8843b095b437042917996d306bfcba681957c474e0233881f10812c2140f7ac7

Sharing

Copy URL Twitter E-mail

General

Target

8843b095b437042917996d306bfcba681957c474e0233881f10812c2140f7ac7
Size

2.5MB
MD5

fcee58459856b5bc0f60cf1fbcb0fcd5
SHA1

f9e0553ef195d3bf3720c324cea35e7eb0cd5394
SHA256

8843b095b437042917996d306bfcba681957c474e0233881f10812c2140f7ac7
SHA512

c3171cbdcb95f19f2ef5fc93a10936de3c12ff63af41f9147704dd98b075e36169a5aafbc991875cd2a964a4a6c4a989cae057c24a7c39746d715d228a43ca33
SSDEEP

49152:H+zVUt8/5wQY/OEGzwd+v4S/98QjbrUJixT9EDto:Hj5+AE985

Score

N/A

Malware Config

Signatures

Files

8843b095b437042917996d306bfcba681957c474e0233881f10812c2140f7ac7
.exe windows x86

2f6096108609ff5e6317cc11491cefaf

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:92:20:e1:be:f0:51:99:21:92:2b:93:3c:27:df:dd
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22/10/2014, 00:00

Not After

22/10/2015, 23:59

Subject

CN=Prof-IT,O=Prof-IT,POSTALCODE=623856,STREET=Pervomajskaja\, 47\, 75,L=Irbit,ST=Sverdlovsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:27:70:62:a7:75:f3:98:78:d1:cb:80:e3:a1:cd:75:04:b2:90:9e
Signer

Actual PE Digest

01:27:70:62:a7:75:f3:98:78:d1:cb:80:e3:a1:cd:75:04:b2:90:9e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Prof-IT,O=Prof-IT,POSTALCODE=623856,STREET=Pervomajskaja\, 47\, 75,L=Irbit,ST=Sverdlovsk region,C=RU

23/12/2014, 07:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetVersionExW
GetFileAttributesA
GetFileAttributesW
TerminateProcess
GetLastError
FindClose
Process32FirstW
GetSystemInfo
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcess
InterlockedCompareExchange
OutputDebugStringW
GetProcAddress
IsWow64Process
FormatMessageA
CreateFileA
GetModuleHandleA
UnmapViewOfFile
CreateFileMappingA
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FileTimeToSystemTime
GetProcessId
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
CreateFileW
UnregisterWait
SetThreadPriority
OpenThread
RegisterWaitForSingleObject
ResumeThread
CreateThread
TlsGetValue
TlsSetValue
TlsAlloc
FormatMessageW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
HeapCompact
SetFilePointer
MapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
UnlockFile
LockFile
UnlockFileEx
GetProcessHeap
WriteFile
LoadLibraryW
HeapDestroy
HeapCreate
HeapValidate
ReadFile
FlushFileBuffers
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
ExitThread
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
GetTimeFormatA
GetTickCount
FindFirstFileW
GetShortPathNameW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
Sleep
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
SetLastError
CreateProcessW
CopyFileW
GetTempPathW
GetTempFileNameW
GetCommandLineW
GetModuleFileNameW
CreateDirectoryW
ReadConsoleInputA
SetConsoleMode
GetFileInformationByHandle
GetDateFormatA
RtlUnwind
RaiseException
LCMapStringW
GetCPInfo
CompareStringW
UnhandledExceptionFilter
TlsFree
GetDriveTypeW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
SleepEx
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
GetModuleHandleW
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetCurrentDirectoryW
SetUnhandledExceptionFilter

user32

CharLowerW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

advapi32

DeregisterEventSource
RegEnumKeyExW
RegCloseKey
RegCreateKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegFlushKey
RegSetValueExW
InitializeSecurityDescriptor
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
RegOpenKeyExW
ReportEventA
RegisterEventSourceA
ConvertSidToStringSidW
LookupAccountNameW
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
CoTaskMemFree

shlwapi

PathAppendA
AssocQueryStringW
PathAppendW

ws2_32

ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
htons
WSAStartup
WSACleanup
WSAGetLastError
connect
WSAIoctl
sendto
send
select
__WSAFDIsSet
getsockopt
getpeername
gethostname
getaddrinfo
freeaddrinfo
recvfrom
accept
listen
ioctlsocket

wldap32

ord22
ord143
ord32
ord200
ord41
ord26
ord35
ord50
ord60
ord46
ord211
ord301
ord30
ord79
ord33
ord27

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
logging_get_program_version

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 447KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f6096108609ff5e6317cc11491cefaf

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

ba:92:20:e1:be:f0:51:99:21:92:2b:93:3c:27:df:ddCertificate

Extended Key Usages

Key Usages

01:27:70:62:a7:75:f3:98:78:d1:cb:80:e3:a1:cd:75:04:b2:90:9eSigner

Signature Validations

Verification

23/12/2014, 07:47 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

version

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 321KB - Virtual size: 320KB

.data Size: 447KB - Virtual size: 465KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 101KB - Virtual size: 100KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

ba:92:20:e1:be:f0:51:99:21:92:2b:93:3c:27:df:dd
Certificate

01:27:70:62:a7:75:f3:98:78:d1:cb:80:e3:a1:cd:75:04:b2:90:9e
Signer

23/12/2014, 07:47
Valid: false

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 321KB - Virtual size: 320KB

.data
Size: 447KB - Virtual size: 465KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 101KB - Virtual size: 100KB