f140cab283c35c92dc74db53b6d9964706538554d4151a637a406b093746692b

Sharing

Copy URL

Twitter E-mail

General

Target

f140cab283c35c92dc74db53b6d9964706538554d4151a637a406b093746692b
Size

1.0MB
MD5

ca84fed65adf022bd0d2477ebcc2329f
SHA1

2cfa335779f1231f8df2f1de958dcefdfdd70a13
SHA256

f140cab283c35c92dc74db53b6d9964706538554d4151a637a406b093746692b
SHA512

0f6b92c1d5f2958ff3edeccfeb33c41237c2279a18f87105ce04e7657ee2043b555e9191335f01d3a09a9dd689bb16b3d6015a6ce17622177d9bf54a913fd928

Score

N/A

Malware Config

Signatures

Files

f140cab283c35c92dc74db53b6d9964706538554d4151a637a406b093746692b
.exe windows x86

937afc3a0b4be86117d55cdbfe426ef4

Code Sign

2e:e3:bd:36:09:b9:b1:63:be:f9:50:b3:a0:ec:15:9c
Certificate

Issuer

CN=ARLCXDBU

Not Before

13-11-2018 23:29

Not After

31-12-2039 23:59

Subject

CN=ARLCXDBU

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fa:8e:b1:19:a5:df:f4:9a:3b:ac:65:89:a0:bb:a8:5a:25:ca:a4:46:41:21:cb:da:cb:8b:75:ec:ef:be:98:d2
Signer

Actual PE Digest

fa:8e:b1:19:a5:df:f4:9a:3b:ac:65:89:a0:bb:a8:5a:25:ca:a4:46:41:21:cb:da:cb:8b:75:ec:ef:be:98:d2

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ARLCXDBU

16-11-2018 07:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadResource
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
ReadFileEx
RemoveDirectoryW
RtlUnwind
SetCommState
SetComputerNameExW
SetConsoleWindowInfo
SetDefaultCommConfigW
InitializeCriticalSection
SetHandleCount
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
_llseek
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalCompact
GetVersionExW
GetVersionExA
GetTickCount
GetThreadLocale
GetThreadContext
GetSystemTimeAsFileTime
GetSystemInfo
GetStringTypeW
GetStringTypeExA
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetShortPathNameW
GetOEMCP
GetModuleFileNameW
GetModuleFileNameA
GetLongPathNameW
GetLocaleInfoA
GetLastError
GetFileType
GetFileSizeEx
GetFileAttributesA
GetExitCodeThread
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FindResourceExW
FindResourceA
FindNextFileW
FindFirstFileW
FindClose
ExitProcess
EnumTimeFormatsW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
DefineDosDeviceW
CreateThread
CreateProcessW
CreateFileMappingW
CreateEventA
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetEvent
VirtualAlloc

user32

WaitMessage
WinHelpA
keybd_event
mouse_event
wsprintfA
WINNLSEnableIME
ValidateRgn
UnpackDDElParam
TranslateMessage
TranslateAcceleratorA
ShowOwnedPopups
SetForegroundWindow
SetClipboardData
SendMessageW
SendMessageTimeoutA
RemovePropA
RegisterClassA
PostThreadMessageA
PostQuitMessage
PeekMessageA
OemToCharBuffA
MonitorFromWindow
MessageBoxIndirectA
MapVirtualKeyExA
LoadStringA
IsWindow
IsCharUpperA
InvalidateRgn
InsertMenuA
GetWindowModuleFileNameA
GetUserObjectSecurity
GetParent
GetMessageW
GetMessageA
GetMenuItemCount
GetMenuContextHelpId
GetLastInputInfo
GetDlgItemInt
GetDlgItem
GetClassNameW
GetAltTabInfoW
FindWindowW
EnumThreadWindows
EnableMenuItem
DrawFrame
DrawEdge
DispatchMessageW
DispatchMessageA
DeferWindowPos
CreateAcceleratorTableA
CharNextA
CallNextHookEx
AttachThreadInput
LoadIconA
IsIconic
GetClipboardOwner
GetWindowDC
GetKBCodePage
CloseDesktop
CharUpperW
GetDoubleClickTime
GetWindowTextLengthA
CreateMenu
DestroyIcon
CloseWindowStation
IsClipboardFormatAvailable
GetWindowTextLengthW
GetClipboardSequenceNumber
GetSystemMetrics
LoadCursorFromFileA
GetThreadDesktop
GetSysColorBrush
IsWindowUnicode
ShowCaret
GetMessagePos
GetKeyboardType
GetMessageTime
GetMenu
GetDlgCtrlID
GetSysColor
WindowFromDC
DdeSetQualityOfService

gdi32

MirrorRgn
SetBitmapDimensionEx
InvertRgn
IntersectClipRect
GetWindowExtEx
GetFontData
GetTextColor
GdiPrinterThunk
GdiGetSpoolMessage
GdiGetPageCount
GdiDescribePixelFormat
GdiConsoleTextOut
FontIsLinked
ExcludeClipRect
EngUnicodeToMultiByteN
Arc
AbortPath
CreateMetaFileW
CreateCompatibleDC
DeleteMetaFile
DeleteDC
CreateHalftonePalette
SaveDC
GetDCBrushColor
SetDeviceGammaRamp
GetSystemPaletteUse
GetBkMode
GetTextCharacterExtra
GetPolyFillMode
GetEnhMetaFileW
PathToRegion
FlattenPath
CancelDC
AbortDoc
CreateMetaFileA
DeleteEnhMetaFile
StrokePath
CloseMetaFile
CloseEnhMetaFile
FillPath

advapi32

RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyW
RegOpenKeyExA
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyW
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegSetValueExW

shell32

ShellAboutA
SHPathPrepareForWriteW
SHGetPathFromIDListA
SHFileOperationW
SHFileOperation
SHCreateDirectoryExW
SHAddToRecentDocs
ExtractAssociatedIconW
DragQueryFileW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
StringFromGUID2
CoRegisterClassObject
CoInitialize
CoCreateInstance
CoRevokeClassObject

shlwapi

PathFindExtensionA
StrStrA
PathCombineW

Sections

.text
Size: 918KB - Virtual size: 917KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

937afc3a0b4be86117d55cdbfe426ef4

Code Sign

2e:e3:bd:36:09:b9:b1:63:be:f9:50:b3:a0:ec:15:9cCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

fa:8e:b1:19:a5:df:f4:9a:3b:ac:65:89:a0:bb:a8:5a:25:ca:a4:46:41:21:cb:da:cb:8b:75:ec:ef:be:98:d2Signer

Signature Validations

Verification

16-11-2018 07:01 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 918KB - Virtual size: 917KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 820B

.rsrc Size: 102KB - Virtual size: 1.1MB

2e:e3:bd:36:09:b9:b1:63:be:f9:50:b3:a0:ec:15:9c
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

fa:8e:b1:19:a5:df:f4:9a:3b:ac:65:89:a0:bb:a8:5a:25:ca:a4:46:41:21:cb:da:cb:8b:75:ec:ef:be:98:d2
Signer

16-11-2018 07:01
Valid: false

.text
Size: 918KB - Virtual size: 917KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 820B

.rsrc
Size: 102KB - Virtual size: 1.1MB