aba05f22816c1c2c40284b0e45d57366595b0f7e28c29be7e4ae01cc6a9ff64e

Sharing

Copy URL

Twitter E-mail

General

Target

aba05f22816c1c2c40284b0e45d57366595b0f7e28c29be7e4ae01cc6a9ff64e
Size

278KB
MD5

54e7d27fd6aef2939570734bf01fe806
SHA1

e12996bb6d065ec82cf905c5ed9e14fbdbacc9ce
SHA256

aba05f22816c1c2c40284b0e45d57366595b0f7e28c29be7e4ae01cc6a9ff64e
SHA512

8f5ef7a148c3eb5351693d78580ca284b8b1491411341f495f22f3f01562f126a06baa19f735630a8475f9ca626c6fc06513683d71820b20aca8194c4317b8cc
SSDEEP

6144:pz1puZ9rSbebLUshObTFewW8dFlKVYkMcPAPQ:p2ZdFksh6Tz/dFR+

Score

N/A

Malware Config

Signatures

Files

aba05f22816c1c2c40284b0e45d57366595b0f7e28c29be7e4ae01cc6a9ff64e
.exe windows x86

b70ac5ff714ddf5159c16ca1a41f186f

Code Sign

01:a5
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13-08-1998 00:29

Not After

13-08-2018 23:59

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

01:00:00:00:00:01:1f:85:a7:fd:d1
Certificate

Issuer

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Not Before

17-02-2009 18:13

Not After

17-02-2011 18:13

Subject

CN=ctp.syniverse.com,OU=Crossroads,O=Syniverse Technologies Inc.,L=Tampa,ST=Florida,C=US,1.2.840.113549.1.9.1=#0c1f62656c696e64612e6a61626c6f6e736b694073796e6976657273652e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:03:cb
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

16-02-2005 19:14

Not After

16-02-2012 23:59

Subject

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:8e:dc:06:28:5d:c3:5d:f8:8c:dc:6b:d1:24:b8:fa:27:fb:9a:74
Signer

Actual PE Digest

40:8e:dc:06:28:5d:c3:5d:f8:8c:dc:6b:d1:24:b8:fa:27:fb:9a:74

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ctp.syniverse.com,OU=Crossroads,O=Syniverse Technologies Inc.,L=Tampa,ST=Florida,C=US,1.2.840.113549.1.9.1=#0c1f62656c696e64612e6a61626c6f6e736b694073796e6976657273652e636f6d

28-11-2022 11:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle
InternetReadFile

advapi32

RegOpenKeyExA
RegDeleteValueA
RegEnumKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegCloseKey
RegQueryValueExA
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

user32

DestroyWindow
GetDesktopWindow
PostThreadMessageA
IsWindow
CreateWindowExA
wsprintfA
CloseClipboard
EmptyClipboard
GetClipboardData
OpenClipboard
GetMessageA
SendMessageA
ReleaseDC
GetDC

ws2_32

WSACleanup
gethostname
gethostbyname
inet_ntoa
WSAStartup

gdi32

CreateDCA
GetDeviceCaps
StretchDIBits
RectVisible
CreateCompatibleBitmap
CreateBitmap
SetBkColor
StretchBlt
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
GetObjectA
RealizePalette
GetDIBits
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvcrt

fseek
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
memcpy
mbstowcs
wcslen
_purecall
_chkesp
__CxxFrameHandler
ftell
fputc
getc
floor
_ftol
_CxxThrowException
ceil
sin
cos
getenv
fabs
longjmp
_setjmp3
__CxxLongjmpUnwind
exp
log
isprint
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
atol
strncat
printf
_strlwr
_msize
fgetwc
fprintf
_filelength
fwrite
fflush
strcpy
fread
strtok
realloc
_strupr
strrchr
strcmp
_strnicmp
strlen
strncpy
sprintf
atoi
_sleep
fopen
_filbuf
fclose
memset
_snprintf
strcat
free
malloc
strstr
strncmp
rand
exit
_strdup
_stat
_itoa
_iob
sscanf
remove
acos

