6e4c63a1ee06e890821831e119adfdd241585a51b7fdd2f5d7e602fa6f1961e9

Sharing

Copy URL

Twitter E-mail

General

Target

6e4c63a1ee06e890821831e119adfdd241585a51b7fdd2f5d7e602fa6f1961e9
Size

165KB
MD5

8ef66bafdc7c089f222169ab49310965
SHA1

b02fb4892e11822a683ff5398979090e8625d3d6
SHA256

6e4c63a1ee06e890821831e119adfdd241585a51b7fdd2f5d7e602fa6f1961e9
SHA512

838d8bed91a73d4221519fe6d9b866774bb69099c57a3ab1a786d92b314b6269df2fc0e02288075d77299b9ff3047a872a50fbaa93a079d395530a85bcecfc45
SSDEEP

3072:mfc024zt9o7o6QCXH4y1UbR9u8Pw1CuKTkG:mOOXENXHt4RsA2CuKTkG

Score

N/A

Malware Config

Signatures

Files

6e4c63a1ee06e890821831e119adfdd241585a51b7fdd2f5d7e602fa6f1961e9
.exe windows x86

9c3472ebda416d6470d7d78cf98f6b03

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:27:58:3d
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13/01/2010, 19:20

Not After

30/09/2015, 18:19

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:09:96:c5:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 16:58

Not After

23/05/2016, 17:08

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:26:e6:bd:a7:6d:ae:71:1e:3d:b2:32:1e:3b:53:08
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/02/2013, 00:00

Not After

28/04/2015, 12:00

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:cf:6a:10:85:34:b0:57:29:e6:c8:b2:c3:b1:09:aa:bb:00:59:f7
Signer

Actual PE Digest

8b:cf:6a:10:85:34:b0:57:29:e6:c8:b2:c3:b1:09:aa:bb:00:59:f7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

11/12/2014, 10:03
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetProcAddress
LoadLibraryA
ResumeThread
Sleep
CreateThread
CloseHandle
TerminateThread
LeaveCriticalSection
DeleteCriticalSection
CancelIo
ResetEvent
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
lstrlenA
GetPrivateProfileSectionNamesA
GetVersionExA
lstrcatA
GetWindowsDirectoryA
MultiByteToWideChar
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
lstrcpyA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
SetLastError
GetModuleFileNameA
WinExec
GetCurrentProcess
Process32Next
Process32First
ExitProcess
InterlockedExchange
GetSystemDirectoryA
GetLocalTime
HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetTickCount
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
DeviceIoControl
OutputDebugStringA
SetFileAttributesA
MoveFileExA
DefineDosDeviceA
ReleaseMutex
OpenEventA
SetErrorMode
LocalSize
RaiseException
FreeLibrary

msvcrt

strlen
strstr
memmove
_CxxThrowException
memcmp
strcpy
strchr
strcmp
strcat
malloc
free
_except_handler3
_ftol
strncpy
strncmp
sprintf
atoi
_errno
_snprintf
strtok
strncat
realloc
_beginthreadex
calloc
??1type_info@@UAE@XZ
ceil
__CxxFrameHandler
memcpy
strrchr
??3@YAXPAX@Z
_strupr
_strnicmp
_strrev
memset
??2@YAPAXI@Z
_strcmpi

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameStart
ICClose
ICOpen
ICSendMessage
ICCompressorFree

userenv

CreateEnvironmentBlock

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c3472ebda416d6470d7d78cf98f6b03

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

07:27:58:3dCertificate

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

61:09:96:c5:00:00:00:00:00:16Certificate

Key Usages

02:26:e6:bd:a7:6d:ae:71:1e:3d:b2:32:1e:3b:53:08Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

8b:cf:6a:10:85:34:b0:57:29:e6:c8:b2:c3:b1:09:aa:bb:00:59:f7Signer

Signature Validations

Verification

11/12/2014, 10:03 Valid: false

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

msvfw32

userenv

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 16B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

07:27:58:3d
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

61:09:96:c5:00:00:00:00:00:16
Certificate

02:26:e6:bd:a7:6d:ae:71:1e:3d:b2:32:1e:3b:53:08
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

8b:cf:6a:10:85:34:b0:57:29:e6:c8:b2:c3:b1:09:aa:bb:00:59:f7
Signer

11/12/2014, 10:03
Valid: false

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 16B