5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542

Sharing

Copy URL

Twitter E-mail

General

Target

5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542
Size

837KB
MD5

f123e73cc5fd5e6de566d0515ddb03b2
SHA1

2a3f62804a340bd9ae3afa2626653942c8ec33a7
SHA256

5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542
SHA512

fe99aa5e074b5b0a3c74ea9a0346c5e6f36533de2c28d0ba7c7a05461105d07f1e2260a90293efc36797c9a1af6593abb5d2a6e95b4f7fc8cadd25bd74ae51dc
SSDEEP

6144:LfbKJ5wTodETeouZsTC+sN/NDV5+mKCGr7ivZ1/djaGxFSZbzcfK/:LW5wTod9QSDVImKCG/ivn/N3SFR

Score

N/A

Malware Config

Signatures

Files

5e71696919b1dcac97300cee304cec686b19aee23888b1a35822dc974dacb542
.exe windows x86

4a7d70a64985877d56c63d8eddee60b4

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:f8:fd:d1:67:f9:24:02:b1:57:0b:5d:c4:95:c8:15
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29/11/2016, 00:00

Not After

21/11/2019, 23:59

Subject

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/12/2015, 00:00

Not After

16/12/2018, 23:59

Subject

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

38:8e:07:18:89:41:ba:23:3e:77:37:f6:ba:6f:cb:52:70:cb:5b:8e:a9:5e:75:bb:44:9d:7b:23:00:33:bc:15
Signer

Actual PE Digest

38:8e:07:18:89:41:ba:23:3e:77:37:f6:ba:6f:cb:52:70:cb:5b:8e:a9:5e:75:bb:44:9d:7b:23:00:33:bc:15

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

14/07/2017, 02:15
Valid: false

fc:af:3a:ac:8f:7d:72:a4:39:d3:43:ee:fc:13:ac:b9:f8:de:2f:75
Signer

Actual PE Digest

fc:af:3a:ac:8f:7d:72:a4:39:d3:43:ee:fc:13:ac:b9:f8:de:2f:75

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

14/07/2017, 02:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetProcAddress
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SetErrorMode
VerLanguageNameW
VirtualQueryEx
ReadProcessMemory
FindFirstFileExA
GlobalAlloc
GetLocaleInfoW
FindNextFileW
GetTapeParameters
GetConsoleInputExeNameW
DecodeSystemPointer
ReadConsoleOutputAttribute
DefineDosDeviceA
VerLanguageNameA
DeleteFileA
InterlockedPushEntrySList
ExpandEnvironmentStringsA
SetCriticalSectionSpinCount
GetCurrentDirectoryW
GetVolumePathNameW

user32

GetCursorPos
ShowWindow
GetKeyboardType
SetWindowPos
GetCursorInfo
SetFocus
GetCaretBlinkTime
GetGUIThreadInfo
ShowCursor
SetCursor
SetWindowLongA
DrawIconEx
InvertRect
RegisterDeviceNotificationA
GetSystemMenu
ActivateKeyboardLayout
GetCursorFrameInfo
SetRect
DlgDirSelectExW
PtInRect
CreateDialogIndirectParamW
SetCaretBlinkTime
GetClassInfoExW
IsMenu
SetMenuItemInfoW
FlashWindowEx
DdeAddData
SetTaskmanWindow
DefDlgProcW
InSendMessageEx
GetDoubleClickTime
GetMenuDefaultItem
SendMessageCallbackW
UnionRect
IMPQueryIMEW
LoadLocalFonts

version

GetFileVersionInfoA
VerInstallFileW
VerInstallFileA
GetFileVersionInfoW
VerQueryValueA
VerFindFileA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW
VerFindFileW

comctl32

CreateMRUListW
ImageList_SetBkColor
ImageList_GetImageRect
CreateStatusWindowW
CreateStatusWindowA
ImageList_AddIcon
ImageList_LoadImageW
EnumMRUListW
ImageList_SetImageCount
ImageList_BeginDrag
InitMUILanguage
Str_SetPtrW
ImageList_Merge
ImageList_DragLeave
DSA_GetItemPtr
PropertySheetA
ImageList_DrawEx
ImageList_GetBkColor
ImageList_DragShowNolock
CreateToolbar
ImageList_GetIcon
FreeMRUList
CreateMappedBitmap
ImageList_Destroy
DPA_DestroyCallback
DllGetVersion

