1c39575f7a14cb8c29d78d3bd9eb66fbec5ca09337b660d5cda8fe6f20a622c2

Sharing

Copy URL Twitter E-mail

General

Target

1c39575f7a14cb8c29d78d3bd9eb66fbec5ca09337b660d5cda8fe6f20a622c2
Size

112KB
MD5

01f8cbf9a5da16b8c7488e3eae80ddb8
SHA1

c069a7ef06982df6e6f492934a9c225e8c7b8c57
SHA256

1c39575f7a14cb8c29d78d3bd9eb66fbec5ca09337b660d5cda8fe6f20a622c2
SHA512

25ecba0bba4879fc355781e623a873db4cd0b1d490ab35439a959be4752e37bd76fa8c80d8b32a15774155368e130e828a9e34131e3785682976264643157fbb
SSDEEP

1536:oavLxENQlCH12kNKcMBCuUNzpVTD/iR11kaKreS8xh6hcNWWnnyQ3ZAaw6bKdgkX:HxlCNo+zpBur1kaKrh8uiWKnb1wBdgkX

Score

N/A

Malware Config

Signatures

Files

1c39575f7a14cb8c29d78d3bd9eb66fbec5ca09337b660d5cda8fe6f20a622c2
.zip
Martina Madner Rechnung 15.07.2015 - Abrechnung Ebay AG.com
.exe windows x86

5f2f3f61f04fc09f936d92ebd9415b13

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:5f:21:a7:1b:97:b7:14:13:d7:ab:e1:70:13:5e:2b:7e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/10/2013, 10:17

Not After

28/11/2015, 09:07

Subject

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ac:49:f2:fa:da:91:9d:91:a5:d9:3f:ee:10:e0:37:7f:41:93:73:a2
Signer

Actual PE Digest

ac:49:f2:fa:da:91:9d:91:a5:d9:3f:ee:10:e0:37:7f:41:93:73:a2

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

23/06/2015, 12:30
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
OpenProcessToken
GetUserNameW
StartServiceW
UnlockServiceDatabase
LockServiceDatabase
ControlService
EnumDependentServicesW
GetTokenInformation
QueryServiceConfigW
ChangeServiceConfigW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
OpenThreadToken
RegEnumKeyExW
AdjustTokenPrivileges
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

credui

CredUIPromptForCredentialsW

gdi32

GetTextExtentPoint32W
SelectObject
DeleteObject
CreateFontIndirectW
GetObjectW
GetDeviceCaps
GetStockObject

iphlpapi

GetAdaptersInfo
FlushIpNetTable
GetAdaptersAddresses
NotifyAddrChange

kernel32

GetFileAttributesW
GetVersionExW
GetWindowsDirectoryW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetSystemDirectoryW
SetComputerNameExW
GetSystemDefaultUILanguage
GetExitCodeThread
GetComputerNameExW
IsBadReadPtr
GetComputerNameW
VirtualFree
VirtualAlloc
DeviceIoControl
LocalAlloc
InterlockedExchange
SetThreadPriority
FreeLibraryAndExitThread
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
QueueUserWorkItem
SetEvent
CancelIo
ResetEvent
WaitForMultipleObjects
GetTimeFormatW
GetNumberFormatW
GetOverlappedResult
GetDateFormatW
FileTimeToSystemTime
CreateEventW
GetPrivateProfileIntW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
lstrlenA
FreeLibrary
CloseHandle
WriteFile
lstrlenW
CreateFileW
lstrcatW
GetTempPathW
Sleep
lstrcpyW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
FlushInstructionCache
GetCurrentProcess
lstrcmpiW
WideCharToMultiByte
DebugBreak
GetCurrentThreadId
WaitForSingleObject
HeapDestroy
GetModuleFileNameW
lstrcpynW
GetCurrentThread
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileSize
GetModuleHandleW
CreateThread
LoadLibraryW
DelayLoadFailureHook
GetProcAddress
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
FormatMessageW
LockResource
CreateMutexW
ExpandEnvironmentStringsW
DeleteFileW
VerifyVersionInfoW
SetLastError
LocalFree
lstrcmpA
GlobalFree
GetStringTypeExW
GetThreadLocale
lstrcmpW
OutputDebugStringW
GetUserDefaultLCID
GetUserDefaultUILanguage
ReleaseMutex
IsBadWritePtr
IsBadStringPtrW
GetSystemWindowsDirectoryW
FileTimeToLocalFileTime

msvcrt

_i64tow
_ui64tow
_ultow
_wtol
_itoa
wcscat
swprintf
wcscmp
wcscpy
_wcsicmp
wcstoul
time
_itow
__CxxFrameHandler
strncmp
towupper
_CxxThrowException
_snprintf
wcscspn
_onexit
__dllonexit
?terminate@@YAXXZ
malloc
_initterm
free
vswprintf
strtok
atoi
mbstowcs
_vsnwprintf
wcslen
memmove
wcsncpy
wcsncat
_wtoi
isxdigit
wcsstr
wcschr
_snwprintf
wcsncmp
wcstombs
iswspace
fgetws
swscanf
fclose
_wfopen
fwprintf

ntdll

VerSetConditionMask
RtlGetNtProductType
RtlInitUnicodeString
NtSetEvent
NtOpenEvent
NtCreateEvent
RtlVerifyVersionInfo
NtDeviceIoControlFile
NtOpenFile
RtlNtStatusToDosError
NtClose
NtCreateFile

