16c2bfc8a95cd2996a5169d3fe441f6a8ac0d8fcf4c5562b6de6e68dac3ae35f

Sharing

Copy URL

Twitter E-mail

General

Target

16c2bfc8a95cd2996a5169d3fe441f6a8ac0d8fcf4c5562b6de6e68dac3ae35f
Size

493KB
MD5

7e12831b97ad63445fc0e9173b98b4b0
SHA1

36adafaafea6740027beef8d8f6d762ede47203d
SHA256

16c2bfc8a95cd2996a5169d3fe441f6a8ac0d8fcf4c5562b6de6e68dac3ae35f
SHA512

44d6f4d58712f45838627cc8bde00e63b52d9c2bc9bc45ffa6963725f6b26ab307e61d40c469bc10a657d84137e62ad8ee861744f0208ba0bdef9d8f2bd97f9f
SSDEEP

6144:axNbhnlpRcq/rJxF+AjpI6V/no/nu6wGg6r+ZfjLkKRvdhkPYXIIa6j:QpRcq/rJFjFQXN4Xjdhk3pu

Score

N/A

Malware Config

Signatures

Files

16c2bfc8a95cd2996a5169d3fe441f6a8ac0d8fcf4c5562b6de6e68dac3ae35f
.exe windows x86

6bef5ae33a89e6a89523b3d2579d2d3b

Code Sign

bb:c2:ed:37:e1:1d:f5:3b:33:79:36:3c:b4:d1:02:11
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-12-2016 00:00

Not After

07-12-2017 23:59

Subject

CN=INFORM VT\, OOO,O=INFORM VT\, OOO,POSTALCODE=109125,STREET=d. 24 pomeshchenie VI\, KOMN 1\, ul.Saratovskaya,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ad:e3:64:17:7f:52:f1:c4:95:f8:b0:a7:21:ea:84:a7:fc:28:39:b0:33:43:87:b6:f0:34:dc:fa:0b:4c:b7:cf
Signer

Actual PE Digest

ad:e3:64:17:7f:52:f1:c4:95:f8:b0:a7:21:ea:84:a7:fc:28:39:b0:33:43:87:b6:f0:34:dc:fa:0b:4c:b7:cf

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=INFORM VT\, OOO,O=INFORM VT\, OOO,POSTALCODE=109125,STREET=d. 24 pomeshchenie VI\, KOMN 1\, ul.Saratovskaya,L=Moscow,ST=Moscow,C=RU

24-10-2017 13:42
Valid: true

Chain 1

CN=INFORM VT\, OOO,O=INFORM VT\, OOO,POSTALCODE=109125,STREET=d. 24 pomeshchenie VI\, KOMN 1\, ul.Saratovskaya,L=Moscow,ST=Moscow,C=RU

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
GetAncestor
VkKeyScanExA

shell32

SHFileOperationA
SHGetSpecialFolderLocation

gdi32

Escape
GetDCOrgEx
SaveDC
PathToRegion
GetClipRgn
GetColorAdjustment
GetTextMetricsW

kernel32

GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
HeapFree
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapSize
QueryPerformanceCounter
GetACP
Sleep
LocalAlloc
ResumeThread
GetCommandLineA
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 380KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bef5ae33a89e6a89523b3d2579d2d3b

Code Sign

bb:c2:ed:37:e1:1d:f5:3b:33:79:36:3c:b4:d1:02:11Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

ad:e3:64:17:7f:52:f1:c4:95:f8:b0:a7:21:ea:84:a7:fc:28:39:b0:33:43:87:b6:f0:34:dc:fa:0b:4c:b7:cfSigner

Signature Validations

Verification

24-10-2017 13:42 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

gdi32

kernel32

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 380KB - Virtual size: 531KB

.rsrc Size: 54KB - Virtual size: 54KB

bb:c2:ed:37:e1:1d:f5:3b:33:79:36:3c:b4:d1:02:11
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

ad:e3:64:17:7f:52:f1:c4:95:f8:b0:a7:21:ea:84:a7:fc:28:39:b0:33:43:87:b6:f0:34:dc:fa:0b:4c:b7:cf
Signer

24-10-2017 13:42
Valid: true

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 380KB - Virtual size: 531KB

.rsrc
Size: 54KB - Virtual size: 54KB