oleaut32

VarFormatFromTokens
SafeArrayAllocData
VarI4FromI2
OleCreatePropertyFrameIndirect
VarSub
VarR4FromStr
VarDateFromUI8
VarParseNumFromStr
VarI2FromI8
VariantTimeToDosDateTime
VarCyMul
VarXor
VarUI8FromR8
VarUI1FromUI8
OleCreateFontIndirect
VarEqv
SysReAllocStringLen
SafeArrayGetVartype
VarDateFromI4
SafeArraySetRecordInfo
VarCyFromI1
VarDateFromR8
VarUI1FromI4
VarCat
VarR4FromUI1

winspool.drv

AddPrinterDriverExW
ClosePrinter
StartPagePrinter
DeviceCapabilitiesA
GetPrinterDriverDirectoryA
AddPortExW
DocumentEvent
DevQueryPrint
GetJobA
EnumPrinterDriversW
OpenPrinterA
DeletePrintProvidorW
ConnectToPrinterDlg
AddPrinterDriverExA
AddPrinterConnectionW
StartDocPrinterW
DeletePortA
ExtDeviceMode

imagehlp

SymEnumerateSymbolsW64
SymGetSymNext64
FindExecutableImageEx
ReBaseImage
SymUnDName64
SymGetModuleInfoW
SymGetOptions
SymGetSearchPath
SymGetTypeInfo
ImageLoad
SymEnumerateSymbols
SymUnloadModule64
SymGetSymFromAddr
MapFileAndCheckSumW
SymEnumerateModules64
SymGetSymPrev64
SymGetLineNext64
StackWalk
UnmapDebugInformation
SymMatchFileName
SymGetLineFromName64
SymGetModuleBase
GetImageUnusedHeaderBytes

ole32

CoInitializeSecurity
CoGetCurrentProcess
CLSIDFromProgIDEx
HMETAFILEPICT_UserFree
CoTreatAsClass
EnableHookObject
HPALETTE_UserUnmarshal
CoGetCallContext
OleCreateFromDataEx
CLSIDFromOle1Class
OleDestroyMenuDescriptor
OleInitialize
CoGetStdMarshalEx
OleQueryCreateFromData
CoInitializeWOW
CoInitialize
CoLockObjectExternal
CoMarshalHresult
CoRegisterSurrogate
HACCEL_UserSize
CreateILockBytesOnHGlobal
ProgIDFromCLSID
GetDocumentBitStg
StgOpenAsyncDocfileOnIFillLockBytes
OleCreateLink
HMETAFILE_UserUnmarshal
CoGetApartmentID

Sections

.text
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsnw
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsxk
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a7d70a64985877d56c63d8eddee60b4

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

14:f8:fd:d1:67:f9:24:02:b1:57:0b:5d:c4:95:c8:15Certificate

Extended Key Usages

Key Usages

01Certificate

Extended Key Usages

Key Usages

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

38:8e:07:18:89:41:ba:23:3e:77:37:f6:ba:6f:cb:52:70:cb:5b:8e:a9:5e:75:bb:44:9d:7b:23:00:33:bc:15Signer

Signature Validations

Verification

14/07/2017, 02:15 Valid: false

fc:af:3a:ac:8f:7d:72:a4:39:d3:43:ee:fc:13:ac:b9:f8:de:2f:75Signer

Signature Validations

Verification

14/07/2017, 02:15 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

version

comctl32

oleaut32

winspool.drv

imagehlp

ole32

Sections

.text Size: 307KB - Virtual size: 306KB

.rdata Size: 4KB - Virtual size: 2KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 10KB - Virtual size: 9KB

.rsrc Size: 17KB - Virtual size: 17KB

.rsnw Size: 472KB - Virtual size: 472KB

.rsxk Size: 1024B - Virtual size: 4KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

14:f8:fd:d1:67:f9:24:02:b1:57:0b:5d:c4:95:c8:15
Certificate

01
Certificate

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

38:8e:07:18:89:41:ba:23:3e:77:37:f6:ba:6f:cb:52:70:cb:5b:8e:a9:5e:75:bb:44:9d:7b:23:00:33:bc:15
Signer

14/07/2017, 02:15
Valid: false

fc:af:3a:ac:8f:7d:72:a4:39:d3:43:ee:fc:13:ac:b9:f8:de:2f:75
Signer

14/07/2017, 02:15
Valid: false

.text
Size: 307KB - Virtual size: 306KB

.rdata
Size: 4KB - Virtual size: 2KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 17KB - Virtual size: 17KB

.rsnw
Size: 472KB - Virtual size: 472KB

.rsxk
Size: 1024B - Virtual size: 4KB