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoCreateGuid
CLSIDFromString
IIDFromString
CoInitialize
CoCreateInstance
StringFromCLSID
StringFromGUID2
CoSetProxyBlanket

rpcrt4

CStdStubBuffer_DebugServerRelease
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerQueryInterface

rtutils

TraceRegisterExA
TracePrintfA
TraceVprintfExA

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHChangeNotify
SHGetInstanceExplorer
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
Shell_NotifyIconW
SHGetDesktopFolder
SHGetPathFromIDListW

shlwapi

PathFileExistsW
StrRetToBufW
AssocCreate
PathQuoteSpacesW
PathUnquoteSpacesW
PathGetArgsW
PathRemoveArgsW
PathCanonicalizeW

user32

OpenClipboard
CharLowerW
DrawIconEx
EndPaint
BeginPaint
CreateMenu
RegisterClassW
GetCursorPos
DeleteMenu
TrackPopupMenu
AppendMenuW
SetMenuDefaultItem
SetMenuItemInfoW
GetMenuItemID
CheckMenuItem
CharLowerBuffW
FindWindowExW
GetMenuItemCount
GetMenuItemInfoW
LoadMenuW
ReleaseDC
GetDC
CloseClipboard
DialogBoxParamW
CreateDialogParamW
SetDlgItemInt
EmptyClipboard
SetClipboardData
EnableMenuItem
CreateWindowExW
SetTimer
KillTimer
GetMessageW
LoadIconW
SetWindowTextA
GetWindowTextA
wvsprintfW
SetCapture
GetClassLongW
ReleaseCapture
CheckRadioButton
IsWindowVisible
SendMessageTimeoutW
IsWindowEnabled
MoveWindow
MessageBeep
GetDlgItemTextW
GetWindowThreadProcessId
GetShellWindow
InSendMessage
PostThreadMessageW
CopyIcon
DestroyMenu
GetSubMenu
ExitWindowsEx
RemoveMenu
LoadStringW
SetForegroundWindow
IsWindow
FindWindowW
CharNextW
GetWindowLongW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
SendMessageW
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetParent
SetWindowLongW
GetWindowTextW
GetWindowTextLengthW
wsprintfW
LoadCursorW
DefWindowProcW
EndDialog
CharUpperW
SetWindowTextW
SendDlgItemMessageW
SetDlgItemTextW
GetSystemMetrics
DestroyWindow
PostMessageW
EnableWindow
CheckDlgButton
IsDlgButtonChecked
MessageBoxW
SetCursor
WinHelpW
DestroyIcon
GetDesktopWindow
GetMessagePos
GetAsyncKeyState
SetFocus
GetFocus
SetClassLongW
ShowWindow
UpdateWindow
PostQuitMessage
GetKeyState
LoadImageW
GetDlgCtrlID
CreateWindowExA
SetWindowLongA

ws2_32

WSCEnumProtocols
WSCDeinstallProvider

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f2f3f61f04fc09f936d92ebd9415b13

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

11:21:5f:21:a7:1b:97:b7:14:13:d7:ab:e1:70:13:5e:2b:7eCertificate

Extended Key Usages

Key Usages

ac:49:f2:fa:da:91:9d:91:a5:d9:3f:ee:10:e0:37:7f:41:93:73:a2Signer

Signature Validations

Verification

23/06/2015, 12:30 Valid: false

Headers

File Characteristics

Imports

advapi32

credui

gdi32

iphlpapi

kernel32

msvcrt

ntdll

ole32

rpcrt4

rtutils

shell32

shlwapi

user32

ws2_32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 33KB - Virtual size: 221KB

DATA Size: 71KB - Virtual size: 71KB

.rsrc Size: 46KB - Virtual size: 46KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

11:21:5f:21:a7:1b:97:b7:14:13:d7:ab:e1:70:13:5e:2b:7e
Certificate

ac:49:f2:fa:da:91:9d:91:a5:d9:3f:ee:10:e0:37:7f:41:93:73:a2
Signer

23/06/2015, 12:30
Valid: false

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 33KB - Virtual size: 221KB

DATA
Size: 71KB - Virtual size: 71KB

.rsrc
Size: 46KB - Virtual size: 46KB