d7f9f3834f6ed85d4e1b082f6195f647d981530c6ff2902a1cfd1006f6d9288c

Sharing

Copy URL Twitter E-mail

General

Target

d7f9f3834f6ed85d4e1b082f6195f647d981530c6ff2902a1cfd1006f6d9288c
Size

1.0MB
MD5

43d31b9ac00a994556c08ef19167307d
SHA1

01d2658f2b5ea471f445515be8e4d9803c59d5b3
SHA256

d7f9f3834f6ed85d4e1b082f6195f647d981530c6ff2902a1cfd1006f6d9288c
SHA512

23feb2c5e9a057c8502abbee81dfe0c8b0bc54d08c670a224f5a420163d7bd227a0393a84773a5ca61e5cd712dcda25af98026dff261fb37371f31c9885d675f
SSDEEP

192:WbxDkyFOEMK4KTkKOjWOqvFI8RwUoynTeQBlCwX1NnWHlmh4yW/:B7a4KTk6FI8RldeQzrVk

Score

N/A

Malware Config

Signatures

Files

d7f9f3834f6ed85d4e1b082f6195f647d981530c6ff2902a1cfd1006f6d9288c
.exe windows x86

b097caa7de8e44b03e51ed80633400d0

Code Sign

01:a5
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13/08/1998, 00:29

Not After

13/08/2018, 23:59

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

01:00:00:00:00:01:1f:80:95:bf:76
Certificate

Issuer

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Not Before

16/02/2009, 18:44

Not After

16/02/2011, 18:44

Subject

CN=ambermms.syniverse.com,OU=Crossroads,O=Syniverse Technologies Inc.,L=Tampa,ST=Florida,C=US,1.2.840.113549.1.9.1=#0c1f62656c696e64612e6a61626c6f6e736b694073796e6976657273652e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:03:cb
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

16/02/2005, 19:14

Not After

16/02/2012, 23:59

Subject

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:8d:e9:6b:5e:dd:96:a5:b1:cc:45:10:b7:41:19:b4:7c:d4:a2:49
Signer

Actual PE Digest

71:8d:e9:6b:5e:dd:96:a5:b1:cc:45:10:b7:41:19:b4:7c:d4:a2:49

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ambermms.syniverse.com,OU=Crossroads,O=Syniverse Technologies Inc.,L=Tampa,ST=Florida,C=US,1.2.840.113549.1.9.1=#0c1f62656c696e64612e6a61626c6f6e736b694073796e6976657273652e636f6d

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoA
InternetReadFile
InternetErrorDlg
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetConnectA

advapi32

SetSecurityDescriptorDacl
RegCreateKeyExA
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor

user32

GetMessageA
PostThreadMessageA
GetDesktopWindow

shlwapi

PathFileExistsA

msvcrt

free
realloc
malloc
strlen
memset
sprintf
_sleep
strcat
fclose
fwrite
fopen
strtok
strncmp
strstr
atoi
fflush
_filelength
exit
_strdup
_EH_prolog
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strrchr
__CxxFrameHandler

ws2_32

inet_ntoa
WSAStartup
gethostname
gethostbyname
WSACleanup

shell32

DoEnvironmentSubstA

kernel32

GetLocalTime
CreateMutexA
Sleep
GetCurrentThreadId
GetStartupInfoA
FileTimeToLocalFileTime
FindFirstFileA
GetLastError
FileTimeToSystemTime
SetFileAttributesA
DeleteFileA
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b097caa7de8e44b03e51ed80633400d0

Code Sign

01:a5Certificate

01:00:00:00:00:01:1f:80:95:bf:76Certificate

Key Usages

04:00:03:cbCertificate

Key Usages

71:8d:e9:6b:5e:dd:96:a5:b1:cc:45:10:b7:41:19:b4:7c:d4:a2:49Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

wininet

advapi32

user32

shlwapi

msvcrt

ws2_32

shell32

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

01:a5
Certificate

01:00:00:00:00:01:1f:80:95:bf:76
Certificate

04:00:03:cb
Certificate

71:8d:e9:6b:5e:dd:96:a5:b1:cc:45:10:b7:41:19:b4:7c:d4:a2:49
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB