1413b6d8db0ed4411c3d4aaedc5357bd+6ad15ad825eb4094a5394c7f4681964be1107e05+1f0b5ef5960fde43a0b40e48ec7ab3d7f74fbf90c8bd80d64f8ce6a23387d26d

Sharing

Copy URL Twitter E-mail

General

Target

1413b6d8db0ed4411c3d4aaedc5357bd+6ad15ad825eb4094a5394c7f4681964be1107e05+1f0b5ef5960fde43a0b40e48ec7ab3d7f74fbf90c8bd80d64f8ce6a23387d26d
Size

116KB
MD5

1413b6d8db0ed4411c3d4aaedc5357bd
SHA1

6ad15ad825eb4094a5394c7f4681964be1107e05
SHA256

1f0b5ef5960fde43a0b40e48ec7ab3d7f74fbf90c8bd80d64f8ce6a23387d26d
SHA512

e1e80b44b6c071506843406d92f7e5e09c332ce48b76cf950cb9fa687a31887f9f698f6ca64efcf2a9115af7868bd022686398ce64114cdc6bd471ad795d61e4
SSDEEP

1536:+N9ucZWb6A9GrxoxU50ZHtJT0QPuZj+tYQROvDJYqqtJMC:k3W+B1EU5PQP/ROLJYdtJMC

Score

1^/10

Malware Config

Signatures

Files

1413b6d8db0ed4411c3d4aaedc5357bd+6ad15ad825eb4094a5394c7f4681964be1107e05+1f0b5ef5960fde43a0b40e48ec7ab3d7f74fbf90c8bd80d64f8ce6a23387d26d
.exe windows x86

e555d19292e0d32c3b4719ff8c18081c

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:ff:e4:32:a5:3f:f0:3b:92:23:f8:8b:e1:b8:3d:9d
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

28/04/2015, 00:00

Not After

26/06/2017, 23:59

Subject

CN=EGIS Co.\, Ltd.,O=EGIS Co.\, Ltd.,L=Nam-gu,ST=Daegu,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d4:62:3f:3c:96:bb:14:66:1a:ef:2a:1f:67:40:0d:ae:3d:31:97:73
Signer

Actual PE Digest

d4:62:3f:3c:96:bb:14:66:1a:ef:2a:1f:67:40:0d:ae:3d:31:97:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wtsapi32

WTSEnumerateProcessesA
WTSQueryUserConfigA
WTSTerminateProcess
WTSEnumerateSessionsA
WTSLogoffSession
WTSFreeMemory
WTSQuerySessionInformationA

advapi32

RegEnumKeyExA
ControlService
StartServiceA
QueryServiceStatus
EnumServicesStatusA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
LockServiceDatabase
QueryServiceLockStatusA
OpenServiceA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
UnlockServiceDatabase
ChangeServiceConfig2A
ChangeServiceConfigA

kernel32

SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateProcessA
GetCurrentThreadId
GetACP
GetOEMCP
GetSystemDefaultUILanguage
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
Sleep
DeleteFileA
CloseHandle
WriteFile
CreateFileA
LocalFree
ProcessIdToSessionId
GetCurrentProcessId
GetLastError
Process32Next
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
ReadProcessMemory
VirtualProtectEx
OpenProcess
Module32Next
Module32First
LocalAlloc
CreateThread
FormatMessageA
TerminateProcess
GetExitCodeProcess
GetModuleFileNameA
GetCurrentDirectoryA
GetCurrentProcess
InitializeCriticalSection
CreateEventA
WaitForSingleObject
DeleteCriticalSection
SetEvent
LeaveCriticalSection
EnterCriticalSection
ResetEvent
WaitForMultipleObjects
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapSize
HeapFree
HeapAlloc
RtlUnwind
MoveFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
GetConsoleMode

user32

CreateDesktopA
OpenInputDesktop
CloseDesktop
IsWindowEnabled
GetTopWindow
GetWindowTextA
GetKeyboardLayout
LoadKeyboardLayoutA
MapVirtualKeyExA
UnloadKeyboardLayout
GetClassNameA
GetWindow
GetWindowRect
SetForegroundWindow
SetFocus
PostMessageA
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e555d19292e0d32c3b4719ff8c18081c

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0f:ff:e4:32:a5:3f:f0:3b:92:23:f8:8b:e1:b8:3d:9dCertificate

Extended Key Usages

Key Usages

d4:62:3f:3c:96:bb:14:66:1a:ef:2a:1f:67:40:0d:ae:3d:31:97:73Signer

Headers

File Characteristics

Imports

version

wtsapi32

advapi32

kernel32

user32

shell32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 14KB

.tls Size: 4KB - Virtual size: 265B

.rsrc Size: 4KB - Virtual size: 176B

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0f:ff:e4:32:a5:3f:f0:3b:92:23:f8:8b:e1:b8:3d:9d
Certificate

d4:62:3f:3c:96:bb:14:66:1a:ef:2a:1f:67:40:0d:ae:3d:31:97:73
Signer

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 14KB

.tls
Size: 4KB - Virtual size: 265B

.rsrc
Size: 4KB - Virtual size: 176B