3cee747a4d8f56309a9c932023c34cf406975044a86ff8ea6ae696110cec263a

Sharing

Copy URL

Twitter E-mail

General

Target

3cee747a4d8f56309a9c932023c34cf406975044a86ff8ea6ae696110cec263a
Size

191KB
MD5

10c6191f585b1e35f12e6107965c413f
SHA1

431273ca55b429789847a4437f78c4a18d9b7bd2
SHA256

3cee747a4d8f56309a9c932023c34cf406975044a86ff8ea6ae696110cec263a
SHA512

6e88e09e526a9d02e6b6c3de327c4011f9204fe490618313b3218952489f9c77dcddd28df07709bf59bf3e39d73928e1483064351921183321c89795a91a6bc8
SSDEEP

3072:TnBw3srVO8suXpzXPgNpIyAHBgRQSAJFTjztn:TnBw4TtXpzXdyFQSAJF3z

Score

N/A

Malware Config

Signatures

Files

3cee747a4d8f56309a9c932023c34cf406975044a86ff8ea6ae696110cec263a
.exe windows x86

aef43fb7c38cf7bbbdf1a78f36263e42

Code Sign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:1a:6a:87:ec:42:d5:2d:b1:cb:f8:d2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

10-11-2016 11:27

Not After

11-11-2017 11:27

Subject

SERIALNUMBER=5147746267224,CN=For Ai Studio\, LLC,O=For Ai Studio\, LLC,STREET=d. 21 str. 1\, per. Perevedenovski,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.1=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:9b:f6:a6:6e:89:d9:6d:01:cc:20:b6:58:06:95:fc:3e:06:f1:3c
Signer

Actual PE Digest

19:9b:f6:a6:6e:89:d9:6d:01:cc:20:b6:58:06:95:fc:3e:06:f1:3c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=5147746267224,CN=For Ai Studio\, LLC,O=For Ai Studio\, LLC,STREET=d. 21 str. 1\, per. Perevedenovski,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.1=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25-11-2016 08:10
Valid: true

Chain 1

SERIALNUMBER=5147746267224,CN=For Ai Studio\, LLC,O=For Ai Studio\, LLC,STREET=d. 21 str. 1\, per. Perevedenovski,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.1=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProfileIntW
CreateFileA
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetBinaryTypeA
GetFileSize
VirtualQuery
UnmapViewOfFile
GetProcAddress
lstrcmpA

msvcrt

strcspn
strlen
memset
memcpy

Sections

QMst6
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

w df0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

c
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

!BQk4+J
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tZU
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zEPdf
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fMn
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

x5!
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

i=V=
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eA?Ew
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aef43fb7c38cf7bbbdf1a78f36263e42

Code Sign

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

43:1a:6a:87:ec:42:d5:2d:b1:cb:f8:d2Certificate

Extended Key Usages

Key Usages

19:9b:f6:a6:6e:89:d9:6d:01:cc:20:b6:58:06:95:fc:3e:06:f1:3cSigner

Signature Validations

Verification

25-11-2016 08:10 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

QMst6 Size: 12KB - Virtual size: 12KB

w df0 Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 806B

.data Size: 5KB - Virtual size: 8KB

c Size: 9KB - Virtual size: 8KB

!BQk4+J Size: 15KB - Virtual size: 15KB

tZU Size: 10KB - Virtual size: 9KB

zEPdf Size: 5KB - Virtual size: 4KB

.crt Size: 21KB - Virtual size: 20KB

.qdata Size: 5KB - Virtual size: 4KB

fMn Size: 5KB - Virtual size: 5KB

x5! Size: 4KB - Virtual size: 3KB

i=V= Size: 5KB - Virtual size: 5KB

.crt0 Size: 8KB - Virtual size: 7KB

eA?Ew Size: 4KB - Virtual size: 4KB

.rsrc Size: 69KB - Virtual size: 69KB

04:00:00:00:00:01:21:58:53:08:a2
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

43:1a:6a:87:ec:42:d5:2d:b1:cb:f8:d2
Certificate

19:9b:f6:a6:6e:89:d9:6d:01:cc:20:b6:58:06:95:fc:3e:06:f1:3c
Signer

25-11-2016 08:10
Valid: true

QMst6
Size: 12KB - Virtual size: 12KB

w df0
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 806B

.data
Size: 5KB - Virtual size: 8KB

c
Size: 9KB - Virtual size: 8KB

!BQk4+J
Size: 15KB - Virtual size: 15KB

tZU
Size: 10KB - Virtual size: 9KB

zEPdf
Size: 5KB - Virtual size: 4KB

.crt
Size: 21KB - Virtual size: 20KB

.qdata
Size: 5KB - Virtual size: 4KB

fMn
Size: 5KB - Virtual size: 5KB

x5!
Size: 4KB - Virtual size: 3KB

i=V=
Size: 5KB - Virtual size: 5KB

.crt0
Size: 8KB - Virtual size: 7KB

eA?Ew
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 69KB - Virtual size: 69KB