2ba6ac3fcd1d3784d5ff276205d84327f20e60a6e96f5bc21db7f0c36c5c16bb

Sharing

Copy URL

Twitter E-mail

General

Target

2ba6ac3fcd1d3784d5ff276205d84327f20e60a6e96f5bc21db7f0c36c5c16bb
Size

216KB
MD5

cff9274db1f4113dc918a308855591b0
SHA1

263295f3a14ca098b72ed53095a01555d17dcd66
SHA256

2ba6ac3fcd1d3784d5ff276205d84327f20e60a6e96f5bc21db7f0c36c5c16bb
SHA512

49597e5ce8d7f5c6b4a2850f96f3c6eba3b95cb390ec3ecf75722ccff35a0f89668f5ee87ff996de2fd8f61414e7224e66d974abf01a415596420ddccb6459be
SSDEEP

3072:CvlsrSq9pgbeQRUmql/LTl8WMena17Au+9uW3h0X0e0sUorinZ+rfl:kXq8XRCxGWMe07j+9uWCB7fl

Score

N/A

Malware Config

Signatures

Files

2ba6ac3fcd1d3784d5ff276205d84327f20e60a6e96f5bc21db7f0c36c5c16bb
.exe windows x86

af68fbbfea0c1c07f1e0c00d315a56b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:1d:1e:5a:6b:a0:ef:84:46:1c:ec:d3:60:d0:c2:4d
Certificate

Issuer

CN=F-Secure Anti-Virus

Not Before

30-08-2019 20:23

Not After

31-12-2039 23:59

Subject

CN=F-Secure Anti-Virus

16:0d:29:0a:6e:c1:06:c3:2f:5b:f6:2a:11:82:4f:57:c6:f0:4f:e4
Signer

Actual PE Digest

16:0d:29:0a:6e:c1:06:c3:2f:5b:f6:2a:11:82:4f:57:c6:f0:4f:e4

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=F-Secure Anti-Virus

30-08-2019 20:23
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

TlsSetValue
GetProcAddress
GetModuleHandleA
ResetEvent
SystemTimeToFileTime
lstrcmpA
SearchPathW
QueryPerformanceCounter
LocalAlloc
lstrcpynA
lstrcmpiA
lstrcatA
GetPrivateProfileIntA
GetPrivateProfileStringA
ReadFile
SetFilePointer
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
GetModuleFileNameW
lstrcpynW
lstrlenW
SetCurrentDirectoryW
RemoveDirectoryW
DuplicateHandle
WaitForSingleObject
Sleep
GetCurrentProcess
ExitProcess
WritePrivateProfileSectionW
TerminateProcess
ResumeThread
CreateProcessW
GetSystemTimeAsFileTime
lstrcpyW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
CreateThread
GetExitCodeThread
VirtualAllocEx
OpenProcess
GetCurrentProcessId
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
GetTickCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
HeapSize

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af68fbbfea0c1c07f1e0c00d315a56b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3b:1d:1e:5a:6b:a0:ef:84:46:1c:ec:d3:60:d0:c2:4dCertificate

16:0d:29:0a:6e:c1:06:c3:2f:5b:f6:2a:11:82:4f:57:c6:f0:4f:e4Signer

Signature Validations

Verification

30-08-2019 20:23 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 5KB - Virtual size: 47KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 8KB - Virtual size: 8KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3b:1d:1e:5a:6b:a0:ef:84:46:1c:ec:d3:60:d0:c2:4d
Certificate

16:0d:29:0a:6e:c1:06:c3:2f:5b:f6:2a:11:82:4f:57:c6:f0:4f:e4
Signer

30-08-2019 20:23
Valid: false

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 5KB - Virtual size: 47KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 8KB - Virtual size: 8KB