258fa2b311a7b3539ce3654cac8d19f766fdecabacd81e69e6d542ea3d4821c3

Sharing

Copy URL Twitter E-mail

General

Target

258fa2b311a7b3539ce3654cac8d19f766fdecabacd81e69e6d542ea3d4821c3
Size

245KB
MD5

721cf88ef45820fb57d37e4250175fe1
SHA1

c8df65476b3f380d47956c63666e2d4ca0f445e7
SHA256

258fa2b311a7b3539ce3654cac8d19f766fdecabacd81e69e6d542ea3d4821c3
SHA512

e49f939b8d436003a4cca126b91b1511497f14402a44d582531033f1384d36d6867183d97a4ffd17cf207520ae069d00d5d000e63514296a44bd988f789b4565
SSDEEP

6144:js1iqKHzI7oklx7b4dxaAuh5m5jEmawQstBu:6idHio0GrP7aUBu

Score

N/A

Malware Config

Signatures

Files

258fa2b311a7b3539ce3654cac8d19f766fdecabacd81e69e6d542ea3d4821c3
.exe windows x86

3a2fec21d0c0eeff2617bd661c73eb21

Code Sign

22:0c:60:f8:36:dd:34:b5:42:ed:f9:c0:19:9e:79:f1
Certificate

Issuer

CN=jtzzlutqyae

Not Before

07/07/2012, 16:08

Not After

31/12/2039, 23:59

Subject

CN=Femasd

71:fb:56:ff:57:f6:6d:17:de:c3:1f:dc:c0:34:4e:8f:f0:36:ad:59
Signer

Actual PE Digest

71:fb:56:ff:57:f6:6d:17:de:c3:1f:dc:c0:34:4e:8f:f0:36:ad:59

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExA
RegisterEventSourceA
RegLoadKeyA
RegCreateKeyA
ClearEventLogW
RegDeleteKeyA
RegNotifyChangeKeyValue
RegQueryMultipleValuesA
RegDeleteValueA

kernel32

VerLanguageNameA
HeapCompact
OpenMutexA
GlobalFlags
CreateEventA
MultiByteToWideChar
LocalLock
GetACP
HeapUnlock
HeapWalk
HeapAlloc
GlobalAlloc
GetCPInfo
GlobalSize
GetPrivateProfileStringA
GetProfileSectionA
WriteProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetProcAddress
VirtualAlloc
GetModuleHandleA
GetStartupInfoA

winmm

PlaySoundA
waveInMessage

version

VerInstallFileA
GetFileVersionInfoA
VerFindFileA
VerQueryValueA
GetFileVersionInfoSizeA

secur32

DeleteSecurityContext
CompleteAuthToken
FreeCredentialsHandle
ApplyControlToken
AcceptSecurityContext
EncryptMessage
ExportSecurityContext
MakeSignature
VerifySignature
DecryptMessage

msvcrt

_exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a2fec21d0c0eeff2617bd661c73eb21

Code Sign

22:0c:60:f8:36:dd:34:b5:42:ed:f9:c0:19:9e:79:f1Certificate

71:fb:56:ff:57:f6:6d:17:de:c3:1f:dc:c0:34:4e:8f:f0:36:ad:59Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Imports

advapi32

kernel32

winmm

version

secur32

msvcrt

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 210KB - Virtual size: 209KB

.data Size: 512B - Virtual size: 330KB

.rsrc Size: 20KB - Virtual size: 19KB

22:0c:60:f8:36:dd:34:b5:42:ed:f9:c0:19:9e:79:f1
Certificate

71:fb:56:ff:57:f6:6d:17:de:c3:1f:dc:c0:34:4e:8f:f0:36:ad:59
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 210KB - Virtual size: 209KB

.data
Size: 512B - Virtual size: 330KB

.rsrc
Size: 20KB - Virtual size: 19KB