06cf935808bab9exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

06cf935808bab9exeexeexeex.exe
Size

1.0MB
MD5

06cf935808bab9b1b20cbbd8b81b755e
SHA1

ab2b01a05d3a07ea834fb1f54a959d79e4d62a9f
SHA256

50ede617ce01eae6e0f84f93e301d10972491c8a85d6ffe2a6b94aa00e135761
SHA512

485b0c2920451d6d3850b750a83ea5418864caec7b1261b829f3582efdf995867e696220be5beda7c3d92b61236bc072959caba0c275bf7b62e70dfe0d4aabac
SSDEEP

24576:cqRYHvKFDY4hQIcPcFphJ9eSWenRBrajcRXQbPwarEH79:9YHvIz6UhJ9NL7rawRALwf

Score

1^/10

Malware Config

Signatures

Files

06cf935808bab9exeexeexeex.exe
.exe windows x86

4bca64e1661ed72fb4f380684fb98898

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/11/2011, 00:00

Not After

15/11/2014, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Development IT2,O=Hewlett-Packard Company,L=Andover,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

83:3b:b7:65:99:35:4d:23:f6:1e:5a:b5:20:11:df:30:da:01:04:f4
Signer

Actual PE Digest

83:3b:b7:65:99:35:4d:23:f6:1e:5a:b5:20:11:df:30:da:01:04:f4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiDestroyDeviceInfoList
CM_Locate_DevNodeW
CM_Get_Device_IDW
CM_Get_Device_ID_Size
CM_Get_Sibling
SetupDiOpenDeviceInfoW
CM_Get_Child
SetupDiOpenClassRegKeyExW
SetupDiEnumDeviceInterfaces
CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

kernel32

GetCurrentThreadId
CreateEventW
OpenProcess
GetVersionExW
DeleteTimerQueue
GetCurrentProcessId
CreateTimerQueueTimer
CreateTimerQueue
SetEnvironmentVariableW
GetVolumeInformationW
FlushFileBuffers
QueryDosDeviceW
LoadLibraryW
GlobalAlloc
TerminateProcess
GetExitCodeProcess
CreateProcessW
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
DeleteFileW
ReleaseMutex
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
SetLastError
MoveFileW
GetTempFileNameW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetFileAttributesExW
CreateDirectoryW
CreateMutexW
GetFirmwareEnvironmentVariableW
CompareStringW
HeapFree
HeapAlloc
GetProcessHeap
WriteFile
ExpandEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapReAlloc
HeapSize
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ReadFile
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentThread
GetCurrentProcess
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
lstrcmpiW
RaiseException
SetEvent
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetCommandLineW
GetSystemPowerStatus
DeviceIoControl
ReleaseSemaphore
CreateSemaphoreW
LocalFree
LocalAlloc
CreateThread
WaitForSingleObject
SetProcessShutdownParameters
MultiByteToWideChar
SetThreadPriority
GetLocalTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
WaitForMultipleObjects
TerminateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalFree
GetModuleHandleW
GetProcAddress
InterlockedCompareExchange
CreateFileW
InterlockedExchange
InterlockedDecrement
OpenEventW
PulseEvent
CloseHandle
lstrlenW
InterlockedIncrement
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
EncodePointer
DecodePointer
GetTickCount
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetLocaleInfoW
GetStdHandle
HeapCreate
ExitProcess
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
GetFileAttributesW
GetStartupInfoW
HeapSetInformation
VirtualQuery
RtlUnwind
ExitThread
ResumeThread
GetTimeFormatW
GetDateFormatW
VirtualProtect
VirtualAlloc
GetSystemInfo
GetStringTypeW

user32

LoadStringW
GetSystemMetrics
PostThreadMessageW
GetMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextW
CharUpperW
TranslateMessage
DispatchMessageW

advapi32

OpenServiceW
CryptAcquireContextW
CryptReleaseContext
CryptVerifySignatureW
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptImportKey
EqualSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
StartServiceW
ControlService
DeleteService
CreateServiceW
QueryServiceStatus
ChangeServiceConfigW
CreateWellKnownSid
OpenThreadToken
OpenProcessToken
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryInfoKeyW
OpenSCManagerW
GetServiceKeyNameW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
CloseServiceHandle
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoDisconnectObject
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
CoSetProxyBlanket
CoResumeClassObjects
CoInitializeEx
CoAddRefServerProcess
CLSIDFromString
OleRun
CoCreateGuid
CoReleaseServerProcess

shell32

CommandLineToArgvW
SHGetFolderPathW

oleaut32

SystemTimeToVariantTime
SysStringByteLen
VarUdateFromDate
VarCmp
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SafeArrayDestroy
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
GetErrorInfo
VarBstrCmp
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysStringLen
VariantCopy
VariantClear
VariantInit
SysFreeString
VariantTimeToSystemTime

shlwapi

StrTrimW
StrCmpNIW
StrCmpW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessImageFileNameW
EnumProcesses

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bca64e1661ed72fb4f380684fb98898

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

83:3b:b7:65:99:35:4d:23:f6:1e:5a:b5:20:11:df:30:da:01:04:f4Signer

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

version

psapi

Sections

.text Size: 642KB - Virtual size: 642KB

.rdata Size: 241KB - Virtual size: 240KB

.data Size: 16KB - Virtual size: 34KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 62KB - Virtual size: 62KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

83:3b:b7:65:99:35:4d:23:f6:1e:5a:b5:20:11:df:30:da:01:04:f4
Signer

.text
Size: 642KB - Virtual size: 642KB

.rdata
Size: 241KB - Virtual size: 240KB

.data
Size: 16KB - Virtual size: 34KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 62KB - Virtual size: 62KB