3f6f2e9d3309fa78345cc2123ca40a51e7d63340078b8d8fa2de1c8524cc348a

Sharing

Copy URL

Twitter E-mail

General

Target

3f6f2e9d3309fa78345cc2123ca40a51e7d63340078b8d8fa2de1c8524cc348a
Size

229KB
MD5

a2faa054d0c202f1fb0f290a19f47300
SHA1

0fedb373f159af8daf8253a9cf60b8e009681905
SHA256

3f6f2e9d3309fa78345cc2123ca40a51e7d63340078b8d8fa2de1c8524cc348a
SHA512

d46e2beab58a1952b549405f13db6751539774102f262ae6490108d15b7a64234d90140afc5b03924bdbc9acc6086cd344bf387e58517b0aa0df0a5b9a0f489b
SSDEEP

3072:yBJTfWoYZnNMN0Jkax+cMDDTwdwJ0xz0Sid48KTpgq3O0ql7FTbH9NuH:cUtI0Cax+ckDvSV3dj3OJhFTbS

Score

N/A

Malware Config

Signatures

Files

3f6f2e9d3309fa78345cc2123ca40a51e7d63340078b8d8fa2de1c8524cc348a
.exe windows x86

faaca11a884f0f4f4ba770227a44af1e

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:95:c5:21:e7:70:1a:ba:df:4e:ff:1c:f4:d4:9c:a0:ba:de:a6:0e
Signer

Actual PE Digest

3c:95:c5:21:e7:70:1a:ba:df:4e:ff:1c:f4:d4:9c:a0:ba:de:a6:0e

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

14/10/2014, 16:29
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetCurrentThreadId
FreeLibrary
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
lstrlenW
FindResourceW
MultiByteToWideChar
lstrlenA
GetUserDefaultLCID
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetLongPathNameW
ReadFile
WriteFile
CloseHandle
CreateThread
CreateProcessW
WideCharToMultiByte
GetCurrentProcessId
ProcessIdToSessionId
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
GetFileSize
LocalFree
LocalAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
InterlockedExchange
WerRegisterMemoryBlock
VirtualProtect
GetTickCount
GetSystemTimeAsFileTime
HeapSetInformation
QueryPerformanceCounter
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
FormatMessageA
GetModuleHandleExW
FlsGetValue
LoadLibraryA
DecodePointer
EncodePointer

msocf

?TerminateTheApp@Frame@MsoCF@@YGXXZ
?TheApp@Frame@MsoCF@@YGPAUAFrameApp@2@XZ
?CreateTheApp@Frame@MsoCF@@YGXAAUCreateTheAppArgs@12@@Z
?Start@Frame@MsoCF@@YGXXZ
?Finish@Utilities@MsoCF@@YGXXZ
?Start@Utilities@MsoCF@@YGXHPAU_msotcfcf@@@Z
?Finish@Frame@MsoCF@@YGXXZ

msvcr100

__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_configthreadlocale
_onexit
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_lock
_cexit
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcsncpy_s
__CxxFrameHandler3
??2@YAPAXI@Z
wcscat_s
__getmainargs
_amsg_exit
vswprintf_s
strncpy_s
swprintf_s
_vsnprintf_s
wcsrchr
_wcsdup
_vsnwprintf_s
_snwprintf_s
wcschr
_CxxThrowException
wcsstr
memcpy_s
??_U@YAPAXI@Z
_recalloc
malloc
free
memset
wcsncat_s

oleaut32

VariantChangeType
VariantClear
SysAllocStringLen
VariantInit
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayDestroyData
SysAllocString
VarUI4FromStr
SysFreeString

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

faaca11a884f0f4f4ba770227a44af1e

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59Certificate

Extended Key Usages

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

3c:95:c5:21:e7:70:1a:ba:df:4e:ff:1c:f4:d4:9c:a0:ba:de:a6:0eSigner

Signature Validations

Verification

14/10/2014, 16:29 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msocf

msvcr100

oleaut32

Sections

.text Size: 111KB - Virtual size: 111KB

.data Size: 6KB - Virtual size: 28KB

.rsrc Size: 90KB - Virtual size: 89KB

.reloc Size: 21KB - Virtual size: 21KB

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

3c:95:c5:21:e7:70:1a:ba:df:4e:ff:1c:f4:d4:9c:a0:ba:de:a6:0e
Signer

14/10/2014, 16:29
Valid: false

.text
Size: 111KB - Virtual size: 111KB

.data
Size: 6KB - Virtual size: 28KB

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 21KB - Virtual size: 21KB