8.nmN

C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\V46lMhsH.shv

C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\uVvJfjYa.YjG

C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\m0CRIsaV.as_

C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\iZ90AoPk.Pos

C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\0j-GU9H4.H9C

The following command is run, executing the file: “V46lMhsH.shv”

C:\WINDOWS\System32\rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\V46lMhsH.shv”,F7ed728

This then infects the following processes:

explorer.exe

iexplore.exe

wscntfy.exe

reader_sl.exe

VMwareUser.exe

A registry key is added which ensures the persistence of the backdoor after reboot:

HKU\s-1-5-21-1177238915-1336601894-725345543-500\software\microsoft\windows\currentversion\run\*U1o4r7M C:\WINDOWS\system32\rundll32.exe “C:\DOCUME~1\ADMINI~1\LOCALS~1\UbY5xEcD\V46lMhsH.shv”,F7ed728 REG_EXPAND_SZ 0

The file “V46lMhsH.shv” appears to perform the main backdoor functionality:

1df1bd11154224bcf015db8980a3c490b1584f49d4a34dde19c19bc0662ebda2 V46lMhsH.shv

The Windows implant includes a signed AMD64 driver. The certificate was issued by Verisign to “OPM Security Corporation”.

CommonName: OPM Security Corporation

Status: Valid

Validity (GMT): Mar 28, 2012 – Mar 28, 2015

Class: Digital ID Class 3 – Software Validation

Organization: OPM Security Corporation

Organizational Unit: Digital ID Class 3 – Microsoft Software Validation v2 Applications

State: Panama

City/Location: Panama

Country: PA

Serial Number: 21f33716e4db06fcf8641e0287e1e657

Issuer Digest: 4bc6f9b106c333db6c6a5b28e6738f7e

OPM security appears to be a Panama based company:8

Calle 50 Edificio Credicorpbank, Office 604

Panama

Republic of Panamá

Telephone +507-832-7893

Payload: Downloads a second stage from http://62.109.31.96/0000000025/1.doc2. The second stage downloads a Hacking Team RCS payload from http://62.109.31.96/0000000025/0000000025.exe.

Analysis: The exploit uses LZMA compression. The metadata is almost identical to that of Exploit 5.

MD5 6edb63325ed83e1f8166e3147a9f162a

SHA1 d5056edd306d26e7baef0f28bc389af0eefcb144

SHA256: 1a89b84dc91bbb93ebe90fc1a6b5b2e4d3ffe761cc948977f0a0c0ba11eda7ea

File name: 12433701

Authenticode signature block

CopyrightCopyright (c) Intel Corporation 2009-2010

Publisher Kamel Abed

Product IAStorIcon

Version 10.1.0.1008

File version 10.1.0.1008

Description IAStorIcon

Signature verification A certificate was explicitly revoked by its issuer.

Signers

[+] Kamel Abed

[+] GlobalSign CodeSigning CA - G2

[+] GlobalSign

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2012-12-12 12:36:23

Link date 1:36 PM 12/12/2012

Entry Point 0x000030E7

Number of sections 5

### Same signer as above ###

MD5 72215df1a69e4de5f9a825201e273677

SHA-1 22e76fd0b11c8416e6805f455be51230c7c5c37b

SHA-256 f50e12470f8147583b8f2b4b5e3e053c4f9243b2074993b8ad1279d50f846ce3

ssdeep 12288:uPH+ZkgAB9+2mr7uWsHPlllhllGllXlxlZLIyGyEJqDit:AEkP9WdKoEJv

imphash b9cebfed2939781ff349987e0ea28847

Size 564.3 KB (577792 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 17 / 34

First submission 2014-02-10 21:48:09 UTC ( 1 month, 1 week ago )

Last submission 2014-02-10 21:48:09 UTC ( 1 month, 1 week ago )

MD5 71bc0694f8301b7e0929b773c1a3e6ee

SHA-1 b4e52c97dceda556a42a24f759d25c392f60cf67

SHA-256 33c5e9cd997e9d9ab83b402703e3649f6b8e580042f1197e6b73ea5693b523e3

ssdeep 6144:rPH+NzkgAB9+2hObr7/wy1O3Ne8dNZI20ve29YA0/:rPH+ZkgAB9+2mr7r1y7N+20W299w

imphash b9cebfed2939781ff349987e0ea28847

Size 416.3 KB (426240 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 35 / 50