winmm

waveInGetNumDevs
waveInGetDevCapsA

iphlpapi

GetAdaptersInfo

shlwapi

PathFileExistsA

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules
GetModuleBaseNameA

kernel32

SetFilePointer
CreatePipe
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalSize
GetModuleHandleA
FindFirstFileA
SetFileAttributesA
GetTempPathA
GetSystemDirectoryA
RemoveDirectoryA
FileTimeToLocalFileTime
FindNextFileA
FileTimeToSystemTime
FindClose
GetDriveTypeA
CreateFileA
DeviceIoControl
OpenProcess
GetVersionExA
CreateProcessA
WaitForSingleObject
GetVersion
GetCurrentThreadId
GetCurrentProcess
CloseHandle
CreateMutexA
GetLastError
GetComputerNameA
GetTickCount
SetProcessWorkingSetSize
GetLocalTime
DeleteFileA
Sleep
ExitProcess
lstrcatA
GlobalMemoryStatus
TerminateProcess
SetCurrentDirectoryA
lstrlenA
lstrcmpiA
ReadFile
PeekNamedPipe
GetExitCodeProcess
GetStartupInfoA

shell32

DoEnvironmentSubstA

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxImageJPG@@QAE@ABV0@@Z
??0CxImageJPG@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@PAEK@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxImageJPG@@UAE@XZ
??1CxMemFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??4tagCxTextInfo@@QAEAAU0@ABU0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageJPG@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Alloc@CxMemFile@@IAEXK@Z
?AlphaClear@CxImage@@QAEXXZ
?AlphaCopy@CxImage@@QAE_NAAV1@@Z
?AlphaCreate@CxImage@@QAEXXZ
?AlphaDelete@CxImage@@QAEXXZ
?AlphaGet@CxImage@@QAEEJJ@Z
?AlphaGetBits@CxImage@@QBEPAEXZ
?AlphaGetMax@CxImage@@QBEEXZ
?AlphaIsValid@CxImage@@QAE_NXZ
?AlphaPaletteEnable@CxImage@@QAEX_N@Z
?AlphaPaletteIsEnabled@CxImage@@QAE_NXZ
?AlphaSet@CxImage@@QAEXE@Z
?AlphaSet@CxImage@@QAEXJJE@Z
?AlphaSet@CxImage@@QAE_NAAV1@@Z
?AlphaSetMax@CxImage@@QAEXE@Z
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?Clear@CxImage@@QAEXE@Z
?Close@CxIOFile@@UAE_NXZ
?Close@CxMemFile@@UAE_NXZ
?CompareColors@CxImage@@KAHPBX0@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?CopyInfo@CxImage@@IAEXABV1@@Z
?Create@CxImage@@QAEPAXKKKK@Z
?CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z
?CreateFromHANDLE@CxImage@@QAE_NPAX@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z
?Crop@CxImage@@QAE_NABUtagRECT@@PAV1@@Z
?Crop@CxImage@@QAE_NJJJJPAV1@@Z
?CropRotatedRectangle@CxImage@@QAE_NJJJJMPAV1@@Z
?Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAVCxFile@@@Z
?Destroy@CxImage@@QAE_NXZ
?Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@@Z
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@@Z
?Enable@CxImage@@QAEX_N@Z
?Encode@CxImage@@QAE_NAAPAEAAJK@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z
?Encode@CxImage@@QAE_NPAVCxFile@@K@Z
?Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z
?Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z
?Eof@CxIOFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Error@CxMemFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Free@CxMemFile@@IAEXXZ
?GetBits@CxImage@@QAEPAEK@Z
?GetBpp@CxImage@@QBEGXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetC@CxMemFile@@UAEJXZ
?GetClrImportant@CxImage@@QBEKXZ
?GetCodecOption@CxImage@@QBEKXZ
?GetColorType@CxImage@@QAEEXZ
?GetDIB@CxImage@@QBEPAXXZ
?GetEffWidth@CxImage@@QBEKXZ
?GetEscape@CxImage@@QBEJXZ
?GetFlags@CxImage@@QBEKXZ
?GetFrame@CxImage@@QBEJXZ
