b6929c10554b2ec977acdf9dbe47dc28fc35fb67c0fbaddca9486dadc72d545f

Sharing

Copy URL

Twitter E-mail

General

Target

b6929c10554b2ec977acdf9dbe47dc28fc35fb67c0fbaddca9486dadc72d545f
Size

1020KB
MD5

4ff61b61152349015403583476eb22e1
SHA1

82cd4c648589490a955c895e7bf3500d0d6a39d9
SHA256

b6929c10554b2ec977acdf9dbe47dc28fc35fb67c0fbaddca9486dadc72d545f
SHA512

0abcbc189d5deba67ff5e5b670c1d6dabff1fd0292a87526dbc02d9879ee77ceb579ccec244f1f853a7aa23ecbc39a781aa7884dee189776593d7c0ceda39113
SSDEEP

24576:W5lKQpx/cAoecd5694SNAEcM6aahHzAtZUXDD3C5ZDgAl0B:wvO69zXcFaaEZUX/y5ZUm0B

Score

N/A

Malware Config

Signatures

Files

b6929c10554b2ec977acdf9dbe47dc28fc35fb67c0fbaddca9486dadc72d545f
.exe windows x86

2f486b6fe731f492ce309b7321257269

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:92:74:d7:d5:b0:de:7f:7e:0e:a5:bb:32:bb:ae:a8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13-11-2018 00:00

Not After

17-11-2019 23:59

Subject

CN=Symantec Corporation,OU=STAR,O=Symantec Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:86:9b:b0:a5:bf:09:aa:9f:ee:5d:4b:21:99:c8:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

10-11-2018 00:00

Not After

18-11-2019 23:59

Subject

CN=Symantec Corporation,OU=STAR,O=Symantec Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:8a:c1:54:ee:3b:33:bf:25:71:69:7c:b7:44:27:95:a4:7d:96:61:5a:25:b3:d5:0f:e4:60:c1:21:a7:70:82
Signer

Actual PE Digest

25:8a:c1:54:ee:3b:33:bf:25:71:69:7c:b7:44:27:95:a4:7d:96:61:5a:25:b3:d5:0f:e4:60:c1:21:a7:70:82

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=STAR,O=Symantec Corporation,L=Mountain View,ST=California,C=US

20-09-2019 17:33
Valid: false

97:52:81:a1:49:d2:78:b2:4a:90:a7:84:7c:93:ec:2d:cf:ce:ad:04
Signer

Actual PE Digest

97:52:81:a1:49:d2:78:b2:4a:90:a7:84:7c:93:ec:2d:cf:ce:ad:04

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=STAR,O=Symantec Corporation,L=Mountain View,ST=California,C=US

20-09-2019 14:20
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
LCMapStringA
IsValidCodePage
GetACP
HeapSize
VirtualFree
HeapReAlloc
GetStartupInfoA
LocalFree
GetCommandLineA
ExitProcess
Sleep
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
GetTickCount
SetErrorMode
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExA
FileTimeToLocalFileTime
CreateFileA
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
HeapCreate
lstrcmpiA
GetStringTypeExA
DeleteFileA
MoveFileA
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
FindResourceExA
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
VirtualProtect
GetCurrentProcessId
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryA
lstrcmpW
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
MulDiv
VirtualAlloc
CreateEventA
GetConsoleWindow
WaitForSingleObject
GetStdHandle
CreateNamedPipeA
ConnectNamedPipe
ReadFile
WriteFile
FlushFileBuffers
DisconnectNamedPipe
CloseHandle
GlobalAddAtomA
lstrlenA
GetCurrentThreadId
GetLastError
lstrcmpA
GetSystemInfo
GetVersionExA
FormatMessageA
WideCharToMultiByte
GetModuleHandleA
GetModuleFileNameA
lstrcpyA
lstrcatA
FindResourceA
LoadResource
LockResource
SizeofResource

