d60d16ee455707aa6e564ae4b9827846c1c074faea33fa6ae58bf3c54be62e65

Sharing

Copy URL Twitter E-mail

General

Target

d60d16ee455707aa6e564ae4b9827846c1c074faea33fa6ae58bf3c54be62e65
Size

2.5MB
MD5

9a857ab2dbb4f82080b6d5105ba96e27
SHA1

f49e95cd6f571e23b89766c813ae0e1643993b55
SHA256

d60d16ee455707aa6e564ae4b9827846c1c074faea33fa6ae58bf3c54be62e65
SHA512

4d4fdf92cdc5f4ab210b706e59d65636ebcf0c54812ca549f7da2aae0fab378884475013722a092e88f8ebd0349a0b7240709c1bbfd0a17aa25174976fd1e1f4
SSDEEP

49152:PlWlNMG7W5zKqTkc+K6s5/8X0+2PRv/EbrHyWE5T0QxiHTatL8n37:PWyeqTNn8X2ZkbrH70

Score

N/A

Malware Config

Signatures

Files

d60d16ee455707aa6e564ae4b9827846c1c074faea33fa6ae58bf3c54be62e65
.exe windows x86

e6d356d50f14a55597e953b0a5a4c670

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:92:20:e1:be:f0:51:99:21:92:2b:93:3c:27:df:dd
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22/10/2014, 00:00

Not After

22/10/2015, 23:59

Subject

CN=Prof-IT,O=Prof-IT,POSTALCODE=623856,STREET=Pervomajskaja\, 47\, 75,L=Irbit,ST=Sverdlovsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ab:5b:25:2a:1e:12:23:97:6a:56:c6:a0:5d:19:61:3f:0f:98:d6:26
Signer

Actual PE Digest

ab:5b:25:2a:1e:12:23:97:6a:56:c6:a0:5d:19:61:3f:0f:98:d6:26

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Prof-IT,O=Prof-IT,POSTALCODE=623856,STREET=Pervomajskaja\, 47\, 75,L=Irbit,ST=Sverdlovsk region,C=RU

06/04/2015, 13:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetTickCount
GetVersionExW
GetFileAttributesA
GetFileAttributesW
TerminateProcess
GetTempPathW
FindClose
IsWow64Process
GetSystemInfo
FindNextFileW
GetFileAttributesExW
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
InterlockedCompareExchange
OutputDebugStringW
FormatMessageW
GetProcAddress
LocalFree
FormatMessageA
CreateFileA
GetModuleHandleA
UnmapViewOfFile
CreateFileMappingA
CreateMutexA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
CreateFileW
UnregisterWait
SetThreadPriority
OpenThread
RegisterWaitForSingleObject
ResumeThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
HeapCompact
SetFilePointer
MapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
UnlockFile
LockFile
UnlockFileEx
GetProcessHeap
WriteFile
LoadLibraryW
HeapDestroy
HeapCreate
HeapValidate
ReadFile
FlushFileBuffers
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
ExitThread
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
FindFirstFileW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcessTimes
GetProcessId
GetCurrentProcess
Sleep
ReleaseMutex
WaitForSingleObject
OpenMutexW
CloseHandle
CreateMutexW
GetCurrentProcessId
GetEnvironmentVariableW
GetShortPathNameW
SetProcessShutdownParameters
GetCommandLineW
GetModuleFileNameW
GetLastError
CreateDirectoryW
ReadConsoleInputA
SetConsoleMode
InterlockedDecrement
GetCurrentDirectoryW
GetFileInformationByHandle
CreateThread
GetDriveTypeW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
InterlockedIncrement
SetLastError
HeapSetInformation
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
SleepEx
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
GetModuleHandleW
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetDateFormatA
GetTimeFormatA
GetStartupInfoW

user32

DefWindowProcW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
PostQuitMessage
KillTimer
SetTimer
GetSystemMetrics
DispatchMessageW
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
TranslateMessage
TranslateAcceleratorW
GetMessageW
UpdateWindow
MessageBoxA

advapi32

InitializeSecurityDescriptor
ReportEventA
DeregisterEventSource
CryptHashData
CryptDestroyHash
CryptCreateHash
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidW
LookupAccountNameW
SetSecurityDescriptorDacl
RegisterEventSourceA
RegSetValueExW
RegFlushKey
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoUninitialize

shlwapi

PathAppendA
PathAppendW
AssocQueryStringW

ws2_32

WSACleanup
WSAStartup
getsockopt
closesocket
socket
bind
recv
setsockopt
getsockname
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
send
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
WSASetLastError

wldap32

ord143
ord41
ord26
ord50
ord22
ord35
ord32
ord60
ord30
ord79
ord33
ord27
ord301
ord211
ord46
ord200

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
logging_get_program_version

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 447KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6d356d50f14a55597e953b0a5a4c670

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

ba:92:20:e1:be:f0:51:99:21:92:2b:93:3c:27:df:ddCertificate

Extended Key Usages

Key Usages

ab:5b:25:2a:1e:12:23:97:6a:56:c6:a0:5d:19:61:3f:0f:98:d6:26Signer

Signature Validations

Verification

06/04/2015, 13:11 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

version

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 333KB - Virtual size: 332KB

.data Size: 447KB - Virtual size: 465KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 102KB - Virtual size: 102KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

ba:92:20:e1:be:f0:51:99:21:92:2b:93:3c:27:df:dd
Certificate

ab:5b:25:2a:1e:12:23:97:6a:56:c6:a0:5d:19:61:3f:0f:98:d6:26
Signer

06/04/2015, 13:11
Valid: false

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 333KB - Virtual size: 332KB

.data
Size: 447KB - Virtual size: 465KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 102KB - Virtual size: 102KB