53e0b8a1e570bae84ce2f72a1d889b81

Sharing

Copy URL Twitter E-mail

General

Target

53e0b8a1e570bae84ce2f72a1d889b81
Size

3.0MB
MD5

53e0b8a1e570bae84ce2f72a1d889b81
SHA1

e44adc04402681b7661a0d32b4db24f77afd90ca
SHA256

34aa24656d5527a5ff1f7eb4ce4e782085618ded3766730c81f8f16a15d7e0ce
SHA512

e07929cae587d11a7e0c0cb2f8db1ecaba1dd4bcb85a8bc190b198f32472b4a93dda36881f10cafc7f0a4b8e5282ccbfe2349146224fbb387e1cd550e9aebc18
SSDEEP

49152:yGvzc710znNHjtjb0vCEvAEcLKWcZcLovk1Z1sHwvd2nPkdLNrvMdcVGGQ68vH/w:yGvzq1ob074rgnPkdLNrvMyVGG6vx0Cg

Score

1^/10

Malware Config

Signatures

Files

53e0b8a1e570bae84ce2f72a1d889b81
.exe windows x86

0f164fcb67a43ac198b57410cdc9e591

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:ec:9b:fe:7d:cd:02:84:db:79:d2:d8:5b:e6:94:cf
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/10/2018, 00:00

Not After

16/10/2021, 23:59

Subject

CN=TMRG\, Inc.,O=TMRG\, Inc.,POSTALCODE=20190,STREET=Suite 600+STREET=11950 Democracy Drive,L=Reston,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetOpenA
HttpSendRequestA
InternetGetConnectedState
CreateUrlCacheEntryA
HttpOpenRequestA
CommitUrlCacheEntryA
InternetSetOptionA
InternetReadFile
InternetConnectA
HttpQueryInfoA
InternetCloseHandle

comctl32

ord17

wsock32

WSACleanup
connect
WSAStartup
ioctlsocket
select
WSAGetLastError
htons
shutdown
setsockopt
recv
bind
socket
__WSAFDIsSet
WSASetLastError
closesocket
send
listen
accept
getsockname
ntohs
getsockopt
gethostbyname
getpeername
inet_addr
getservbyname
sendto
recvfrom
inet_ntoa
gethostname

kernel32

CreateProcessA
GetProcAddress
CopyFileA
SetFileAttributesA
LoadLibraryA
WritePrivateProfileStringA
lstrcmpiA
GetModuleHandleA
GetVersionExA
CompareFileTime
GetSystemTimeAsFileTime
ReadFile
HeapAlloc
HeapFree
GetProcessHeap
GetTimeZoneInformation
FindFirstFileA
FindClose
GetDiskFreeSpaceA
FindNextFileA
GetDiskFreeSpaceExA
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
OutputDebugStringA
GetFileAttributesA
SetLastError
FormatMessageA
VerifyVersionInfoA
VerSetConditionMask
QueryPerformanceFrequency
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
QueryPerformanceCounter
ExpandEnvironmentStringsA
SystemTimeToFileTime
GetSystemTime
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
SetEndOfFile
LoadLibraryW
SetConsoleCtrlHandler
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameA
FatalAppExitA
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetWindowsDirectoryA
WaitForSingleObject
FreeLibrary
GetCurrentProcessId
OpenEventA
RemoveDirectoryA
CreateDirectoryA
GetSystemDirectoryA
Sleep
GetVolumeInformationA
GetCommandLineA
SetEvent
MoveFileExA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetACP
HeapDestroy
DeleteCriticalSection
OpenMutexA
VirtualQuery
GetStartupInfoA
InitializeCriticalSection
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteConsoleW
CreateFileW
SetHandleCount
SetStdHandle
ExitProcess
GetModuleHandleW
HeapSize
IsProcessorFeaturePresent
GetCurrentProcess
DeleteFileA
GetTempPathA
CloseHandle
GetTempFileNameA
GetLastError
WriteFile
GetTickCount
CreateFileA
InterlockedExchangeAdd
SwitchToFiber
CreateFiber
DeleteFiber
GetModuleHandleExW
LocalFree
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetDateFormatA
GetTimeFormatA
RtlUnwind
FindFirstFileExA
GetDriveTypeA
HeapReAlloc
RaiseException
GetStartupInfoW
ConvertThreadToFiber
ConvertFiberToThread
lstrlenA
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SetCriticalSectionSpinCount
ResetEvent
ReleaseMutex
ReleaseSemaphore
CancelWaitableTimer
SetWaitableTimer
LocalAlloc
CreateEventA
CreateMutexA
CreateSemaphoreA
CreateWaitableTimerA
OpenProcess
FindFirstFileW
FindNextFileW
GetShortPathNameA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetVersion
GetComputerNameA
GetModuleFileNameW
LoadLibraryExA
InterlockedCompareExchange
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetFilePointer
Process32First
MultiByteToWideChar
Process32Next
CreateToolhelp32Snapshot
DeleteFileW
EncodePointer
DecodePointer
InterlockedExchange
SetFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ExitThread
GetCurrentThreadId
CreateThread
HeapSetInformation
FormatMessageW

