fcf0794f4c7c678763286e84d32d1451199e1fd1695fe21867955fa04dcae89a

Sharing

Copy URL Twitter E-mail

General

Target

fcf0794f4c7c678763286e84d32d1451199e1fd1695fe21867955fa04dcae89a
Size

288KB
MD5

0b6df2838e0eb797fe43700fde1a13d2
SHA1

83dc0a5bb4c68c7146df0f8fe59bc958888304bd
SHA256

fcf0794f4c7c678763286e84d32d1451199e1fd1695fe21867955fa04dcae89a
SHA512

97854e83ea45d8e31dda9c8f0685281d1af9e73f41b2df170b781075fd106143340d16fee24dfb8453b3e187a2b95b0b9f0dad5a08f11c7e4602822821503739
SSDEEP

6144:wUk5hN+hPNHAniFBX0OCfRUTHsZ6T44fYXzYfOJnrLi4U+Ep3:wUk5vwHaglpTHsm4qYXcWJnrLi4U+Ep3

Score

N/A

Malware Config

Signatures

Files

fcf0794f4c7c678763286e84d32d1451199e1fd1695fe21867955fa04dcae89a
.exe windows x86

cb525ca8f31c00bc524e9c5e2a4e8ff3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:4f:f1:17:e9:8b:71:fc:e5:55:5f:a8:4a:37:e2:0b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

18/02/2015, 00:00

Not After

18/02/2016, 23:59

Subject

CN=Oleksandr Mikhta,OU=Individual Developer,O=No Organization Affiliation,L=kharkov,ST=kharkov,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:ff:e8:8b:eb:1f:de:2b:d8:7f:0a:03:9f:e1:4d:d5:df:de:83:09
Signer

Actual PE Digest

06:ff:e8:8b:eb:1f:de:2b:d8:7f:0a:03:9f:e1:4d:d5:df:de:83:09

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Oleksandr Mikhta,OU=Individual Developer,O=No Organization Affiliation,L=kharkov,ST=kharkov,C=UA

31/03/2015, 22:23
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

kernel32

CloseHandle
CreateFileW
HeapSize
IsProcessorFeaturePresent
HeapReAlloc
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
SetStdHandle
RtlUnwind
LoadLibraryW
Sleep
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
FlushFileBuffers
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
FillConsoleOutputAttribute
LockResource
GetConsoleScreenBufferInfo
GetLastError
SetConsoleCursorPosition
HeapCreate
CreateEventA
SizeofResource
GlobalAlloc
InitializeCriticalSection
WaitForSingleObject
HeapAlloc
LoadResource
FindResourceA
FillConsoleOutputCharacterA
TlsAlloc
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
EncodePointer
GetSystemTimeAsFileTime
GetFullPathNameA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer

user32

LoadImageA
SetWindowTextA
CallWindowProcA
GetLayeredWindowAttributes
LoadCursorA
DispatchMessageW
MapWindowPoints
UpdateWindow
EndPaint
SetWindowPlacement
GetSystemMenu
ScreenToClient
GetWindowRect
CreateDialogParamA
GetMessageW
RegisterClassExA
FillRect
DrawIconEx
LoadStringA
GetParent
LoadIconA
GetClientRect
SendMessageA
BeginPaint
GetDC
TranslateMessage
SetDlgItemInt
GetMenu
GetWindowPlacement
SetRect
MessageBoxA
InvalidateRect
UnregisterClassA
CreateWindowExA
PeekMessageA
ReleaseDC
GetDlgItem
DefWindowProcA
CharLowerBuffA
SetWindowPos
GetMenuItemInfoA
ShowWindow
DispatchMessageA

gdi32

ExcludeClipRect
MoveToEx
BitBlt
PatBlt
LineTo
DeleteDC
CreateSolidBrush
DeleteObject
SelectObject
SelectClipRgn
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
SetDCPenColor
GetObjectA
GetStockObject

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA

shell32

DragFinish
DragQueryFileA
DragQueryPoint
SHBrowseForFolderA

ole32

CoTaskMemFree
CoInitialize

oleaut32

OleLoadPicture

winmm

mmioWrite
mmioClose
mmioCreateChunk
mmioOpenA
waveOutGetNumDevs

imm32

ImmAssociateContext

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb525ca8f31c00bc524e9c5e2a4e8ff3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

1f:4f:f1:17:e9:8b:71:fc:e5:55:5f:a8:4a:37:e2:0bCertificate

Extended Key Usages

Key Usages

06:ff:e8:8b:eb:1f:de:2b:d8:7f:0a:03:9f:e1:4d:d5:df:de:83:09Signer

Signature Validations

Verification

31/03/2015, 22:23 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

imm32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 79KB - Virtual size: 86KB

.vdata Size: 92KB - Virtual size: 92KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 4KB - Virtual size: 4KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

1f:4f:f1:17:e9:8b:71:fc:e5:55:5f:a8:4a:37:e2:0b
Certificate

06:ff:e8:8b:eb:1f:de:2b:d8:7f:0a:03:9f:e1:4d:d5:df:de:83:09
Signer

31/03/2015, 22:23
Valid: false

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 79KB - Virtual size: 86KB

.vdata
Size: 92KB - Virtual size: 92KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 4KB - Virtual size: 4KB