87b09653bff2d23798dfece7d56b66792b5f89c5689fea2d187a6770cd61283d

Sharing

Copy URL Twitter E-mail

General

Target

87b09653bff2d23798dfece7d56b66792b5f89c5689fea2d187a6770cd61283d
Size

338KB
MD5

86e78d1d238f60e2e500e88a5533c06a
SHA1

84fd4441077970a52873d68e5a9bceaccfc5317d
SHA256

87b09653bff2d23798dfece7d56b66792b5f89c5689fea2d187a6770cd61283d
SHA512

f7ed3837f90731def22f34a0deb48432dcad3e6c516df173661d7155467c5bfd46c805c8cfc728b37d67d3fb0e656eef1d71f3d18151e36323049254d21c58dc
SSDEEP

6144:c8UckTUqMXfAGscN6l0BSkNnpLXwxuA2TjbBGlvzCgX8XNBz:cmkwqM1zY0wa2xuA2TJG1sXNV

Score

N/A

Malware Config

Signatures

Files

87b09653bff2d23798dfece7d56b66792b5f89c5689fea2d187a6770cd61283d
.exe windows x86

0abc21aa4d0f1f1f4c15cd9f04aa22a4

Code Sign

1b:3e:27:99:40:c2:4b:92:4a:a2:3c:61:5a:78:0a:c6
Certificate

Issuer

CN=bfstrbnorar

Not Before

18/06/2012, 18:06

Not After

31/12/2039, 23:59

Subject

CN=Jerani

56:92:2b:54:34:b8:47:4c:ef:f0:6a:2e:d3:99:b7:e6:3d:1f:1f:56
Signer

Actual PE Digest

56:92:2b:54:34:b8:47:4c:ef:f0:6a:2e:d3:99:b7:e6:3d:1f:1f:56

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExA
GetSysColor
GetWindowPlacement
GetWindowTextLengthA
SendDlgItemMessageA
IsZoomed
ShowWindow
IsWindowVisible
GetTopWindow
GetDlgItem
FindWindowExA

advapi32

RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegRestoreKeyA
RegQueryMultipleValuesA
RegOverridePredefKey
RegUnLoadKeyA
RegDeleteKeyA
RegSetValueExA

kernel32

GetHandleInformation
ResetEvent
SuspendThread
GetCommandLineA
ResumeThread
GetStartupInfoA
GetComputerNameA
VirtualAlloc
GetModuleHandleA
DeleteFileA
CloseHandle
WriteProfileSectionA
WritePrivateProfileStringA
GetProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProfileSectionA
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
SetEvent

winspool.drv

EnumPrinterDataA
ConfigurePortA
AbortPrinter
AddJobA
DeletePrinterKeyA
DeleteFormA
ClosePrinter
AddPrinterA
ConnectToPrinterDlg
DeletePrinterDataA
AddFormA
DeletePrinter
AddPrinterConnectionA
DeletePrinterConnectionA
AdvancedDocumentPropertiesA

msvcrt

_controlfp
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_XcptFilter
_except_handler3

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0abc21aa4d0f1f1f4c15cd9f04aa22a4

Code Sign

1b:3e:27:99:40:c2:4b:92:4a:a2:3c:61:5a:78:0a:c6Certificate

56:92:2b:54:34:b8:47:4c:ef:f0:6a:2e:d3:99:b7:e6:3d:1f:1f:56Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Imports

user32

advapi32

kernel32

winspool.drv

msvcrt

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 316KB - Virtual size: 316KB

.data Size: 512B - Virtual size: 97KB

.rsrc Size: 5KB - Virtual size: 5KB

1b:3e:27:99:40:c2:4b:92:4a:a2:3c:61:5a:78:0a:c6
Certificate

56:92:2b:54:34:b8:47:4c:ef:f0:6a:2e:d3:99:b7:e6:3d:1f:1f:56
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 316KB - Virtual size: 316KB

.data
Size: 512B - Virtual size: 97KB

.rsrc
Size: 5KB - Virtual size: 5KB