First submission 2014-02-10 18:58:03 UTC ( 1 month, 1 week ago )

Last submission 2014-02-19 16:48:44 UTC ( 1 month ago )

MD5 946ea5bd506d1ad1d6fac3de1e010cd3

SHA-1 401446bc89d641da1e3b545a5a5af35f6882c8f2

SHA-256 d7364785cef732b41894f3d4523d28a396944dc1de8fbbc6a0df5a0b6aeb887e

ssdeep 6144:KPH+NzkgAB9+2hObr7s+sdooACc3ddrWA0+:KPH+ZkgAB9+2mr7mNATLnl

imphash b9cebfed2939781ff349987e0ea28847

Size 296.3 KB (303360 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 35 / 50

First submission 2013-05-24 21:12:15 UTC ( 10 months ago )

Last submission 2014-03-07 07:58:25 UTC ( 2 weeks, 2 days ago )

MD5 6f2b145f3d078762daa7e0d33b18ad11

SHA-1 4bcd7d27506a0c7c235ea6ee444d7ce30647ae18

SHA-256 2e5fbffd9b5edf34d4e317957aaf2fb4304f10724d3f394812f9bc08dc81537c

ssdeep 6144:xPH+NzkgAB9+2hObr7C+y1O3Ne8dNZI20ve29YA0i:xPH+ZkgAB9+2mr7U1y7N+20W299l

imphash b9cebfed2939781ff349987e0ea28847

Size 417.3 KB (427304 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 35 / 48

First submission 2013-09-20 23:15:07 UTC ( 6 months ago )

Last submission 2014-03-07 07:58:40 UTC ( 2 weeks, 2 days ago )

MD5 f8abcba6172d31a6602a85d7fcd30454

SHA-1 75391db8c7ead630becdceb6e7f80a05501a515b

SHA-256 8293e0ef81cbda78ece813824ddc6d156efc9dad10254743d8ddddc511217283

ssdeep 6144:MPH+NzkgAB9+2hObr7L+y1O3Ne8dNZI20ve29YA0L:MPH+ZkgAB9+2mr7d1y7N+20W2994

imphash b9cebfed2939781ff349987e0ea28847

Size 417.3 KB (427304 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 37 / 50

First submission 2013-09-13 07:40:11 UTC ( 6 months, 1 week ago )

Last submission 2014-03-07 07:58:48 UTC ( 2 weeks, 2 days ago )

MD5 f97ffa555493fc3c563322a249f0b557

SHA-1 c46921df74112bc3a59b98d3d7d759096ed86d80

SHA-256 3c8ba40fb1847def3f6f599626f8b2d1a3516e9313ce244239b93c9c69d396d3

ssdeep 12288:1PH+ZkgAB9+2mr76sHPlllhllGllXlxlZLIyGyEJqDiO:5EkP9WuKoEJM

imphash b9cebfed2939781ff349987e0ea28847

Size 565.3 KB (578856 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 34 / 50

First submission 2013-02-25 18:52:38 UTC ( 1 year ago )

Last submission 2014-03-07 07:59:06 UTC ( 2 weeks, 2 days ago )

MD5 bf080077d9d3c362e1f5c2b9e771fb8c

SHA-1 2b48e38a5dbf9d87ce6e4cf583d7552198fb5778

SHA-256 5bf7f44273b84bbf13d8f84ba76d473956e1fc73ccb2af61d3b095db7cc0aa44

ssdeep 12288:9TWpQRAx187876LsHPlllhllGllXlxlZLIyGyEJqDgR:VyQa1XmKoEJZ

imphash 57622ee668b6c21ee0f7f1a2d6941780

Size 564.3 KB (577832 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 32 / 48

First submission 2013-06-25 11:23:55 UTC ( 9 months ago )

Last submission 2014-03-14 11:51:20 UTC ( 1 week, 2 days ago )

