1da95e48e38bd56d459329fc236870448ab9483ec943d33c3f8064d8d89ce0e2

Sharing

Copy URL

Twitter E-mail

General

Target

1da95e48e38bd56d459329fc236870448ab9483ec943d33c3f8064d8d89ce0e2
Size

282KB
MD5

2485c741af50de986079b6ad9b6c948a
SHA1

575651ded135bc2ca0afbd07f7f35ef1b0b72b7c
SHA256

1da95e48e38bd56d459329fc236870448ab9483ec943d33c3f8064d8d89ce0e2
SHA512

07efa4a38977416ca4769201d4229983c18bddee1427210eaeea8e646e37eaba2ef46d9dc524827786c92036c45392211aa78bc31ac873c72a9da19e79b7a1fc
SSDEEP

6144:NAT/OCJ1kM5PYKXqLe53WwVII09ABnKwgR6nRcda2xi9D:NAT2CJ1kM5P4Le5mwVl09ABKOcdafZ

Score

N/A

Malware Config

Signatures

Files

1da95e48e38bd56d459329fc236870448ab9483ec943d33c3f8064d8d89ce0e2
.exe windows x86

24cdbc24184473968dae27d44aacbfe8

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05-05-2015 00:00

Not After

31-12-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:79:27:fb:fb:7e:7f:33:7d:62:ff:0d:ee:1d:33:44
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-08-2015 00:00

Not After

27-07-2016 23:59

Subject

CN=Favorite-III,O=Favorite-III,POSTALCODE=74840,STREET=Kherson region. Kahovskij area Razdolnoe village\, the buildings\, 6,L=Razdolnoe,ST=Herson,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:e9:78:c9:d4:f3:36:a5:9c:91:84:51:92:75:3a:b6:66:69:df:51
Signer

Actual PE Digest

16:e9:78:c9:d4:f3:36:a5:9c:91:84:51:92:75:3a:b6:66:69:df:51

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Favorite-III,O=Favorite-III,POSTALCODE=74840,STREET=Kherson region. Kahovskij area Razdolnoe village\, the buildings\, 6,L=Razdolnoe,ST=Herson,C=UA

19-10-2015 20:13
Valid: true

Chain 1

CN=Favorite-III,O=Favorite-III,POSTALCODE=74840,STREET=Kherson region. Kahovskij area Razdolnoe village\, the buildings\, 6,L=Razdolnoe,ST=Herson,C=UA

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

HACCEL_UserUnmarshal
CoFileTimeToDosDateTime
ReadFmtUserTypeStg
CoGetStandardMarshal
OleTranslateAccelerator
WriteFmtUserTypeStg
CoRevokeClassObject
OleCreateLinkFromData
OleQueryLinkFromData
OleCreateLink
SNB_UserMarshal
CLIPFORMAT_UserFree
HBITMAP_UserFree
CoMarshalInterface
StgCreatePropStg
CoUnmarshalHresult
OleSaveToStream
CoInitialize
OleDuplicateData
GetRunningObjectTable
OleGetClipboard
CoTreatAsClass
CLIPFORMAT_UserUnmarshal
StgOpenStorage
OleCreateLinkToFile
CoCreateInstance
CoRegisterPSClsid
StgCreateDocfileOnILockBytes
StgOpenStorageEx
DoDragDrop
CoResumeClassObjects
HBITMAP_UserUnmarshal
CoGetInterfaceAndReleaseStream
StringFromGUID2
CoDisconnectObject
MonikerCommonPrefixWith
CreateOleAdviseHolder
OleBuildVersion
CreateItemMoniker
CoReleaseServerProcess
CoLoadLibrary
CoGetTreatAsClass
HBITMAP_UserSize
GetConvertStg
StringFromCLSID
CreateDataCache
HGLOBAL_UserSize
CreateILockBytesOnHGlobal
StringFromIID
FreePropVariantArray
MonikerRelativePathTo
HACCEL_UserSize
OleIsCurrentClipboard
CoTaskMemFree
CoFreeLibrary
StgIsStorageFile
GetHGlobalFromStream
StgCreateDocfile
SNB_UserSize
HGLOBAL_UserMarshal
HMENU_UserUnmarshal
CoGetPSClsid
HWND_UserMarshal
OleCreateStaticFromData
HMENU_UserMarshal
CoFileTimeNow
RegisterDragDrop
OleCreateFromFile
OleSetAutoConvert
GetHGlobalFromILockBytes
CoTaskMemAlloc
CoFreeAllLibraries
OleCreateFromData
OleConvertIStorageToOLESTREAMEx
WriteClassStg
OleUninitialize
STGMEDIUM_UserSize
OleSetClipboard
HPALETTE_UserMarshal
OleSetMenuDescriptor
OleCreateDefaultHandler
PropVariantCopy
OleConvertIStorageToOLESTREAM
MkParseDisplayName
OleLoad
CoCreateFreeThreadedMarshaler
CoGetClassObject
ReadClassStm
OleRun
HPALETTE_UserSize
IsAccelerator
OleInitialize
CreateFileMoniker
OleLoadFromStream
OleLockRunning
SNB_UserUnmarshal
CoRegisterMessageFilter
ReadClassStg
OleFlushClipboard
CoReleaseMarshalData
HACCEL_UserMarshal
HGLOBAL_UserFree
OleCreateEmbeddingHelper
StgSetTimes
IIDFromString
CoLockObjectExternal
ReleaseStgMedium
HWND_UserFree
CreatePointerMoniker
CoTaskMemRealloc
CreateDataAdviseHolder
OleDestroyMenuDescriptor
CoMarshalHresult
StgGetIFillLockBytesOnILockBytes
CreateAntiMoniker
SetConvertStg
HWND_UserUnmarshal
CoGetCurrentProcess
CoAddRefServerProcess
STGMEDIUM_UserFree
WriteClassStm
CoFreeUnusedLibraries
OleCreateMenuDescriptor
STGMEDIUM_UserMarshal
CoGetObject
OleRegGetMiscStatus
OleNoteObjectVisible
CLSIDFromProgID
OleSetContainedObject
OleIsRunning
OleRegGetUserType
OleGetIconOfFile
CoUninitialize
StgCreateStorageEx
OleGetAutoConvert
CoBuildVersion
STGMEDIUM_UserUnmarshal
StgCreatePropSetStg
CLIPFORMAT_UserMarshal
CreateBindCtx
BindMoniker
CoSuspendClassObjects
CreateStdProgressIndicator
HBITMAP_UserMarshal
OleQueryCreateFromData
CreateStreamOnHGlobal
HMENU_UserSize
CoGetMalloc
StgGetIFillLockBytesOnFile
SNB_UserFree
CoUnmarshalInterface
HWND_UserSize
OleGetIconOfClass
PropVariantClear
HGLOBAL_UserUnmarshal
OleRegEnumFormatEtc
CLSIDFromString

