05536299[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

05536299.exe
Size

1.8MB
MD5

0d29e755568b5f8cdc92e8eb8a3a6939
SHA1

5e53441eb0d63691c912808c7c341ae023cb9ad4
SHA256

25e0928fa6d8392e08c0da5f7ff348d1953ca310f84fcfc0e89b6da0bd9f99f6
SHA512

6ae32c7d8aeeef23ed2cbcee108fee8c7f08b3e5a6aa23324ea0b5049d393bc6ec72a7cd7d0ba635c31eb5cc721ae37076d6190053637c62d8723dbbacbca0a0
SSDEEP

49152:LmG+mSjyWGGajZgw1MlvfTSoIgwC2rC3UHHQorvWyadJT:LmrxOWkZgw4SzTC2re6Qor6dt

Score

1^/10

Malware Config

Signatures

Files

05536299.exe
.exe windows x86

7de68a559169452a6729ae1b48c55644

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05-10-2017 00:00

Not After

04-12-2019 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:60:8b:75:63:1d:e1:d2:bf:53:e4:9b:62:78:77:99:9a:ff:08:43
Signer

Actual PE Digest

f1:60:8b:75:63:1d:e1:d2:bf:53:e4:9b:62:78:77:99:9a:ff:08:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
CreateFileMappingW
CloseHandle
MapViewOfFile
UnmapViewOfFile
GetVersionExA
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
CreateEventW
GetStartupInfoW
MulDiv
SetEvent
InterlockedIncrement
InterlockedDecrement
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenFileMappingW
FreeLibrary
FindResourceW
LoadResource
LockResource
FreeResource
GetTempPathW
GetTempFileNameW
GetCurrentProcessId
SizeofResource
FormatMessageW
LocalFree
GetCommandLineW
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
InterlockedExchangeAdd
LocalAlloc
GetVersionExW
LoadLibraryW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SetLastError
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileW
GetTickCount
Sleep
DeleteFileW
MoveFileW
CopyFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetFileAttributesW
SetFileAttributesW
FindFirstFileExW
FindNextFileW
GetCurrentDirectoryW
GetFullPathNameW
GetDriveTypeW
FileTimeToLocalFileTime
HeapFree
GetProcessHeap
HeapAlloc
TlsSetValue
TlsGetValue
VirtualQuery
VirtualProtect
TlsAlloc
TlsFree
GetCurrentThreadId
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
WideCharToMultiByte
CompareStringW
GetTimeZoneInformation
CreateSemaphoreW
ReleaseSemaphore
GetCurrentProcess
InterlockedExchange
ResumeThread
TerminateThread
CreateThread
GetProfileStringW
GetExitCodeProcess
GetSystemDefaultLangID
GetMailslotInfo
GetComputerNameW
ExpandEnvironmentStringsW
CreateMailslotW
CreateProcessW
RaiseException
GetSystemInfo
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
EncodePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
GetStdHandle
GetACP
LCMapStringW
GetStringTypeW
HeapReAlloc
SetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer
WriteConsoleW

Exports

Exports

CommandeComposante
DeclareProxy
Execution
LibereMutex

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7de68a559169452a6729ae1b48c55644

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9bCertificate

Extended Key Usages

Key Usages

f1:60:8b:75:63:1d:e1:d2:bf:53:e4:9b:62:78:77:99:9a:ff:08:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 186KB - Virtual size: 186KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 5KB - Virtual size: 9KB

.gfids Size: 512B - Virtual size: 244B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 13KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

f1:60:8b:75:63:1d:e1:d2:bf:53:e4:9b:62:78:77:99:9a:ff:08:43
Signer

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 5KB - Virtual size: 9KB

.gfids
Size: 512B - Virtual size: 244B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 13KB - Virtual size: 12KB