EsetOnlineScanner[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EsetOnlineScanner.exe
Size

2.7MB
MD5

c5b68ac8ec40cab217ab4f479b953b54
SHA1

21467e66fca4c6e3aed97eabe1fbb1a824090ca2
SHA256

7f929c8c870f3dce617afe8ba5e022aa1c34561c4dbde1c6ee10698e5e8b3138
SHA512

fe580fc24f6ff03f69825bd9d5698cabf91219f8e281e4071e87dd5a374271a363e8875077865a49ec16cc365fb0088221120cba27ab32c9350e02708ac49775
SSDEEP

24576:xXYRmY1O28vIZIEaGLz/sgt8tf3EdQmnO8:xIRmeO28vIZIEaGLz/sgtp

Score

1^/10

Malware Config

Signatures

Files

EsetOnlineScanner.exe
.exe windows x86

19ea22e027882c7485680d1b5316735d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:e3:de:40:01:9f:83:3a:ff:5d:55:b9:98:d7:12:a8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/05/2013, 00:00

Not After

05/07/2016, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:82:31:91:98:6b:a0:a9:ff:40:96:c2:bf:7f:9a:ab:0e:dd:74:1d
Signer

Actual PE Digest

69:82:31:91:98:6b:a0:a9:ff:40:96:c2:bf:7f:9a:ab:0e:dd:74:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetTickCount
GetCurrentThread
InterlockedExchange
GetModuleHandleA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
GetModuleFileNameA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
SetFilePointer
SetEndOfFile
ReadFile
Sleep
SetLastError
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetCurrentProcess
WriteFile
GetExitCodeProcess
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetVersionExA
FreeLibrary
GlobalFree
LoadLibraryA
DeleteFileA
GetTempFileNameA
GetTempPathA
GetLastError
LocalFree
FindClose
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
ExitThread
HeapAlloc
HeapReAlloc
GetProcessHeap
RaiseException
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId

user32

BeginPaint
EnumWindows
GetDlgItem
KillTimer
PostQuitMessage
SetWindowPos
SetTimer
ReleaseDC
GetDC
UpdateWindow
EndDialog
ShowWindow
SetFocus
GetWindowRect
GetDesktopWindow
GetSystemMetrics
SetCursor
ScreenToClient
TranslateMessage
ReleaseCapture
RedrawWindow
SetCapture
GetParent
GetDlgCtrlID
PtInRect
EndPaint
FillRect
GetClientRect

gdi32

CreateCompatibleBitmap
GetPixel
SetBkColor
CreateBitmap
BitBlt
SetBkMode
CreateCompatibleDC
DeleteDC
SetTextColor
SelectObject
DeleteObject
GetStockObject

advapi32

OpenThreadToken
EqualSid
GetTokenInformation
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegOpenCurrentUser

ole32

CoCreateGuid

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19ea22e027882c7485680d1b5316735d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1f:e3:de:40:01:9f:83:3a:ff:5d:55:b9:98:d7:12:a8Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

69:82:31:91:98:6b:a0:a9:ff:40:96:c2:bf:7f:9a:ab:0e:dd:74:1dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 24KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1f:e3:de:40:01:9f:83:3a:ff:5d:55:b9:98:d7:12:a8
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

69:82:31:91:98:6b:a0:a9:ff:40:96:c2:bf:7f:9a:ab:0e:dd:74:1d
Signer

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 24KB - Virtual size: 23KB