Trojan-Ransom[.]Win32[.]Blocker[.]fval-54ce7a04b71a1bbdfcfd0bf46bd1f138dee5d4554e21192d1f98d0e02694f351

Sharing

Copy URL

Twitter E-mail

General

Target

Trojan-Ransom.Win32.Blocker.fval-54ce7a04b71a1bbdfcfd0bf46bd1f138dee5d4554e21192d1f98d0e02694f351
Size

159KB
MD5

dc5c71aef24a5899f63c3f9c15993697
SHA1

2905771c826c7d9f183c73d6e97c990c022f1ef8
SHA256

54ce7a04b71a1bbdfcfd0bf46bd1f138dee5d4554e21192d1f98d0e02694f351
SHA512

f2ed34207c9f8381fcd0069c268dc3bdd4a1f7d57ea339362f23522c1157d6a9ec8c2489c5a2cca90b4213a3ed91182f94cfd45c04750d74851fdca7b1ac9f02
SSDEEP

3072:QXKzYpRZUWtMLQ3qn8JZFHWFxxxIwL0OgYe3Wwiku:QXk2RPWQ3q8/OxjL0o3Hku

Score

N/A

Malware Config

Signatures

Files

Trojan-Ransom.Win32.Blocker.fval-54ce7a04b71a1bbdfcfd0bf46bd1f138dee5d4554e21192d1f98d0e02694f351
.exe windows x86

67c8a2055cf61cffb70abedbf22cff5c

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:19:6e:3b:eb:a1:18:45:e2:aa:e6:ba:7f:92:78:76
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/09/2014, 00:00

Not After

24/09/2015, 23:59

Subject

CN=Trend,O=Trend,POSTALCODE=123104,STREET=Palashevsky\, 13\, 2,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/05/2014, 00:00

Not After

03/06/2015, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:70:03:f3:2c:5d:2d:dc:ae:bc:28:57:c7:57:bd:46:d8:72:48:5e
Signer

Actual PE Digest

fa:70:03:f3:2c:5d:2d:dc:ae:bc:28:57:c7:57:bd:46:d8:72:48:5e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Trend,O=Trend,POSTALCODE=123104,STREET=Palashevsky\, 13\, 2,L=Moscow,ST=Moscow,C=RU

29/09/2014, 12:43
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateRectRgn
ChoosePixelFormat
GetCharacterPlacementA
CreateDIBSection
ExtCreatePen
GetTextCharacterExtra
GetOutlineTextMetricsW
GetNearestColor
CreatePalette
CreateRectRgnIndirect
GetSystemPaletteUse
CreateICA
EndPage
GetTextAlign
GetBkMode
DrawEscape
GetGlyphOutlineA
CreatePatternBrush
CreateHatchBrush
FlattenPath
GdiFlush
CreateBitmapIndirect
GetRasterizerCaps
CreateRoundRectRgn
GetKerningPairsA
CreateMetaFileW
CreateColorSpaceW
BitBlt
EqualRgn
GetBkColor
CreateEnhMetaFileA
ExtSelectClipRgn
CreatePolyPolygonRgn
GetCurrentObject
CheckColorsInGamut
CreateFontA
CreateICW
GetColorAdjustment
CloseMetaFile
GetStockObject
GetCharABCWidthsFloatW
GdiSetBatchLimit
GetBoundsRect
GetDCOrgEx
ExtCreateRegion
Chord
CreateColorSpaceA
GetObjectA
GetROP2
FillPath
CreateBitmap
GdiComment
CancelDC
FloodFill
GetCharWidthA
GetCharWidth32W
GetDIBColorTable
GetRegionData
GetCharacterPlacementW
GetCharABCWidthsFloatA
GetColorSpace
CreateEllipticRgn
GetICMProfileA
CopyMetaFileA
GetDeviceCaps
GetTextExtentPoint32W
CreateDIBPatternBrushPt
GetEnhMetaFilePaletteEntries
EnumICMProfilesA
GetTextCharsetInfo
CreatePen
AddFontResourceA
GetEnhMetaFileW
CreateDCW
GetClipBox
EnumICMProfilesW
GetAspectRatioFilterEx