MD5 66741da348171175d7be67b8b0e01318

SHA-1 beb163d816b5a87eb7505b83d46247b5cc0738bc

SHA-256 e0be88ec83d63823f5fde48002131a6f2fa5e4a232a55ecf1d5630dbbfa2bd9d

ssdeep 6144:EPH+NzkgAB9+2hObr7s+y1O3Ne8dNZI20ve29YA0G:EPH+ZkgAB9+2mr7a1y7N+20W2991

imphash b9cebfed2939781ff349987e0ea28847

Size 417.3 KB (427304 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 37 / 50

First submission 2013-02-04 12:32:38 UTC ( 1 year, 1 month ago )

Last submission 2014-03-14 12:25:37 UTC ( 1 week, 2 days ago )

MD5 bed5b4149280c159247f169a45c6d780

SHA-1 501eb02b5722d63af172a2ec43febebcc7d548d4

SHA-256 228d69d344c202515841380b1cd9671aa34ffb925abda3b0c52c4505d3de95da

ssdeep 12288:sPH+ZkgAB9+2mr7ZsHPlllhllGllXlxlZLIyGyEJqDiQ:iEkP9WFKoEJW

imphash b9cebfed2939781ff349987e0ea28847

Size 564.3 KB (577792 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 38 / 50

First submission 2013-02-26 18:04:11 UTC ( 1 year ago )

Last submission 2014-03-14 12:30:11 UTC ( 1 week, 2 days ago )

MD5 c18ec79c933d8dec08c92de1139d9972

SHA-1 ba1346c0539e5151a1e45f40b34aa711895a355d

SHA-256 ee632186cc7417abb7517f69650235ba885c96d7f20be79a404287603041e9ba

ssdeep 6144:xNL6w9QRAoaw8Xwsimhkmo30MrbIru1LloMqNmgqJ:x8oQWhwmIkMr8SFy/mgqJ

imphash 59edde489e5489a45a01913ecf65cb4e

Size 226.5 KB (231944 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 25 / 50

First submission 2013-04-24 17:02:10 UTC ( 11 months ago )

Last submission 2014-02-17 19:30:16 UTC ( 1 month ago )

CopyrightCopyright (c) Microsoft Corporation.All rights reserved.

Publisher Andrea Renzo Torello Viera

Product Microsoft Silverlight Out-of-Browser Launcher

File version 5.1.10411.3

Description Microsoft Silverlight Out-of-Browser Launcher

Signature verification A certificate was explicitly revoked by its issuer.

Signers

[+] Andrea Renzo Torello Viera

[+] DigiCert Assured ID Code Signing CA-1

[+] DigiCert

MD5 702ba96ac299e62a20c3c5c015599021

SHA-1 7e94b0c8afd6c86a11143bee96affde1136d78ff

SHA-256 777198bad04b3694f4c292de5e5dfc21d338c7c3a52f3e31be2957c5f50cf0be

ssdeep 12288:EvxT7QsUm0iPKujlaOOHHocwwwwwwwwwwww45uN7qm6ozUF2utgfWZlEUCy:EvGsUmRPKujlaOOHHDwwww wwwwwwww7o

imphash 59edde489e5489a45a01913ecf65cb4e

Size 624.0 KB (638984 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 8 / 50

First submission 2013-09-09 06:35:08 UTC ( 6 months, 2 weeks ago )

Last submission 2014-02-18 15:33:11 UTC ( 1 month ago )

MD5 cf0ad0117aab82c222b319c80db36dee

SHA-1 1739605376619d0abf7b2bd7931055fda3672345

SHA-256 cebecae925e00dc9dc24078653a9a7f5e1fbc6d7072f3a410217d30abfc8e583

ssdeep 6144:mN4HN6SxOBgH0vVzJq3aWg8CZwKNXRJjiil5DCyTb8K:bcgUvxyHg7iKNXDh5DCyTb8K

imphash 59edde489e5489a45a01913ecf65cb4e

Size 476.0 KB (487432 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 7 / 50

First submission 2013-09-30 09:16:58 UTC ( 5 months, 3 weeks ago )

Last submission 2014-02-18 22:25:46 UTC ( 1 month ago )

Publisher Andrea Renzo Torello Viera

Product PowerDVD RC Service

File version 9.0.3401.1

Description PowerDVD RC Service

Signature verification A certificate was explicitly revoked by its issuer.

