9009030cdd34b0d4d4fb060558bb04e7c82f08453e534510a404bc91398a71eb[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9009030cdd34b0d4d4fb060558bb04e7c82f08453e534510a404bc91398a71eb.exe
Size

1.2MB
MD5

9ed5e0204c7fe5df5d117d266b865601
SHA1

d86d86d4f1ef4ddd95c3a344cf5b45875222ef35
SHA256

9009030cdd34b0d4d4fb060558bb04e7c82f08453e534510a404bc91398a71eb
SHA512

d01b3f3ed3ad572a4a64264b104f36245afffaad5e7c4e5f4e88b953da6e37710f902b63dc75a7224b3fc8a7318c9afc0ee6b0f61afcbf1ca423315b4b19952d
SSDEEP

24576:jKKoViDEZtBNIHi7DVRVrUwFXVfKTY4RdOqFta7FIur9PyN35pj:XWiYbBNIHuftdFXVCTplXaOur9KNn

Score

N/A

Malware Config

Signatures

Files

9009030cdd34b0d4d4fb060558bb04e7c82f08453e534510a404bc91398a71eb.exe
.exe windows x86

4f9fa50658f3df03f6b434aa442dd05e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:50:4c:ea:68:1a:dd:fc:67:1e:0b:0e:a0:51:3e:68:69:30:66:f6
Signer

Actual PE Digest

8a:50:4c:ea:68:1a:dd:fc:67:1e:0b:0e:a0:51:3e:68:69:30:66:f6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

09/10/2015, 09:09
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetWindow

gdi32

SetBkMode

winhttp

WinHttpOpen

advapi32

FreeSid

shell32

ord165

ole32

CoInitialize

oleaut32

VariantTimeToSystemTime

shlwapi

StrStrIA

ws2_32

WSASetLastError

userenv

GetUserProfileDirectoryA

netapi32

NetUserEnum

sfc

SfcIsFileProtected

wintrust

WinVerifyTrust

crypt32

CryptMsgClose

dnsapi

DnsFree

wininet

InternetGetConnectedStateExW

rpcrt4

UuidCreate

Exports

Exports

DeleteQuarantineItemByGuid
DeleteQuarantineRegGUIDFile
GetQuarantineListSize
RaptorAddExclusion
RaptorAddProcessByPID
RaptorDeleteDetectionItem
RaptorFlagMalicious
RaptorGetArtifact
RaptorGetDetectionItem
RaptorGetQuarItem
RaptorGetRemediatedItem
RaptorInitialize
RaptorPerformRemediation
RaptorRegister
RaptorRemediateProcessByPID
RaptorRemoveExclusion
RaptorRemoveProcessByPID
RaptorSetup
RaptorStart
RaptorStop
RaptorUninitialize
RaptorUninitializeInternal
RaptorUninstall
RaptorUnregister
RestoreQuarantineItemByGuid
RestoreRegistryItems

Sections

.MPRESS1
Size: 1.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f9fa50658f3df03f6b434aa442dd05e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8a:50:4c:ea:68:1a:dd:fc:67:1e:0b:0e:a0:51:3e:68:69:30:66:f6Signer

Signature Validations

Verification

09/10/2015, 09:09 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winhttp

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

userenv

netapi32

sfc

wintrust

crypt32

dnsapi

wininet

rpcrt4

Exports

Exports

Sections

.MPRESS1 Size: 1.1MB - Virtual size: 4.1MB

.MPRESS2 Size: 5KB - Virtual size: 4KB

.rsrc Size: 88KB - Virtual size: 88KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8a:50:4c:ea:68:1a:dd:fc:67:1e:0b:0e:a0:51:3e:68:69:30:66:f6
Signer

09/10/2015, 09:09
Valid: false

.MPRESS1
Size: 1.1MB - Virtual size: 4.1MB

.MPRESS2
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 88KB - Virtual size: 88KB