4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34

Sharing

Copy URL

Twitter E-mail

General

Target

4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34
Size

455KB
MD5

cac2eaa37b36f498f29843590fca272e
SHA1

8d2259cdfc35ac1fe8a0e6e723b2fdcc2dd1d805
SHA256

4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34
SHA512

7eab5424897adfd35929215baba831651c6784d8ce0ec02df38a7aeb091e354178f2d05c4586de845f486f44ee58359831cf3e94ae21a3995d8ec8e5eac71bfa
SSDEEP

12288:QwCdAwhZ3TYLlBrIxCo2DlTXS9GZg/Eo9:Qdd/hZs/G2D9XkGfG

Score

N/A

Malware Config

Signatures

Files

4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34
.exe windows x86

cb548b35bc888d2f338e1db82a7a7b05

Code Sign

97:80:5a:ed:ba:7f:91:61:e0:d9:34:4f:66:3d:9a:b9
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08-01-2017 00:00

Not After

08-01-2018 23:59

Subject

CN=Tubatton Ltd,OU=Administration,O=Tubatton Ltd,POSTALCODE=SE1 8XD,STREET=207 Waterloo Road Waterloo House,L=London,ST=City of London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8b:92:ae:65:bc:c7:18:aa:5f:95:1d:86:67:8a:58:f9:09:3e:0c:c4:9f:67:38:66:71:20:54:68:e3:57:9d:a9
Signer

Actual PE Digest

8b:92:ae:65:bc:c7:18:aa:5f:95:1d:86:67:8a:58:f9:09:3e:0c:c4:9f:67:38:66:71:20:54:68:e3:57:9d:a9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tubatton Ltd,OU=Administration,O=Tubatton Ltd,POSTALCODE=SE1 8XD,STREET=207 Waterloo Road Waterloo House,L=London,ST=City of London,C=GB

08-11-2017 09:44
Valid: true

Chain 1

CN=Tubatton Ltd,OU=Administration,O=Tubatton Ltd,POSTALCODE=SE1 8XD,STREET=207 Waterloo Road Waterloo House,L=London,ST=City of London,C=GB

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMenu
SetWindowPos
GetWindowDC
ReleaseDC
CopyImage
GetKeyState
GetWindowRect
ScreenToClient
GetWindowLongW
SetTimer
GetMessageW
DispatchMessageW
KillTimer
DestroyWindow
EndDialog
SendMessageW
wsprintfW
GetClassNameA
GetWindowTextW
GetWindowTextLengthW
GetSysColor
wsprintfA
SetWindowTextW
CreateWindowExW
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
EnableMenuItem
GetSystemMenu
wvsprintfW
CharUpperW
MessageBoxA
GetParent

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

gdi32

GetCurrentObject
StretchBlt
GetDeviceCaps
DeleteDC
SelectObject
SetStretchBltMode
GetObjectW
DeleteObject
CreateFontIndirectW
CreateCompatibleBitmap
CreateCompatibleDC

kernel32

RtlUnwind
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapFree
HeapCreate
GetFileType
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
SetFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
SetHandleCount
GlobalMemoryStatusEx
GetProcAddress
GetStartupInfoA
GetModuleHandleW
VirtualFree
GetStdHandle
WriteFile
CreateDirectoryW
GetFileAttributesW
GetLocalTime
SystemTimeToFileTime
GetLastError
CreateThread
WaitForSingleObject
GetExitCodeThread
Sleep
SetLastError
SetFileAttributesW
GetDiskFreeSpaceExW
lstrcatW
ExitProcess
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceExA
MulDiv
GlobalFree
GlobalAlloc
lstrcmpiA
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
MultiByteToWideChar
GetLocaleInfoW
lstrlenA
lstrcmpiW
GetEnvironmentVariableW
lstrcmpW
VirtualAlloc
WideCharToMultiByte
ExpandEnvironmentStringsW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetThreadLocale
CompareFileTime
lstrlenW
GetSystemTimeAsFileTime
GetTempPathW
SetEnvironmentVariableW
CloseHandle
GetExitCodeProcess
GetQueuedCompletionStatus
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
ResumeThread
CreateJobObjectW
CreateProcessW
GetStartupInfoW
GetCommandLineW
CreateFileW
GetDriveTypeW
SetCurrentDirectoryW
SetProcessWorkingSetSize
GetCurrentProcess
GetModuleFileNameW
GetVersionExW
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
TerminateThread
SuspendThread
GetCurrentThreadId
GetSystemDirectoryW
IsBadReadPtr
LocalFree
lstrcpyW
FormatMessageW
GetFileSize
SetFilePointer
ReadFile
WaitForMultipleObjects
LeaveCriticalSection
GetModuleHandleA
DeleteCriticalSection
EnterCriticalSection
SetEndOfFile

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 387KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb548b35bc888d2f338e1db82a7a7b05

Code Sign

97:80:5a:ed:ba:7f:91:61:e0:d9:34:4f:66:3d:9a:b9Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

8b:92:ae:65:bc:c7:18:aa:5f:95:1d:86:67:8a:58:f9:09:3e:0c:c4:9f:67:38:66:71:20:54:68:e3:57:9d:a9Signer

Signature Validations

Verification

08-11-2017 09:44 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

advapi32

gdi32

kernel32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 387KB - Virtual size: 538KB

.rsrc Size: 3KB - Virtual size: 3KB

97:80:5a:ed:ba:7f:91:61:e0:d9:34:4f:66:3d:9a:b9
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

8b:92:ae:65:bc:c7:18:aa:5f:95:1d:86:67:8a:58:f9:09:3e:0c:c4:9f:67:38:66:71:20:54:68:e3:57:9d:a9
Signer

08-11-2017 09:44
Valid: true

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 387KB - Virtual size: 538KB

.rsrc
Size: 3KB - Virtual size: 3KB