comdlg32

PrintDlgW
PageSetupDlgW
GetOpenFileNameA
PrintDlgA
GetSaveFileNameW
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameW
ChooseColorW
CommDlgExtendedError

oleaut32

VarDecSu
CreateErrorInfo
VarR8FromBool
VarBoolFromUI4
VarInt
VarR4FromUI1
GetErrorInfo

msvcrt

__p__fmode
_adjust_fdiv
__set_app_type
__setusermatherr
_initterm
__getmainargs
_exit
_XcptFilter
_acmdln
exit
__p__fmode
_controlfp
_close

lz32

LZCopy

kernel32

GetConsoleCP
CreateMutexA
GetModuleHandleA
GetStartupInfoA
LoadLibraryW

gdi32

GetPixelFormat
ExtCreatePen
SaveDC
GetEnhMetaFileDescriptionA
CreateFontIndirectW
WidenPath
SetTextJustification
GetTextMetricsA
RemoveFontResourceA
LineDDA
StartDocW
GetStretchBltMode
SetMapMode
GetICMProfileW
SetMiterLimit
DeleteDC
OffsetRgn
IntersectClipRect
FrameRgn
TranslateCharsetInfo
ExtCreateRegion
PtVisible
RealizePalette
EqualRgn
CreateFontA
CloseEnhMetaFile
CreatePatternBrush
GetStockObject
SetWindowOrgEx
GetRegionData
TextOutW
CreateEllipticRgn
EnumObjects
GetMiterLimit
SetWindowExtEx
SelectClipRgn
UnrealizeObject
CreateBrushIndirect
EnumFontsW
DeleteColorSpace
CreateColorSpaceA
GetMapMode
GetWindowOrgEx
GetTextCharset
GetNearestPaletteIndex
SetMetaRgn
GetTextFaceA
Pie
GetArcDirection
SetTextCharacterExtra
GetCharABCWidthsA
GetOutlineTextMetricsA
SetStretchBltMode
PlgBlt
GetEnhMetaFileHeader
StretchDIBits
RectInRegion

advapi32

RegFlushKey
LsaRetrievePrivateData
DecryptFileA
RegEnumKeyExA
RegOpenKeyA

user32

LoadStringA
PostMessageA
GetInputState
LookupIconIdFromDirectory
GetClassInfoA
OemKeyScan
SetForegroundWindow
SetKeyboardState
DdeClientTransaction
BeginDeferWindowPos
SetWindowPlacement

Sections

.text
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24cdbc24184473968dae27d44aacbfe8

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

33:79:27:fb:fb:7e:7f:33:7d:62:ff:0d:ee:1d:33:44Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

16:e9:78:c9:d4:f3:36:a5:9c:91:84:51:92:75:3a:b6:66:69:df:51Signer

Signature Validations

Verification

19-10-2015 20:13 Valid: true

Chain 1

Headers

File Characteristics

Imports

ole32

comdlg32

oleaut32

msvcrt

lz32

kernel32

gdi32

advapi32

user32

Sections

.text Size: 240KB - Virtual size: 237KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 117KB

.rsrc Size: 16KB - Virtual size: 13KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

33:79:27:fb:fb:7e:7f:33:7d:62:ff:0d:ee:1d:33:44
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

16:e9:78:c9:d4:f3:36:a5:9c:91:84:51:92:75:3a:b6:66:69:df:51
Signer

19-10-2015 20:13
Valid: true

.text
Size: 240KB - Virtual size: 237KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 117KB

.rsrc
Size: 16KB - Virtual size: 13KB