f4a6a1232f2acc5a1f7232b29aa897bb941720aacfd8da60ee67ef2a24ca9605

Sharing

Copy URL

Twitter E-mail

General

Target

f4a6a1232f2acc5a1f7232b29aa897bb941720aacfd8da60ee67ef2a24ca9605
Size

105KB
MD5

f26978533b3a2d71639b882c01ed1cf3
SHA1

9938ad84fa971401818d986f622c2be488de9bde
SHA256

f4a6a1232f2acc5a1f7232b29aa897bb941720aacfd8da60ee67ef2a24ca9605
SHA512

3f3e2c28aca7fac14ddffb271a3d366054fe45ae21acb3b7fda0c32d8110da66aa1dd164a23a6b93d8696b058c82c6a98760b878eaee2ba4987ab70a44a10b00
SSDEEP

1536:VV6aBmPXP2OnU8gnWlYo5MrExGikLbC3V0EClosXZeaG6lvflUq5cXiBZj+cAoPt:VUimP88gWpz2LalYlbJZjB0evxwCr

Score

N/A

Malware Config

Signatures

Files

f4a6a1232f2acc5a1f7232b29aa897bb941720aacfd8da60ee67ef2a24ca9605
.zip
Forderung vom 29.07.2015 - Stellvertretender Sachbearbeiter.com
.exe windows x86

ee5908cd39e0a90e2f0c94d05eb0553d

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-07-2013 00:00

Not After

14-09-2016 12:00

Subject

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:1a:fc:76:8d:7e:be:4b:39:1d:a2:7f:94:39:4e:83:46:e1:ec:e8
Signer

Actual PE Digest

33:1a:fc:76:8d:7e:be:4b:39:1d:a2:7f:94:39:4e:83:46:e1:ec:e8

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AVAST Software a.s.,O=AVAST Software a.s.,L=Praha 4,C=CZ

09-07-2015 11:12
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
RegDeleteValueW
RegSaveKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
CryptAcquireContextW
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
CryptReleaseContext
RegCloseKey
RegQueryValueExW
EqualSid
RegQueryInfoKeyW
CloseServiceHandle
StartServiceW
GetUserNameW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
FreeSid
RegOpenKeyExA

gdi32

SelectObject
CreateFontIndirectW
GetObjectW
GetCurrentObject
DeleteObject

kernel32

HeapAlloc
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
DeleteFileW
GetVersion
HeapFree
GetLastError
GetProcAddress
LoadLibraryW
TlsGetValue
TlsSetValue
IsBadCodePtr
GetModuleHandleW
IsBadWritePtr
WideCharToMultiByte
GetACP
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ResetEvent
LocalAlloc
LocalFree
CloseHandle
ReleaseMutex
GetCurrentThreadId
MultiByteToWideChar
IsBadStringPtrA
IsBadStringPtrW
DeleteCriticalSection
TlsFree
FreeLibrary
SetEvent
InitializeCriticalSection
CreateMutexW
TlsAlloc
GetProcessHeap
GetTickCount
Sleep
GetComputerNameW
GetCurrentProcessId
IsBadReadPtr
lstrlenW
lstrlenA
FreeLibraryAndExitThread
CreateThread
CreateEventW
lstrcmpiW
GetModuleFileNameW
OutputDebugStringA
lstrcatA
GetLocalTime
SetLastError
GlobalFree
GlobalUnlock
GlobalHandle
lstrcpyW
GlobalLock
GlobalAlloc
lstrcpynW
GetCurrentProcess
GetCurrentThread
GlobalReAlloc
FindNextFileW
FindFirstFileW
lstrcatW
GetSystemDirectoryW
FormatMessageW
MulDiv
GetProfileIntW
GlobalSize
lstrcpyA
lstrcmpW
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetWindowsDirectoryW
GetCommandLineA

msvcrt

wcslen
_wcsicmp
free
wcscpy
iswctype
?terminate@@YAXXZ
_initterm
_wtol
wcscspn
wcscat
iswdigit
wcscmp
__CxxFrameHandler
wcschr
_wtoi
malloc
_vsnprintf
wcsrchr

rpcrt4

RpcStringFreeW
NdrClientCall2
I_RpcExceptionFilter
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoW

rtutils

TraceDeregisterW
TraceRegisterExW
TraceVprintfExA

shlwapi

StrChrW
StrToIntW
StrCmpIW
StrCmpW
StrCpyNW
StrCmpNW

user32

PostMessageW
DestroyWindow
DefWindowProcW
RegisterClassW
LoadStringW
GetUserObjectInformationW
GetThreadDesktop
GetSystemMetrics
IsWindow
wsprintfA
wsprintfW
SendMessageW
EnableWindow
SendDlgItemMessageW
EndDialog
GetClientRect
CheckRadioButton
SetWindowTextW
SetFocus
GetFocus
GetWindowTextW
SetWindowLongW
GetWindowLongW
DialogBoxParamW
GetParent
MessageBeep
SetForegroundWindow
EnumWindows
MessageBoxW
IsWindowEnabled
ShowWindow
GetKeyState
SetWindowPos
CreateWindowExW
KillTimer
SetTimer
GetWindowRect
CloseClipboard
SetClipboardData
GetClipboardData
OpenClipboard
EnumChildWindows
SetDlgItemInt
GetDlgItemInt
WinHelpW
GetActiveWindow
LoadIconA

winmm

waveInMessage
waveOutMessage
midiInMessage
midiOutMessage

wininet

InternetOpenA
SetUrlCacheEntryInfoA
FtpSetCurrentDirectoryW
HttpEndRequestA
UnlockUrlCacheEntryFileA
GopherGetAttributeW
InternetGetPerSiteCookieDecisionW
InternetGetCookieExW
PrivacySetZonePreferenceW
FtpPutFileA
InternetGetLastResponseInfoA
HttpAddRequestHeadersW
InternetConfirmZoneCrossingW
HttpQueryInfoW
IsUrlCacheEntryExpiredA
DeleteUrlCacheEntryA
InternetSetDialStateA
InternetSetOptionA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee5908cd39e0a90e2f0c94d05eb0553d

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

33:1a:fc:76:8d:7e:be:4b:39:1d:a2:7f:94:39:4e:83:46:e1:ec:e8Signer

Signature Validations

Verification

09-07-2015 11:12 Valid: false

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

rpcrt4

rtutils

shlwapi

user32

winmm

wininet

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 24KB - Virtual size: 236KB

DATA Size: 69KB - Virtual size: 68KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0e:f5:ec:a7:bd:31:cf:c3:a7:f8:e6:25:9b:42:33:59
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:1a:fc:76:8d:7e:be:4b:39:1d:a2:7f:94:39:4e:83:46:e1:ec:e8
Signer

09-07-2015 11:12
Valid: false

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 24KB - Virtual size: 236KB

DATA
Size: 69KB - Virtual size: 68KB