35dec156c830659d6b88ccd70472d70b33367f380932a1c114affb6b512b86c9

Sharing

Copy URL Twitter E-mail

General

Target

35dec156c830659d6b88ccd70472d70b33367f380932a1c114affb6b512b86c9
Size

295KB
MD5

a22c56a6249e0c6bee668d4fdcefe020
SHA1

5e79d64decc466bae95336fa804663d08e7395f1
SHA256

35dec156c830659d6b88ccd70472d70b33367f380932a1c114affb6b512b86c9
SHA512

f9067f45794ebed91980c2c63344061cd2c5c45b8c522a0e0fc30e8a5fadaf20d4c747e2868c41b3a92e90c8913e57e9434672865e633ac1c950d1e3e571b9f4
SSDEEP

6144:xM7Php5YFF81or5m0JSFCfyM13PynhTUWOQKMd:xM7QF81o9nJtyW/8UtQKa

Score

N/A

Malware Config

Signatures

Files

35dec156c830659d6b88ccd70472d70b33367f380932a1c114affb6b512b86c9
.exe windows x86

4622cd2700ba45a146bce5be6425119e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:a9:d6:08:1f:85:88:69:26:ab:cd:54:ad:03:bd:69
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/11/2012, 00:00

Not After

15/11/2015, 23:59

Subject

CN=SWIFT Weather,O=SWIFT Weather,POSTALCODE=55419,STREET=5332 Girard Ave S,L=Minneapolis,ST=MN,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:39:c1:d6:18:82:d5:b8:e3:9b:5f:79:ca:17:3d:ab:af:1f:53:07
Signer

Actual PE Digest

9c:39:c1:d6:18:82:d5:b8:e3:9b:5f:79:ca:17:3d:ab:af:1f:53:07

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SWIFT Weather,O=SWIFT Weather,POSTALCODE=55419,STREET=5332 Girard Ave S,L=Minneapolis,ST=MN,C=US

14/04/2015, 08:16
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUpcaseUnicodeChar
NtDeleteFile
NtQueueApcThread
ZwQueueApcThread
RtlAdjustPrivilege
NtQuerySymbolicLinkObject
NtQuerySemaphore
ZwQueryInformationThread
NtResumeThread
RtlFreeUnicodeString
ZwWriteVirtualMemory
ZwQuerySystemInformation
ZwClose

kernel32

LoadLibraryW
LockFile
FindFirstFileExA
FindFirstChangeNotificationW
GetStartupInfoW
GetCurrentProcessId
HeapReAlloc
GlobalFindAtomW
ProcessIdToSessionId
SetDefaultCommConfigW
CreateWaitableTimerA
GlobalUnWire
Beep
DebugBreak
GetModuleFileNameW
CreateEventA
SetProcessAffinityMask
FatalAppExitA
WriteConsoleOutputCharacterA
GetVolumeInformationA
GetEnvironmentStrings
SetTapeParameters
FindFirstVolumeW
lstrcmpA
GetCommModemStatus
GetCalendarInfoA
EnumResourceLanguagesW
GetPrivateProfileSectionA
WritePrivateProfileSectionA
WaitForDebugEvent
FillConsoleOutputCharacterA
GetThreadSelectorEntry
GetStringTypeExA
CreateRemoteThread
WriteConsoleOutputAttribute
GetProcessHeap
GetPrivateProfileStructW
GetDiskFreeSpaceW
GetCurrencyFormatA
GetPrivateProfileStructW
GlobalAddAtomW

advapi32

LookupPrivilegeValueW
RegEnumKeyA
OpenEventLogA
AccessCheckByTypeAndAuditAlarmW
GetSecurityDescriptorGroup
ObjectOpenAuditAlarmA
ObjectDeleteAuditAlarmW
QueryServiceStatus
SetFileSecurityA
RegLoadKeyA
GetSecurityDescriptorControl
AreAnyAccessesGranted
CryptGetProvParam
CreateProcessAsUserA

gdi32

GetTextCharset

ole32

StgCreateDocfile
HACCEL_UserMarshal
StgCreatePropStg
CoCreateFreeThreadedMarshaler
CreateGenericComposite
GetRunningObjectTable
MonikerCommonPrefixWith
OleBuildVersion
CoCreateGuid
CoRegisterPSClsid
CoRegisterMallocSpy
CoSetCancelObject
HWND_UserSize
ReadClassStm
CoGetCancelObject
CreateBindCtx
HACCEL_UserSize
CoGetCallerTID
HBITMAP_UserSize
CoWaitForMultipleHandles
CLSIDFromProgID
CoRevertToSelf
OleCreateLinkEx
ReadFmtUserTypeStg
CoFreeUnusedLibrariesEx
WriteClassStm
HICON_UserUnmarshal
CoGetMarshalSizeMax
CLIPFORMAT_UserUnmarshal
HBITMAP_UserUnmarshal
CoQueryProxyBlanket

mpr

WNetCancelConnection2W
WNetGetResourceInformationA
WNetGetNetworkInformationW
WNetConnectionDialog
WNetUseConnectionA
WNetOpenEnumW
WNetDisconnectDialog
WNetCancelConnection2A
WNetAddConnection2W
WNetCancelConnectionW
WNetGetUserA
WNetGetResourceParentW
WNetGetUniversalNameA
WNetConnectionDialog1W
WNetGetUserW
WNetDisconnectDialog1A
WNetGetConnectionA
WNetAddConnectionW
MultinetGetConnectionPerformanceW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BitTestA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4622cd2700ba45a146bce5be6425119e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

92:a9:d6:08:1f:85:88:69:26:ab:cd:54:ad:03:bd:69Certificate

Extended Key Usages

Key Usages

9c:39:c1:d6:18:82:d5:b8:e3:9b:5f:79:ca:17:3d:ab:af:1f:53:07Signer

Signature Validations

Verification

14/04/2015, 08:16 Valid: false

Headers

File Characteristics

Imports

ntdll

kernel32

advapi32

gdi32

ole32

mpr

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 4KB - Virtual size: 1KB

Size: 112KB - Virtual size: 109KB

.CRT Size: 16KB - Virtual size: 14KB

BitTestA Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 916B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

92:a9:d6:08:1f:85:88:69:26:ab:cd:54:ad:03:bd:69
Certificate

9c:39:c1:d6:18:82:d5:b8:e3:9b:5f:79:ca:17:3d:ab:af:1f:53:07
Signer

14/04/2015, 08:16
Valid: false

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 4KB - Virtual size: 1KB

.CRT
Size: 16KB - Virtual size: 14KB

BitTestA
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 916B