Synthesia[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Synthesia.exe
Size

9.6MB
MD5

02da8e1bb7ddf16c4eeb915e37975d82
SHA1

d121b160e4ab81cd36b69b32747345922a626a6a
SHA256

b5f548e64515beff655a267f33c2c36b55524622b28d8dfe6e0c9b87674134e0
SHA512

78cd17c8a39bb1fdaa930938fe2d3158d82778a6101b70cd6904d4ae130ec4b9b304cc92a6dda4ee99b82468c18c6c1ed2a66fcc47867d7299d2c5070d372036
SSDEEP

196608:ijFTigR1AkNtNlgkRKyzGEf5wNVMWqrUgOcrPxt8C/JM0R2o5n1ZarjE:QJR1rDNlgkdzGEf5wNVMWJgOWHaro

Score

N/A

Malware Config

Signatures

Files

Synthesia.exe
.exe windows x86

Password: 1231

05082d741b5aefe28ce47b8765bedc19

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fb:e2:08:75:34:61:da:c4:af:0b:9b:43:ae:e4:2e:ff
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/04/2015, 00:00

Not After

26/04/2020, 23:59

Subject

CN=Synthesia LLC,O=Synthesia LLC,POSTALCODE=48189,STREET=10911 Charring Cross Cir,L=Whitmore Lake,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:91:e6:b3:21:b0:3e:32:9c:de:0b:4c:62:9d:e0:15:5f:04:15:7d
Signer

Actual PE Digest

15:91:e6:b3:21:b0:3e:32:9c:de:0b:4c:62:9d:e0:15:5f:04:15:7d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Synthesia LLC,O=Synthesia LLC,POSTALCODE=48189,STREET=10911 Charring Cross Cir,L=Whitmore Lake,ST=Michigan,C=US

26/09/2016, 02:22
Valid: true

Chain 1

CN=Synthesia LLC,O=Synthesia LLC,POSTALCODE=48189,STREET=10911 Charring Cross Cir,L=Whitmore Lake,ST=Michigan,C=US

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
CloseHandle
Process32FirstW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
GlobalAlloc
OpenProcess
WaitForSingleObject
CreateMutexW
TerminateProcess
SetLastError
DeleteCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleFileNameA
ExitThread
GetModuleHandleExW
ExitProcess
GetFileType
SetStdHandle
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetFilePointerEx
RemoveDirectoryW
GetFileTime
GetFileInformationByHandle
FindClose
GetCurrentDirectoryW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
InitializeSListHead
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
QueryPerformanceFrequency
GetExitCodeThread
GetCurrentThread
DuplicateHandle
GetStringTypeW
GetOverlappedResult
DeviceIoControl
CancelIo
GetTickCount
QueryPerformanceCounter
FindFirstFileW
SetFileAttributesW
FindNextFileW
CreateSemaphoreA
ReleaseSemaphore
SetEvent
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
Sleep
GetFileSize
ReadFile
GetVersion
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
GetUserDefaultUILanguage
GetLogicalDrives
GetCurrentThreadId
GetCurrentProcess
FlushFileBuffers
SetUnhandledExceptionFilter
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
RaiseException
GetFileAttributesW
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
GetTickCount64
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CreateEventW
ResetEvent
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile

user32

ShowWindow
SetWindowTextW
EndDialog
SendMessageW
MessageBoxW
GetWindowLongW
EnumWindows
SetCursor
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
UnregisterClassW
DestroyWindow
ReleaseDC
SetClassLongW
UpdateWindow
GetSystemMetrics
CreateWindowExW
RegisterClassW
LoadCursorW
ScreenToClient
IsZoomed
CloseClipboard
InvalidateRect
AdjustWindowRect
GetClipboardData
LoadIconW
SetWindowLongW
EmptyClipboard
SetClipboardData
GetWindowTextW
EnableWindow
SetForegroundWindow
DialogBoxParamW
IsClipboardFormatAvailable
GetDlgItem
OpenClipboard
GetClientRect
GetWindowThreadProcessId
ToUnicode
GetKeyboardState
MapVirtualKeyW
GetMonitorInfoW
MonitorFromRect
PostQuitMessage
DefWindowProcW
SetWindowPos
GetWindowRect
SendInput
SystemParametersInfoW
GetDC
GetKeyState
IsIconic

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW
ShellExecuteW

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

ws2_32

ntohl
ntohs

dbghelp

MiniDumpWriteDump

wininet

InternetGetConnectedState

winmm

midiInReset
midiOutShortMsg
midiOutUnprepareHeader
midiOutLongMsg
midiOutPrepareHeader
midiOutClose
midiInGetNumDevs
midiInGetDevCapsW
midiInOpen
midiInPrepareHeader
midiInAddBuffer
midiInStart
midiInStop
midiInUnprepareHeader
midiInClose
midiOutGetNumDevs
midiOutGetDevCapsW
midiOutOpen
midiOutReset

winhttp

WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpConnect

opengl32

wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext

gdiplus

GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipCreateMatrix
GdipDeleteMatrix
GdipScaleMatrix
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreatePen1
GdipDeletePen
GdipSetPenWidth
GdipSetPenLineCap197819
GdipSetPenLineJoin
GdipCloneStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipStringFormatGetGenericTypographic
GdipCreatePath
GdipDeletePath
GdipAddPathString
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipSetWorldTransform
GdipDrawPath
GdipGraphicsClear
GdipFillPath
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipDrawString
GdipMeasureString
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipIsStyleAvailable
GdipCreateFont
GdipDeleteFont
GdipGetFamily
GdipCloneImage
GdipImageRotateFlip
GdipCreateBitmapFromScan0

gdi32

SetPixelFormat
ChoosePixelFormat
GetStockObject
GetDeviceCaps
SwapBuffers

advapi32

RegGetValueW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExW
RegSetValueExW

ole32

CoInitializeEx
CoUninitialize

Exports

Exports

hid_close
hid_enumerate
hid_error
hid_exit
hid_free_enumeration
hid_get_feature_report
hid_get_indexed_string
hid_get_manufacturer_string
hid_get_product_string
hid_get_serial_number_string
hid_init
hid_open
hid_open_path
hid_read
hid_read_timeout
hid_send_feature_report
hid_set_nonblocking
hid_write

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1231

05082d741b5aefe28ce47b8765bedc19

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

fb:e2:08:75:34:61:da:c4:af:0b:9b:43:ae:e4:2e:ffCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

15:91:e6:b3:21:b0:3e:32:9c:de:0b:4c:62:9d:e0:15:5f:04:15:7dSigner

Signature Validations

Verification

26/09/2016, 02:22 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

setupapi

ws2_32

dbghelp

wininet

winmm

winhttp

opengl32

gdiplus

gdi32

advapi32

ole32

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 587KB - Virtual size: 587KB

.data Size: 109KB - Virtual size: 310KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 179KB - Virtual size: 179KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

fb:e2:08:75:34:61:da:c4:af:0b:9b:43:ae:e4:2e:ff
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

15:91:e6:b3:21:b0:3e:32:9c:de:0b:4c:62:9d:e0:15:5f:04:15:7d
Signer

26/09/2016, 02:22
Valid: true

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 587KB - Virtual size: 587KB

.data
Size: 109KB - Virtual size: 310KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 179KB - Virtual size: 179KB