813c271af1b73be08c69b435e46c9a056a14297eea5225777a5b02d4ae929b00

Sharing

Copy URL Twitter E-mail

General

Target

813c271af1b73be08c69b435e46c9a056a14297eea5225777a5b02d4ae929b00
Size

337KB
MD5

c8286402ab05ac39cc71aae55a23d76d
SHA1

6b6d48bfbd9abaf3622097af7cced228ef870b32
SHA256

813c271af1b73be08c69b435e46c9a056a14297eea5225777a5b02d4ae929b00
SHA512

2a29b30b9e0832319f710e4e97a83455877afef17738b6e32ef48a4a8e5cdea621bbce5a21166881fb799ac8789fc2af1e49a89982f0295fd431c78473e41219
SSDEEP

6144:7ptVxxuHwJ9ZuCBIXGIMoPeeKwO+pZBXfA9pV8e2B9vgNogV2+:1tcy9ZuCqD9XYvV8ekY6gV2+

Score

N/A

Malware Config

Signatures

Files

813c271af1b73be08c69b435e46c9a056a14297eea5225777a5b02d4ae929b00
.exe windows x86

ce51ca01e02066602c0acb76bbf000ce

Code Sign

2e:f1:d7:1a:d8:7a:03:44:b8:a3:c6:00:38:f5:8d:3e
Certificate

Issuer

CN=tmgqrcanpom

Not Before

28/01/2012, 13:24

Not After

31/12/2039, 23:59

Subject

CN=Gasqipo

1f:4c:89:84:fe:35:7a:b9:49:f5:f9:c2:98:ac:e0:38:3d:9b:f1:d7
Signer

Actual PE Digest

1f:4c:89:84:fe:35:7a:b9:49:f5:f9:c2:98:ac:e0:38:3d:9b:f1:d7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgIsStorageILockBytes
StgCreatePropSetStg
RegisterDragDrop
OleCreateDefaultHandler
OleRegEnumVerbs
OleIsCurrentClipboard
CreateBindCtx
CreateStreamOnHGlobal
OleCreateFromDataEx
OleQueryLinkFromData
CoGetTreatAsClass
OleQueryCreateFromData
OleCreateFromFileEx
OleDraw

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetCPInfo
LeaveCriticalSection
InitializeCriticalSection
HeapAlloc
FoldStringA
CompareStringA
LocalReAlloc
GlobalFlags
CreateMutexA
SetLocaleInfoA
LocalFlags
GetACP
GlobalLock
GetSystemDefaultLCID
GetLocaleInfoA
GetSystemDefaultLangID
LocalHandle
EnterCriticalSection
GetProcAddress
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetStringTypeW
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce51ca01e02066602c0acb76bbf000ce

Code Sign

2e:f1:d7:1a:d8:7a:03:44:b8:a3:c6:00:38:f5:8d:3eCertificate

1f:4c:89:84:fe:35:7a:b9:49:f5:f9:c2:98:ac:e0:38:3d:9b:f1:d7Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Imports

ole32

kernel32

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 302KB - Virtual size: 302KB

.data Size: 1KB - Virtual size: 504KB

.rsrc Size: 16KB - Virtual size: 15KB

2e:f1:d7:1a:d8:7a:03:44:b8:a3:c6:00:38:f5:8d:3e
Certificate

1f:4c:89:84:fe:35:7a:b9:49:f5:f9:c2:98:ac:e0:38:3d:9b:f1:d7
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 302KB - Virtual size: 302KB

.data
Size: 1KB - Virtual size: 504KB

.rsrc
Size: 16KB - Virtual size: 15KB