a6de8bf9bf0141a9589c3962f0c3ad9c8d8d53e8b719e0c9efa18f40ce50580e

Sharing

Copy URL Twitter E-mail

General

Target

a6de8bf9bf0141a9589c3962f0c3ad9c8d8d53e8b719e0c9efa18f40ce50580e
Size

228KB
MD5

4a868d9223b63d651a0c3c57a1588c0c
SHA1

c841657038c951ad9dac7aeb07637f2596d860f3
SHA256

a6de8bf9bf0141a9589c3962f0c3ad9c8d8d53e8b719e0c9efa18f40ce50580e
SHA512

f7b7addc8ba36c1b5565696675a25e619c071e13a62ac56243d7b90ad749219290e910d64b04395b02bf332e4c1e43389526bd1d082cca7b4e3c24df2b34641c
SSDEEP

3072:Ntt/NTNYFyhA87qzQSnZqX5OqnLposjKHgL+VG+/JJxQjeyAlqGHxCTXz:NtCFyhnq+X5OqnLpoq6VG+/JS1AV0X

Score

N/A

Malware Config

Signatures

Files

a6de8bf9bf0141a9589c3962f0c3ad9c8d8d53e8b719e0c9efa18f40ce50580e
.exe windows x86

d6219b8c27bb65d22c1f8b2f654f794b

Code Sign

36:73:2e:a7:e7:4f:3d:3f
Certificate

Issuer

CN=CA365 Free Root Certificate,O=CA365,L=Beijing,ST=Beijing,C=CN,0.9.2342.19200300.100.1.25=#1314687474703a2f2f7777772e63613336352e636f6d

Not Before

14/12/2012, 10:57

Not After

13/12/2013, 11:04

Subject

CN=Mircosoft Toolkit,OU=Mircosoft,O=Mircosoft,L=Mircosoft,ST=,C=CN,0.9.2342.19200300.100.1.25=#1300

Extended Key Usages

ExtKeyUsageTimeStamping
ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:ce:31:53:52:ef:24:56:fc:62:42:09:41:a3:46:7d:a3:e9:e6:95
Signer

Actual PE Digest

55:ce:31:53:52:ef:24:56:fc:62:42:09:41:a3:46:7d:a3:e9:e6:95

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Mircosoft Toolkit,OU=Mircosoft,O=Mircosoft,L=Mircosoft,ST=,C=CN,0.9.2342.19200300.100.1.25=#1300

14/12/2012, 11:09
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
GetProcAddress
MultiByteToWideChar
GetSystemInfo
SetConsoleTitleW
GlobalDeleteAtom
GetModuleHandleA
TlsFree
TzSpecificLocalTimeToSystemTime
VirtualQuery
ClearCommError
EnumUILanguagesA
LoadLibraryA
GetLocalTime
ExitProcess

user32

SetScrollInfo
MessageBoxExA
GetAncestor
SendMessageA
UnregisterClassA
DrawTextA
LoadMenuIndirectW
SetMenuItemBitmaps

gdi32

GetWorldTransform
IntersectClipRect
CreateDIBPatternBrush
CreateMetaFileA
PlayMetaFile
CreateFontIndirectW

advapi32

ImpersonateLoggedOnUser
InitializeSecurityDescriptor
InitializeAcl
ObjectPrivilegeAuditAlarmA
RegSaveKeyW
StartServiceA

Exports

Exports

HwxAbit
HwxAiid
HwxAjhye
HwxAr
HwxAvxp
HwxAzlfrn
HwxBiarj
HwxBlu
HwxBooced
HwxBqhget
HwxBv
HwxCsr
HwxCtbo
HwxDeeaya
HwxDfazh
HwxDq
HwxDso
HwxDyccqh
HwxEikxc
HwxEkc
HwxEvt
HwxFakrwa
HwxGgs
HwxGjtkr
HwxHkpq
HwxHmtgs
HwxHmue
HwxHwegn
HwxIa
HwxIhjbkd
HwxIihz
HwxIoslrn
HwxItp
HwxIvj
HwxJk
HwxJvzuq
HwxJzaavb
HwxJzfu
HwxJzta
HwxKhshyo
HwxKiq
HwxKsb
HwxKwyvb
HwxLeqo
HwxLirobh
HwxLreaab
HwxMec
HwxMiywf
HwxMkzf
HwxMyf
HwxNbby
HwxNjyueh
HwxNtmqz
HwxNzbl
HwxOal
HwxOfidrc
HwxOgbr
HwxOwyuw
HwxPpei
HwxQff
HwxRcvnhn
HwxRpwfzb
HwxRtbo
HwxRy
HwxRzugf
HwxShp
HwxSlzn
HwxSnjxnc
HwxSokndf
HwxTcg
HwxUe
HwxUhr
HwxUjeolm
HwxUktpq
HwxUrouf
HwxUyzm
HwxVs
HwxWc
HwxWjeajj
HwxWopn
HwxWrrqh
HwxWum
HwxXy
HwxYw
HwxZenfjq
HwxZfswg
HwxZgkf
HwxZlu
HwxZnii
HwxZrg
HwxZvbj
HwxZx

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6219b8c27bb65d22c1f8b2f654f794b

Code Sign

36:73:2e:a7:e7:4f:3d:3fCertificate

Extended Key Usages

Key Usages

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

55:ce:31:53:52:ef:24:56:fc:62:42:09:41:a3:46:7d:a3:e9:e6:95Signer

Signature Validations

Verification

14/12/2012, 11:09 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 430KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 20KB - Virtual size: 19KB

36:73:2e:a7:e7:4f:3d:3f
Certificate

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

55:ce:31:53:52:ef:24:56:fc:62:42:09:41:a3:46:7d:a3:e9:e6:95
Signer

14/12/2012, 11:09
Valid: false

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 430KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 19KB