ba5795e56db399295bc9f73345e4e908404dba1bdad7e2c06fd345ba3bf5e19a

Sharing

Copy URL Twitter E-mail

General

Target

ba5795e56db399295bc9f73345e4e908404dba1bdad7e2c06fd345ba3bf5e19a
Size

100KB
MD5

fbfae03fee4e4454b67d47b78f099624
SHA1

74895b4d191a30c0cdbb88e1fc38f2f19e9710b9
SHA256

ba5795e56db399295bc9f73345e4e908404dba1bdad7e2c06fd345ba3bf5e19a
SHA512

f35b13d9ee3073cc51d57e6ddf3f679755ec7296761c6dc303d64b1feabfc80db4fbfe8f8ff2b309db2d68818142cf0bd79905bf1df25fd8471f7506e1c6dd6d
SSDEEP

1536:yVLDTyRDsoHC5GZUH/m7whM7tiaf3OILetZorj0m1BA8mUBP64F5E6TJU73:yVjKZ/8BiMaWICwj6ME6dU73

Score

N/A

Malware Config

Signatures

Files

ba5795e56db399295bc9f73345e4e908404dba1bdad7e2c06fd345ba3bf5e19a
.exe windows x86

9ddbc03bd7b6412962a51d5373dcc467

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

09/12/2011, 00:00

Not After

06/02/2014, 23:59

Subject

CN=LLC Mail.Ru,O=LLC Mail.Ru,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetCommandLineW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
SetUnhandledExceptionFilter
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_winmajor
abort
atexit
calloc
free
fwrite
memcpy
memset
rand
signal
srand
strcmp
time
vfprintf
wcscpy

shell32

CommandLineToArgvW

user32

wsprintfW

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 168B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ddbc03bd7b6412962a51d5373dcc467

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17Certificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

user32

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 36KB - Virtual size: 35KB

.bss Size: - Virtual size: 168B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 18KB - Virtual size: 18KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

1c:09:db:bc:73:2d:4b:58:f7:a8:8e:ba:cf:32:34:17
Certificate

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 36KB - Virtual size: 35KB

.bss
Size: - Virtual size: 168B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 18KB - Virtual size: 18KB