bc688c4232ab93f345a85453f0e50476197f5278bf55d31c456f414539629d0b

Sharing

Copy URL Twitter E-mail

General

Target

bc688c4232ab93f345a85453f0e50476197f5278bf55d31c456f414539629d0b
Size

156KB
MD5

39903844501eb8a9be2224fcb16dae26
SHA1

7af67add1a1f389a0be4d49841e83a40a3ca3ef4
SHA256

bc688c4232ab93f345a85453f0e50476197f5278bf55d31c456f414539629d0b
SHA512

5b3714a864cbd3d37155e6210f5c162cd6524f02ad0c4f48bed1c69f039ce371dc64793ead7bf89292be7bcd0fcb547622a06245545de5d1ac4d4208e4344caf
SSDEEP

3072:9QkV5i/jh3OkEyd2P1hL91Nlm3E4bdGPqdojAZSRJFhr9hoO:9Qn3Ok4Pp1LzPqGjfRpo

Score

N/A

Malware Config

Signatures

Files

bc688c4232ab93f345a85453f0e50476197f5278bf55d31c456f414539629d0b
.exe windows x86

3b1c68c2cdd408159fb3c78062ecc2b6

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2010, 00:00

Not After

01/06/2013, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
CreateEventW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
SetUnhandledExceptionFilter
CloseHandle
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime

user32

CharNextW
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
CharUpperW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW

ole32

CoInitialize
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject

oleaut32

LoadRegTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayPutElement
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
SafeArrayDestroy

msvcr90

_wfopen_s
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
__set_app_type
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
??3@YAXPAX@Z
wcsrchr
wcsstr
malloc
free
memcpy_s
_CxxThrowException
wcscpy_s
wcsncpy_s
wcscat_s
__CxxFrameHandler3
??_V@YAXPAX@Z
_recalloc
??_U@YAPAXI@Z
memset
swprintf_s
strchr
_wcsicmp
strstr
_wcsupr_s
fclose
sscanf_s
fgets
_encode_pointer
strncpy
sscanf
strspn
strncmp
_purecall
??2@YAPAXI@Z
_except_handler4_common
_unlock
__dllonexit
__p__fmode

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�B
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3b1c68c2cdd408159fb3c78062ecc2b6

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcr90

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

�B Size: 90KB - Virtual size: 92KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB

�B
Size: 90KB - Virtual size: 92KB