Signers

[+] Andrea Renzo Torello Viera

[+] DigiCert Assured ID Code Signing CA-1

[+] DigiCert

MD5 b04ab81b9b796042c46966705cd2d201

SHA-1 286da1942254f51baaf277577dcb1b559dda1757

SHA-256 5cb1b01f62cb2310a2a8a3a6da5cb90f994f7600ccbd03e6e36f25510236fecc

ssdeep 6144:Xo3VENfnfMjVkMhWdg+CZJUFCSu4Aq44444447UXIj:Xo3y1nfMjVkMhIg3ZJUFZakIj

imphash e42646af54f7999fc51fc06c9287d5ec

Size 247.8 KB (253712 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 14 / 50

First submission 2014-01-16 04:22:04 UTC ( 2 months ago )

Last submission 2014-02-25 22:20:35 UTC ( 3 weeks, 4 days ago )

Copyright(c) 2012 Cypress Semiconductor Inc. All rights reserved.

Publisher sahiram

Product Trackpad Gesture Engine Monitor

File version 2.5.0.16

Description Trackpad Gesture Engine Monitor

Signature verification Signed file, verified signature

Signers

[+] sahiram

[+] COMODO Code Signing CA 2

[+] USERTrust

MD5 5ff61876e3fa55128554e413e77c3e55

SHA-1 8435d815385275cf90d8e037b58988a07f6c07b7

SHA-256 c0966884a98d963ab50de87eca7e6e92a82bb621b1dab61a71b3e29c02ac6e36

ssdeep 3072:6T+/nDWbsXmYRVwsh+VG4Dc79d9vp1PHTT29xv2pF/DKSrMCUNQBy1QjDQ6i:6TuDW9YPwshvpzJ3PHOXWP Qj1P6i

imphash e76afd8b61a3ffcd4dd177acb90633de

Size 239.5 KB (245256 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 30 / 50

First submission 2013-09-12 16:59:38 UTC ( 6 months, 1 week ago )

Last submission 2014-03-14 12:42:08 UTC ( 1 week, 2 days ago )

CopyrightCopyright (c) Microsoft Corporation.All rights reserved.

Publisher Andrea Renzo Torello Viera

Product Microsoft (r) Windows Live ID Service Monitor

File version 7.250.4225.2

Description Microsoft (r) Windows Live ID Service Monitor

Signature verification A certificate was explicitly revoked by its issuer.

Signers

[+] Andrea Renzo Torello Viera

[+] DigiCert Assured ID Code Signing CA-1

[+] DigiCert

MD5 c17e788e28d47891f94c64739ee7fffb

SHA-1 0e326c39c91efeff1d045bec3c7e7c38405d0430

SHA-256 9577aabf5e31af1409e2abe8c29ac918d7f8784dec75b4088a60fce6a45e9fc7

ssdeep 3072:Fx2z5je7c5YH6NwXendUsb6QKHYDwxJf1zMZr7aRdTbbbKXMDTXy56nXiOdZ6aSU:L7cyaNw8H1SRNMB7aD mkTXUeXiOqMJ

imphash 59edde489e5489a45a01913ecf65cb4e

Size 227.5 KB (232968 bytes)

Type Win32 EXE

Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%) Win32 Dynamic Link Library (generic) (14.2%) Win32 Executable (generic) (9.7%) Generic Win/DOS Executable (4.3%) DOS Executable Generic (4.3%)

Detection ratio 21 / 46

First submission 2013-06-22 02:52:09 UTC ( 9 months ago )

Last submission 2014-02-14 03:57:31 UTC ( 1 month, 1 week ago )

CopyrightCopyright (c) Microsoft Corporation.All rights reserved.

Publisher Andrea Renzo Torello Viera

Product Microsoft Silverlight Out-of-Browser Launcher

File version 5.1.10411.3

Description Microsoft Silverlight Out-of-Browser Launcher

Signature verification A certificate was explicitly revoked by its issuer.

Signers

[+] Andrea Renzo Torello Viera

[+] DigiCert Assured ID Code Signing CA-1