?GetFrameDelay@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GetJpegQuality@CxImage@@QBEEXZ
?GetJpegScale@CxImage@@QBEEXZ
?GetLastError@CxImage@@QAEPADXZ
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetNumColors@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetNumLayers@CxImage@@QBEJXZ
?GetOffset@CxImage@@QAEXPAJ0@Z
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteColor@CxImage@@QAE_NEPAE00@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetParent@CxImage@@QBEPAV1@XZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetProgress@CxImage@@QBEJXZ
?GetSize@CxImage@@QAEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?GetVersion@CxImage@@QAEPBDXZ
?GetWidth@CxImage@@QBEKXZ
?GetXDPI@CxImage@@QBEJXZ
?GetYDPI@CxImage@@QBEJXZ
?Ghost@CxImage@@IAEXPAV1@@Z
?GrayScale@CxImage@@QAE_NXZ
?IsEnabled@CxImage@@QBE_NXZ
?IsGrayScale@CxImage@@QAE_NXZ
?IsIndexed@CxImage@@QAE_NXZ
?IsInside@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QBE_NXZ
?IsValid@CxImage@@QBE_NXZ
?Negative@CxImage@@QAE_NXZ
?Open@CxIOFile@@QAE_NPBD0@Z
?Open@CxMemFile@@QAE_NXZ
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?PutC@CxMemFile@@UAE_NE@Z
?RGBtoBGR@CxImage@@IAEXPAEH@Z
?RGBtoRGBQUAD@CxImage@@QAE?AUtagRGBQUAD@@K@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Rotate@CxImage@@QAE_NMPAV1@@Z
?Save@CxImage@@QAE_NPBDK@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Seek@CxMemFile@@UAE_NJH@Z
?SelectionCopy@CxImage@@QAE_NAAV1@@Z
?SelectionDelete@CxImage@@QAE_NXZ
?SelectionGetBox@CxImage@@QAEXAAUtagRECT@@@Z
?SelectionIsInside@CxImage@@QAE_NJJ@Z
?SelectionIsValid@CxImage@@QAE_NXZ
?SetCodecOption@CxImage@@QAEXK@Z
?SetEscape@CxImage@@QAEXJ@Z
?SetFlags@CxImage@@QAEXK_N@Z
?SetFrame@CxImage@@QAEXJ@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?SetGrayPalette@CxImage@@QAEXXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?SetJpegScale@CxImage@@QAEXE@Z
?SetOffset@CxImage@@QAEXJJ@Z
?SetPalette@CxImage@@QAEXKPAE00@Z
?SetPalette@CxImage@@QAEXPAUrgb_color@@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?SetPixelIndex@CxImage@@QAEXJJE@Z
?SetProgress@CxImage@@QAEXJ@Z
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetXDPI@CxImage@@QAEXJ@Z
?SetYDPI@CxImage@@QAEXJ@Z
?Size@CxIOFile@@UAEJXZ
?Size@CxMemFile@@UAEJXZ
?Startup@CxImage@@IAEXK@Z
?Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z
?Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z
?Tell@CxIOFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Transfer@CxImage@@QAE_NAAV1@@Z
?Write@CxIOFile@@UAEIPBXII@Z
?Write@CxMemFile@@UAEIPBXII@Z

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b70ac5ff714ddf5159c16ca1a41f186f

Code Sign

01:a5Certificate

01:00:00:00:00:01:1f:85:a7:fd:d1Certificate

Key Usages

04:00:03:cbCertificate

Key Usages

40:8e:dc:06:28:5d:c3:5d:f8:8c:dc:6b:d1:24:b8:fa:27:fb:9a:74Signer

Signature Validations

Verification

28-11-2022 11:52 Valid: false

Headers

File Characteristics

Imports

wininet

advapi32

user32

ws2_32

gdi32

avicap32

msvcrt

winmm

iphlpapi

shlwapi

psapi

kernel32

shell32

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 40KB - Virtual size: 7.5MB

01:a5
Certificate

01:00:00:00:00:01:1f:85:a7:fd:d1
Certificate

04:00:03:cb
Certificate

40:8e:dc:06:28:5d:c3:5d:f8:8c:dc:6b:d1:24:b8:fa:27:fb:9a:74
Signer

28-11-2022 11:52
Valid: false

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 40KB - Virtual size: 7.5MB