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
SetForegroundWindow
ReleaseDC
GetDC
LoadMenuA
LoadImageA
EnumWindows
EnumChildWindows
ExitWindowsEx
GetClassNameA
MoveWindow
GetSystemMetrics
KillTimer
GetClientRect
SetWindowPos
PostMessageA
SetWindowTextA
DestroyWindow
GetMessageA
GetWindowRect
RegisterClassExA
PostQuitMessage
LoadStringA
LoadIconA
TranslateMessage
CreateWindowExA
TranslateAcceleratorA
DefWindowProcA
GetDesktopWindow
ShowWindow
DispatchMessageA
UpdateWindow
LoadCursorA
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegFlushKey
RegSaveKeyA
DuplicateTokenEx
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegSetKeySecurity
SetSecurityDescriptorDacl
CryptDestroyKey
CryptGetUserKey
RegCreateKeyA
RegDeleteValueA
CryptGetProvParam
CryptEnumProvidersW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
ConvertSidToStringSidA
CheckTokenMembership
SetFileSecurityA
IsValidSid
GetSidSubAuthorityCount
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegEnumKeyExA
SetSecurityInfo
SetTokenInformation
LookupPrivilegeValueA
GetSidSubAuthority
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
RegOpenKeyExA
CreateProcessAsUserA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

OleInitialize
CoCreateInstance
StringFromGUID2
OleRun
CoTaskMemFree

oleaut32

CreateErrorInfo
VariantClear
LoadTypeLi
DispGetIDsOfNames
VariantInit
SysFreeString
GetErrorInfo
VariantChangeType
SysAllocString
SetErrorInfo

shlwapi

SHCopyKeyA

ws2_32

getnameinfo
getaddrinfo
freeaddrinfo
WSAIoctl

wldap32

ord301
ord27
ord33
ord46
ord60
ord35
ord32
ord200
ord30
ord26
ord50
ord143
ord217
ord211
ord22
ord41
ord79

gdi32

GetDeviceCaps

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenStore

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f164fcb67a43ac198b57410cdc9e591

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

36:ec:9b:fe:7d:cd:02:84:db:79:d2:d8:5b:e6:94:cfCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

comctl32

wsock32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wldap32

gdi32

crypt32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 501KB - Virtual size: 500KB

.data Size: 25KB - Virtual size: 58KB

.rsrc Size: 5KB - Virtual size: 4KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

36:ec:9b:fe:7d:cd:02:84:db:79:d2:d8:5b:e6:94:cf
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 501KB - Virtual size: 500KB

.data
Size: 25KB - Virtual size: 58KB

.rsrc
Size: 5KB - Virtual size: 4KB