208e57f24b7eb1e1391080b00f9feec43ba48543c9dcaa7a230c60589c4d5eb5

Sharing

Copy URL

Twitter E-mail

General

Target

208e57f24b7eb1e1391080b00f9feec43ba48543c9dcaa7a230c60589c4d5eb5
Size

776KB
MD5

d1acfda5165dd86b7a7c02a914a5f840
SHA1

27df9a373ebfbf747fe1bda42d4794d2bfa7475b
SHA256

208e57f24b7eb1e1391080b00f9feec43ba48543c9dcaa7a230c60589c4d5eb5
SHA512

4d9bfa86b9da0d690f3256cd6be89ba32d7035e9fad4699a0e823a636188f784b2b22bbd55c805c7bee429db3578b7d3810da195241d3189cd2952938c970d30
SSDEEP

12288:0zNq8W0SE8wvSS0dvS3O4b1julJ3MzDme8G1C88tfwDdwnCuw:0zNq8W0SE80SScoO4bBuJCD/6W9uw

Score

N/A

Malware Config

Signatures

Files

208e57f24b7eb1e1391080b00f9feec43ba48543c9dcaa7a230c60589c4d5eb5
.exe windows x86

0cb96e50aa1ed7e10128e222c164aa54

Code Sign

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-05-2014 00:00

Not After

03-06-2015 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:ca:cc:59:11:0c:d7:a6:d5:b2:e5:be:db:e8:d8:c7
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2013 00:00

Not After

06-10-2014 12:00

Subject

CN=Mpagosx\, S.L.,O=Mpagosx\, S.L.,L=Cornella de Llobregat,ST=Barcelona,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:14:5c:40:df:ff:5e:00:38:f8:90:3f:aa:fa:de:2c:b8:ea:3f:e2
Signer

Actual PE Digest

28:14:5c:40:df:ff:5e:00:38:f8:90:3f:aa:fa:de:2c:b8:ea:3f:e2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Mpagosx\, S.L.,O=Mpagosx\, S.L.,L=Cornella de Llobregat,ST=Barcelona,C=ES

01-08-2014 07:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
HttpQueryInfoW
InternetOpenW

kernel32

CloseHandle
FreeLibrary
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
Sleep
FormatMessageW
CreateToolhelp32Snapshot
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetCommandLineW
CreateDirectoryW
CopyFileW
GetModuleFileNameW
GetShortPathNameW
GetACP
IsValidCodePage
Process32NextW
Process32FirstW
GetProcAddress
GetLastError
TerminateProcess
GetVersionExW
OpenProcess
GetModuleHandleW
GetCurrentProcess
FindNextFileW
FindClose
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
ReadConsoleW
HeapDestroy
LoadLibraryExW
GetStdHandle
GetCurrentDirectoryW
FindFirstFileExW
GetTimeZoneInformation
GetCurrentThreadId
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EncodePointer
DecodePointer
GetStringTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetDriveTypeW
ExitProcess
GetModuleHandleExW
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetFileType
GetOEMCP

user32

MessageBoxW

advapi32

ConvertStringSidToSidW
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
LookupAccountSidW

shell32

SHGetFolderPathW
CommandLineToArgvW
ord165
SHGetSpecialFolderPathA
ShellExecuteExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

PathFileExistsW

Sections

.text
Size: 642KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cb96e50aa1ed7e10128e222c164aa54

Code Sign

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

03:ca:cc:59:11:0c:d7:a6:d5:b2:e5:be:db:e8:d8:c7Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

28:14:5c:40:df:ff:5e:00:38:f8:90:3f:aa:fa:de:2c:b8:ea:3f:e2Signer

Signature Validations

Verification

01-08-2014 07:25 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 642KB - Virtual size: 641KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 21KB - Virtual size: 21KB

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

03:ca:cc:59:11:0c:d7:a6:d5:b2:e5:be:db:e8:d8:c7
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

28:14:5c:40:df:ff:5e:00:38:f8:90:3f:aa:fa:de:2c:b8:ea:3f:e2
Signer

01-08-2014 07:25
Valid: false

.text
Size: 642KB - Virtual size: 641KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 21KB - Virtual size: 21KB