eccfe97c0138eb39025e173982974501608af2df86d3e6b4a4fe49e9337a8afa

Sharing

Copy URL Twitter E-mail

General

Target

eccfe97c0138eb39025e173982974501608af2df86d3e6b4a4fe49e9337a8afa
Size

358KB
MD5

6ab57a2c4a9eb7e11a010aaedd6a021d
SHA1

29e759a22cb5fee26b0ef122ef1049f9b8edc95e
SHA256

eccfe97c0138eb39025e173982974501608af2df86d3e6b4a4fe49e9337a8afa
SHA512

c96a76d7bc4cc29b21c9b33eba17c6ce0cd6ffd068a50ec6dac174287348cb4cc700449e62a4542ed6273536aa9ee33097d3eb4e351e46957b8e8c760bbffc24
SSDEEP

6144:P0OppdDDPkmWNW5Rf0HuKPw5qVhYnIxy:P0ip5qOf01PdXx

Score

N/A

Malware Config

Signatures

Files

eccfe97c0138eb39025e173982974501608af2df86d3e6b4a4fe49e9337a8afa
.exe windows x86

ab53e098a972dc54dc0258da78e10fa3

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

fpcutl

ord1583
ord460
ord1369
ord1480
ord393
ord378
ord898
ord38
ord45
ord1420
ord1400
ord1014
ord799
ord261
ord1250
ord157
ord150
ord1554
ord1553
ord692
ord1638
ord1630
ord1058
ord188
ord225
ord98
ord1252
ord1054
ord1528
ord594
ord75
ord587
ord667
ord1376
ord629
ord609
ord921
ord485
ord1275
ord1017
ord380
ord1675
ord545
ord1378
ord1477
ord659
ord1294
ord242
ord143
ord31
ord1083
ord1113
ord1168
ord1242
ord287
ord1197
ord1141
ord1644
ord27
ord142
ord1623
ord141
ord26
ord488
ord766
ord633
ord634
ord474
ord1516
ord1601
ord472
ord535
ord541
ord864
ord515
ord530
ord995
ord511
ord540
ord305
ord523
ord298
ord227
ord232
ord226
ord280
ord107
ord316
ord1153
ord1428
ord1206
ord537
ord882
ord522
ord538
ord1024
ord1053
ord1585
ord1123
ord1648
ord136
ord20
ord788
ord1108
ord1102
ord1642
ord780
ord1235
ord1232
ord1239
ord1591
ord429
ord970
ord94
ord360
ord1090
ord1587
ord1592
ord1140
ord1643
ord657
ord1404
ord415
ord1055
ord990
ord704
ord25
ord24
ord781
ord1240
ord1589
ord1171
ord1094
ord286
ord1356
ord1498
ord706
ord440
ord907
ord1409
ord1406
ord904
ord1349
ord435
ord1499
ord81
ord178
ord408
ord230
ord879
ord1639
ord795
ord1530
ord438
ord399
ord1540
ord589
ord577
ord15
ord131
ord658
ord490
ord709
ord1408
ord717
ord852
ord1271
ord512
ord1118
ord1117
ord513
ord1267
ord1284
ord244
ord1265
ord61
ord1263
ord533
ord519
ord516
ord600
ord1229
ord1309
ord1519
ord1518
ord531
ord881
ord524
ord518
ord140
ord233
ord534
ord636
ord713
ord247
ord1354
ord635
ord411
ord420
ord12
ord129
ord1241
ord1172
ord514
ord449
ord447
ord1560
ord1565
ord1577
ord1624
ord1645
ord1142
ord1590
ord611
ord539
ord815
ord627
ord1464
ord913
ord1345
ord193
ord139
ord471
ord1095

msvcrt

_except_handler3
strncpy
_mbsrchr
strcmp
setlocale
atol
_unlink
_mbsicmp
_itow
_mbscmp
swscanf
_purecall
atoi
strncmp
fclose
fopen
fwrite
fgetc
ftell
fseek
??1type_info@@UAE@XZ
__dllonexit
_onexit
_wcsicmp
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_wtoi
iswspace
memcpy
wcslen
malloc
memset
free
memmove
_CxxThrowException
__CxxFrameHandler
_stricmp
_setmbcp

mfc42

ord5265
ord2124
ord1727
ord5261
ord1576
ord6696
ord5241
ord609
ord3613
ord3126
ord4234
ord1816
ord2764
ord6663
ord3092
ord4047
ord5289
ord2725
ord4202
ord2818
ord941
ord922
ord5683
ord6282
ord6283
ord1205
ord2621
ord4159
ord860
ord815
ord561
ord2614
ord4698
ord4274
ord1946
ord1133
ord4160
ord353
ord5442
ord1979
ord665
ord6883
ord541
ord801
ord924
ord537
ord2646
ord4083
ord6880
ord5791
ord539
ord2763
ord4129
ord858
ord4277
ord289
ord613
ord2882
ord5850
ord2414
ord3626
ord3692
ord2141
ord3475
ord1175
ord4299
ord2881
ord4431
ord2054
ord1690
ord5161
ord5162
ord5160
ord4976
ord6176
ord4622
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4673
ord2379
ord3910
ord2582
ord4905
ord5440
ord350
ord3676
ord3130
ord5651
ord1656
ord5575
ord2140
ord2393
ord434
ord540
ord535
ord4033
ord3719
ord5981
ord2294
ord5272
ord2737
ord3574
ord4396
ord2575
ord793
ord4284
ord3079
ord3825
ord2301
ord3567
ord2652
ord1669
ord567
ord3721
ord4424
ord3402
ord4837
ord5290
ord1776
ord6055
ord6199
ord800
ord6215
ord795
ord602
ord2642
ord2864
ord2107
ord6383
ord2982
ord6394
ord5450
ord2841
ord3663
ord1168
ord1146
ord6334
ord4425
ord4627
ord4080
ord6376
ord2055
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord4353
ord5277
ord2446
ord5065
ord3749
ord4407
ord5163
ord2648
ord4441
ord4835
ord3798
ord4078
ord6374
ord4358
ord4948
ord1775
ord6052
ord2514
ord4998
ord2385

kernel32

GetTempFileNameA
WideCharToMultiByte
GetVersionExA
LoadLibraryW
GetStartupInfoA
RaiseException
InterlockedExchange
CreateFileMappingA
InterlockedIncrement
DeleteFileA
CloseHandle
GetUserDefaultLangID
GetSystemTime
GlobalFree
FormatMessageA
ExitProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
GetShortPathNameA
GetLastError
MultiByteToWideChar
lstrlenA
LocalFree
LocalAlloc
FindResourceA
LoadResource
LockResource
InterlockedDecrement

user32

PeekMessageA
WaitMessage
GetMessageA
TranslateMessage
DispatchMessageA
LoadAcceleratorsA
GetFocus
GetNextDlgTabItem
GetActiveWindow
TranslateAcceleratorA
GetClassNameA
GetWindowLongA
GetKeyState
GetWindowRect
BringWindowToTop
OffsetRect
MessageBoxA
FindWindowA
IsWindow
InvalidateRect
UpdateWindow
PostMessageA
SendMessageA
EnableWindow
GetParent

gdi32

GetDeviceCaps
RealizePalette

advapi32

RegQueryValueExW
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExA

comctl32

ord17

ole32

CoCreateInstance
OleRun

oleaut32

VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
GetErrorInfo

Exports

Exports

??4COWSAllocator@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab53e098a972dc54dc0258da78e10fa3

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

fpcutl

msvcrt

mfc42

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 226KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 106KB - Virtual size: 106KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 228KB - Virtual size: 226KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 106KB - Virtual size: 106KB