user32

WaitMessage
SetCapture
WindowFromPoint
KillTimer
SetTimer
SetParent
GetSystemMenu
DeleteMenu
IsRectEmpty
IsZoomed
DestroyCursor
SetRect
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
MapDialogRect
GetAsyncKeyState
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetWindowThreadProcessId
SetCursor
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
RedrawWindow
TranslateAcceleratorA
TranslateMDISysAccel
BringWindowToTop
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
GetWindowDC
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetForegroundWindow
ShowScrollBar
GetClientRect
PostMessageA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CallWindowProcA
PtInRect
RegisterClipboardFormatA
GetMenu
GetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
BeginPaint
GetWindowRect
UnregisterClassA
GetMenuItemInfoA
DestroyIcon
CharUpperA
EndPaint
GetSystemMetrics
CreateWindowExA
DrawIcon
SetWindowRgn
CopyAcceleratorTableA
RegisterWindowMessageA
CreateMenu
LockWindowUpdate
GetDCEx
GetTabbedTextExtentA
CheckMenuItem
PostThreadMessageA
SetWindowLongA
SetWindowPos
GetDC
DestroyWindow
DefWindowProcA
GetShellWindow
GetForegroundWindow
GetWindowTextA
GetCursorPos
DrawIconEx
SendDlgItemMessageA
SendInput
GetWindowPlacement
SetWindowPlacement
SetDlgItemTextA
GetIconInfo
GetSysColorBrush
DialogBoxParamA
LoadCursorA
CreateDialogParamA
GetDlgItem
CharLowerA
SetWindowTextA
InvalidateRect
SendNotifyMessageA
CheckDlgButton
LoadIconA
CheckRadioButton
IsDlgButtonChecked
EndDialog
IsWindowVisible
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
MessageBoxA
UpdateWindow
DrawFocusRect
InflateRect
CopyRect
GetSysColor
SendMessageA
wsprintfA
GetDlgCtrlID
EnableWindow
GetWindow

gdi32

DeleteDC
CreatePatternBrush
CreateCompatibleDC
CreateCompatibleBitmap
DPtoLP
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetViewportOrgEx
CreateFontA
StretchDIBits
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
CombineRgn
EnumFontFamiliesExA
LPtoDP
GetNearestColor
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetWindowOrgEx
GetCharWidthA
SelectClipRgn
DeleteObject
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
BitBlt
GetWindowExtEx
GetViewportExtEx
Ellipse
GetCurrentPositionEx
GetTextMetricsA
CreateSolidBrush
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox
CreateDCA
GetDeviceCaps
SetTextColor
SetBkMode
GetStockObject
SelectObject
CreatePen
SetTextJustification
SetStretchBltMode
GetCurrentObject
GetPixel
WidenPath
CreateEllipticRgn
GetTextColor
GetBkMode
GetBkColor
CreateFontIndirectA
GetObjectA
GetTextExtentPoint32A
PatBlt
Rectangle
CreateRectRgn

comdlg32

GetFileTitleA

winspool.drv

GetJobA
OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
GetFileSecurityA
SetFileSecurityA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueA
ImpersonateLoggedOnUser
RegOpenKeyExA

shell32

SHGetFolderLocation
DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
SHBindToParent

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageA

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFindExtensionA
PathIsUNCA

opengl32

wglCreateContext
wglMakeCurrent

ole32

OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

VariantClear
SysAllocStringLen
VariantInit
VariantChangeType

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

gdiplus

GdiplusStartup

ws2_32

getaddrinfo
WSACleanup
closesocket
socket
freeaddrinfo
ioctlsocket
bind
WSAStartup

iphlpapi

DeleteProxyArpEntry
DeleteIpForwardEntry

avifil32

AVIStreamLength
AVIStreamStart

odbc32

ord27

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 567KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f486b6fe731f492ce309b7321257269

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

14:92:74:d7:d5:b0:de:7f:7e:0e:a5:bb:32:bb:ae:a8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

2e:86:9b:b0:a5:bf:09:aa:9f:ee:5d:4b:21:99:c8:53Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

25:8a:c1:54:ee:3b:33:bf:25:71:69:7c:b7:44:27:95:a4:7d:96:61:5a:25:b3:d5:0f:e4:60:c1:21:a7:70:82Signer

Signature Validations

Verification

20-09-2019 17:33 Valid: false

97:52:81:a1:49:d2:78:b2:4a:90:a7:84:7c:93:ec:2d:cf:ce:ad:04Signer

Signature Validations

Verification

20-09-2019 14:20 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

opengl32

ole32

oleaut32

version

gdiplus

ws2_32

iphlpapi

avifil32

odbc32

rpcrt4

oleacc

Sections

.text Size: 296KB - Virtual size: 295KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 10KB - Virtual size: 28KB

.rsrc Size: 567KB - Virtual size: 566KB

.reloc Size: 46KB - Virtual size: 46KB

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

14:92:74:d7:d5:b0:de:7f:7e:0e:a5:bb:32:bb:ae:a8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

2e:86:9b:b0:a5:bf:09:aa:9f:ee:5d:4b:21:99:c8:53
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

25:8a:c1:54:ee:3b:33:bf:25:71:69:7c:b7:44:27:95:a4:7d:96:61:5a:25:b3:d5:0f:e4:60:c1:21:a7:70:82
Signer

20-09-2019 17:33
Valid: false

97:52:81:a1:49:d2:78:b2:4a:90:a7:84:7c:93:ec:2d:cf:ce:ad:04
Signer

20-09-2019 14:20
Valid: false

.text
Size: 296KB - Virtual size: 295KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 10KB - Virtual size: 28KB

.rsrc
Size: 567KB - Virtual size: 566KB

.reloc
Size: 46KB - Virtual size: 46KB