55772108c927ad07351d411739c204e319f041bbe1119c5e7fe28f7dbb5382f8

Sharing

Copy URL Twitter E-mail

General

Target

55772108c927ad07351d411739c204e319f041bbe1119c5e7fe28f7dbb5382f8
Size

3.2MB
MD5

224b19926065a3db9df0eaa782116796
SHA1

bc2c307f99cdbca49b219988299d6c07c007c2d5
SHA256

55772108c927ad07351d411739c204e319f041bbe1119c5e7fe28f7dbb5382f8
SHA512

fcea3ff2d25dae752e44564a15336f72d51d1eca8e231f5d179a3282832801a221f0b1ce22ddc4b297070a78f29890298d00d6b5a95881029dd8cd8bcb1d14a2
SSDEEP

49152:R8KG/XHdWgNr/ZRMlmOo1TeH7ZKzgQjLEoZtfVyF/fllGhe3Xta:RGXHdW0/8gOo10ZEg2L9lVyFTGS

Score

N/A

Malware Config

Signatures

Files

55772108c927ad07351d411739c204e319f041bbe1119c5e7fe28f7dbb5382f8
.exe windows x86

746cd02fe0ec6511a44f33c7dd65aa62

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ea:9c:e7:67:28:f5:5e:8f:87:b7:f0:68:37:73:b7
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/06/2014, 00:00

Not After

09/06/2016, 23:59

Subject

CN=Savepath Deals,O=Savepath Deals,POSTALCODE=90069,STREET=8923 W Sunset blvd,L=West Hollywood,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:7a:97:a1:52:94:b0:29:50:b8:0c:89:a9:63:2b:97:04:dc:e0:9a
Signer

Actual PE Digest

59:7a:97:a1:52:94:b0:29:50:b8:0c:89:a9:63:2b:97:04:dc:e0:9a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Savepath Deals,O=Savepath Deals,POSTALCODE=90069,STREET=8923 W Sunset blvd,L=West Hollywood,ST=CA,C=US

12/08/2014, 19:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
SizeofResource
MultiByteToWideChar
LockResource
GetEnvironmentVariableW
Sleep
CreateFileW
GetProcAddress
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
GetModuleFileNameW
SetFilePointer
SystemTimeToFileTime
SetFileTime
WriteFile
ReadFile
GetCurrentDirectoryW
LocalFileTimeToFileTime
UnmapViewOfFile
LoadResource
CreateMutexW
GetExitCodeProcess
SuspendThread
WriteConsoleW
SetStdHandle
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExW
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FindResourceW
FindResourceExW
CloseHandle
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DecodePointer
HeapSize
RaiseException
TerminateProcess
HeapDestroy
InitializeCriticalSectionAndSpinCount
FindFirstFileW
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
HeapReAlloc
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetLastError
GetFileAttributesW
CreateDirectoryW
CreateThread
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCommandLineW
GetModuleHandleExW
ExitProcess
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStringTypeW
SetEndOfFile

user32

DefWindowProcW
CreateWindowExW
SetWindowPos
SetWindowLongW
ReleaseDC
GetClassNameW
GetWindowLongW
GetDC
SendMessageW
EqualRect
PostMessageW
wsprintfW
RegisterClassExW
EndPaint
UpdateLayeredWindow
GetWindowRect
GetWindowDC
GetParent
GetClientRect
BeginPaint

gdi32

DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
BitBlt

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ShellExecuteExW

ole32

OleSetContainedObject
OleDraw
OleCreate

shlwapi

PathRemoveFileSpecW
PathRemoveBackslashW
PathAppendW

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

746cd02fe0ec6511a44f33c7dd65aa62

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

56:ea:9c:e7:67:28:f5:5e:8f:87:b7:f0:68:37:73:b7Certificate

Extended Key Usages

Key Usages

59:7a:97:a1:52:94:b0:29:50:b8:0c:89:a9:63:2b:97:04:dc:e0:9aSigner

Signature Validations

Verification

12/08/2014, 19:17 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 10KB - Virtual size: 9KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

56:ea:9c:e7:67:28:f5:5e:8f:87:b7:f0:68:37:73:b7
Certificate

59:7a:97:a1:52:94:b0:29:50:b8:0c:89:a9:63:2b:97:04:dc:e0:9a
Signer

12/08/2014, 19:17
Valid: false

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 10KB - Virtual size: 9KB