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_except_handler3
__set_app_type
_initterm
_onexit
_controlfp
__dllonexit

kernel32

GetModuleHandleA
GetStartupInfoA

advapi32

ReadEventLogW
RegCreateKeyExA
QueryServiceConfig2W
RegReplaceKeyA
ReadEventLogA
RegisterEventSourceW
SetSecurityDescriptorSacl
QueryServiceConfigA
RegQueryInfoKeyA
ObjectDeleteAuditAlarmA
RegSetValueExW
RegQueryMultipleValuesW
OpenBackupEventLogW
RegSetValueExA
RegEnumValueA
RegSetKeySecurity
RegQueryValueExA
StartServiceW
RegNotifyChangeKeyValue
SetFileSecurityA
RegisterServiceCtrlHandlerA
RegCreateKeyW
PrivilegedServiceAuditAlarmW
RegLoadKeyW
QueryServiceObjectSecurity
RegEnumValueW
SetNamedSecurityInfoA
RegSetValueW
RegOpenKeyW
SetSecurityInfo
NotifyBootConfigStatus
ObjectCloseAuditAlarmW
RegEnumKeyExA
LsaSetTrustedDomainInformation
RegReplaceKeyW
RegDeleteValueA
StartServiceCtrlDispatcherW
SetServiceObjectSecurity
SetSecurityDescriptorDacl
LsaRetrievePrivateData
RegDeleteValueW
ObjectDeleteAuditAlarmW
SetEntriesInAclA
SetThreadToken
OpenBackupEventLogA
QueryServiceLockStatusW
RegConnectRegistryA

setupapi

SetupDiGetDeviceInfoListClass

comdlg32

ReplaceTextW
FindTextW
ReplaceTextA
ChooseFontA
CommDlgExtendedError
PrintDlgA
GetFileTitleA
ChooseColorA

pdh

PdhCollectQueryData

clusapi

ClusterRegGetKeySecurity
DeleteClusterGroup
ClusterResourceTypeControl
ClusterRegDeleteKey
AddClusterResourceNode
PauseClusterNode
ClusterResourceOpenEnum
GetClusterResourceState
SetClusterGroupName
ClusterNetInterfaceControl
GetClusterResourceKey
OfflineClusterGroup
SetClusterResourceName
GetClusterNodeKey
GetClusterGroupState
ClusterGroupOpenEnum
CloseClusterNode
GetClusterNetworkId
CloseClusterNetInterface
ClusterNetworkCloseEnum
ClusterNetworkEnum
ClusterNodeOpenEnum
CreateClusterNotifyPort
ClusterRegDeleteValue
DeleteClusterResource
CloseCluster
SetClusterNetworkName
ClusterNodeControl
ClusterNetworkOpenEnum
CloseClusterGroup
GetClusterKey
SetClusterGroupNodeList
GetClusterNetInterface
OpenClusterNetInterface
OnlineClusterGroup
SetClusterNetworkPriorityOrder
ClusterRegSetValue
CloseClusterNotifyPort
ClusterEnum
OnlineClusterResource
ClusterGroupCloseEnum

comctl32

FlatSB_GetScrollProp
ord15
ImageList_GetIcon
InitCommonControlsEx
ImageList_SetIconSize
ImageList_DragLeave
ImageList_LoadImageA
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_Replace
ImageList_DrawEx
ImageList_SetImageCount
ImageList_Merge
ImageList_Draw
ImageList_BeginDrag
CreateStatusWindowW
ImageList_GetBkColor
ord16
ImageList_GetImageCount
ord6
ord2
FlatSB_EnableScrollBar
ImageList_Destroy
CreatePropertySheetPageA
ImageList_GetIconSize
ImageList_LoadImageW
ImageList_DragMove
ImageList_Duplicate
_TrackMouseEvent
FlatSB_SetScrollProp
ImageList_SetDragCursorImage
ImageList_GetDragImage
ImageList_EndDrag

user32

GetClientRect

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67c8a2055cf61cffb70abedbf22cff5c

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

c0:19:6e:3b:eb:a1:18:45:e2:aa:e6:ba:7f:92:78:76Certificate

Extended Key Usages

Key Usages

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

fa:70:03:f3:2c:5d:2d:dc:ae:bc:28:57:c7:57:bd:46:d8:72:48:5eSigner

Signature Validations

Verification

29/09/2014, 12:43 Valid: false

Headers

File Characteristics

Imports

gdi32

msvcrt

kernel32

advapi32

setupapi

comdlg32

pdh

clusapi

comctl32

user32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 520KB

.rsrc Size: 4KB - Virtual size: 984B

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

c0:19:6e:3b:eb:a1:18:45:e2:aa:e6:ba:7f:92:78:76
Certificate

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

fa:70:03:f3:2c:5d:2d:dc:ae:bc:28:57:c7:57:bd:46:d8:72:48:5e
Signer

29/09/2014, 12:43
Valid: false

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 520KB

.rsrc
Size: 4KB - Virtual size: 984B