14404e61c643b0dcc840149ab0de688ef37d5f0ac08d10edfa65a13bf181d9d0

Sharing

Copy URL Twitter E-mail

General

Target

14404e61c643b0dcc840149ab0de688ef37d5f0ac08d10edfa65a13bf181d9d0
Size

248KB
MD5

52059d9dc515930521eccbfd02d7bf3f
SHA1

6aa887d83af117106194cc61d7fa7c5bd1df1007
SHA256

14404e61c643b0dcc840149ab0de688ef37d5f0ac08d10edfa65a13bf181d9d0
SHA512

bb142e0fbdd3331ad32669bb0084607dddf352bc9915dfe2f610ee41510af92da15b288f4339da0b3807294f0970ba4a0197b3a5bc88e1b066fce1c8d7e2c66b
SSDEEP

6144:+UUqVPscUIj7VfpPZtFvlajEPYNEyw6PKVpQhNJoumuA:+HcUOlpBtFvcAQNpoVoJouPA

Score

N/A

Malware Config

Signatures

Files

14404e61c643b0dcc840149ab0de688ef37d5f0ac08d10edfa65a13bf181d9d0
.exe windows x86

be13a95ce0c46a8872dcee4648d1cba4

Code Sign

70:63:9e:a1:ef:8d:3b:6e:bd:d5:93:fb:96:79:89:57
Certificate

Issuer

CN=qadnbbskemu

Not Before

25/06/2012, 19:31

Not After

31/12/2039, 23:59

Subject

CN=Fromnd

de:2e:8a:ac:32:e5:5b:4a:f8:1b:27:e1:ae:f6:83:7c:e3:08:73:78
Signer

Actual PE Digest

de:2e:8a:ac:32:e5:5b:4a:f8:1b:27:e1:ae:f6:83:7c:e3:08:73:78

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowTextA
AdjustWindowRect

advapi32

RegQueryMultipleValuesA
RegEnumValueA
BackupEventLogA
DeregisterEventSource
RegisterEventSourceA
AdjustTokenPrivileges

kernel32

GetModuleHandleA
GetStartupInfoA
GetProcAddress
SetEvent
ResumeThread
GetCurrentProcess
ResetEvent
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
GetHandleInformation
VirtualAlloc
SuspendThread
GetComputerNameA
DeleteFileA

winspool.drv

DeviceCapabilitiesA
DeletePrinterConnectionW
AddPrinterConnectionW
ConfigurePortA
DeletePrinterDriverA
DeletePrinterDriverExA
AddPrinterA
EnumPrinterDriversW
AddPrintProcessorA
AddPrinterDriverExA
GetPrinterDriverA
EnumPrintersA

msvcrt

__p__fmode
_acmdln
exit
_controlfp
_except_handler3
__set_app_type
__getmainargs
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_exit
_XcptFilter

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be13a95ce0c46a8872dcee4648d1cba4

Code Sign

70:63:9e:a1:ef:8d:3b:6e:bd:d5:93:fb:96:79:89:57Certificate

de:2e:8a:ac:32:e5:5b:4a:f8:1b:27:e1:ae:f6:83:7c:e3:08:73:78Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Imports

user32

advapi32

kernel32

winspool.drv

msvcrt

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 210KB - Virtual size: 209KB

.data Size: 512B - Virtual size: 330KB

.rsrc Size: 19KB - Virtual size: 19KB

70:63:9e:a1:ef:8d:3b:6e:bd:d5:93:fb:96:79:89:57
Certificate

de:2e:8a:ac:32:e5:5b:4a:f8:1b:27:e1:ae:f6:83:7c:e3:08:73:78
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 210KB - Virtual size: 209KB

.data
Size: 512B - Virtual size: 330KB

.rsrc
Size: 19KB - Virtual size: 19KB