8128491869dc5f797117febb079b1f274f3ffa5b1175ddcd30e9205372b4ec3d

Sharing

Copy URL Twitter E-mail

General

Target

8128491869dc5f797117febb079b1f274f3ffa5b1175ddcd30e9205372b4ec3d
Size

267KB
MD5

46b428c797dc3ef84590e44821f30830
SHA1

30349fe5380a4bfde9029563081c17d1dabeaae0
SHA256

8128491869dc5f797117febb079b1f274f3ffa5b1175ddcd30e9205372b4ec3d
SHA512

5ee9e84237e67ece1dd7d768bf106cbedaa0172a9b6c7a4ea8876217cc86de8bebe57183595cdacea4033d5595366ae1e06e75bdfc31dd127a8d9de45176a6fd
SSDEEP

6144:9VXjv8fnY3bUgj6WjeTxbPPp3bpKdyeZ14ypp8i7:96fnYZ6WjeTxb5LpKdDZ14IpP

Score

N/A

Malware Config

Signatures

Files

8128491869dc5f797117febb079b1f274f3ffa5b1175ddcd30e9205372b4ec3d
.exe windows x86

401d4a93a7af06131a334b15d954e697

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

09/12/2011, 00:00

Not After

06/02/2014, 23:59

Subject

CN=LLC Mail.Ru,O=LLC Mail.Ru,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

OpenProcessToken

kernel32

CloseHandle
CopyFileW
CreateEventA
CreateProcessW
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FreeConsole
FreeLibrary
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
MoveFileExA
ReadFile
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_wgetenv
_winmajor
_wsplitpath
_wtoi64
_wunlink
abort
asctime
atexit
calloc
fputc
fputs
free
fwrite
localtime
malloc
memcpy
printf
puts
realloc
signal
sprintf
strcat
strcmp
strcpy
strlen
time
vfprintf
wcscat
wcscpy

shell32

CommandLineToArgvW
FindExecutableA

user32

EndDialog
GetWindowThreadProcessId
MoveWindow
ScreenToClient
SendDlgItemMessageA
SendMessageA
wsprintfW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 180B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

401d4a93a7af06131a334b15d954e697

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17Certificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 44KB - Virtual size: 43KB

.data Size: 59KB - Virtual size: 59KB

.bss Size: - Virtual size: 180B

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 18KB - Virtual size: 18KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17
Certificate

.text
Size: 44KB - Virtual size: 43KB

.data
Size: 59KB - Virtual size: 59KB

.bss
Size: - Virtual size: 180B

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 18KB - Virtual size: 18KB