Newcopperstealer10_browsingExe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Newcopperstealer10_browsingExe.exe
Size

3.7MB
MD5

7c7671a948fb42fd70f55432e8a21786
SHA1

b06dab46a30f2f5a38587ce16d4ea9876368f797
SHA256

e69026db820b4aecb17d98bf3cb9f40b78758232a5b45b5b7ba84850bd9f9ec5
SHA512

8d3e20fa94b9ab29ce419d46b572370ba2f0dc9fa7ffdb4aef9c9ad988486ed62324ed95679da9575564330a795582d220616cc12ff3abbb98fce84d13cecc75
SSDEEP

49152:ENTZ0VDVRkP3p8diOcjTvfUwvOnI1ttMOjD647nfxX5Vgx6:ENTZ0VDVRkPGdTuGWtyOjD6e7ig

Score

1^/10

Malware Config

Signatures

Files

Newcopperstealer10_browsingExe.exe
.exe windows x86

8c6cf8123d4782167f2c0c00c889a02a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/01/2014, 00:00

Not After

29/01/2016, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:ff:c6:47:27:ed:09:1c:a9:6b:63:2b:d4:39:aa:6a:10:9c:7c:04
Signer

Actual PE Digest

33:ff:c6:47:27:ed:09:1c:a9:6b:63:2b:d4:39:aa:6a:10:9c:7c:04

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
CreateMutexA
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
ReadFile
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
LoadLibraryExA
OutputDebugStringA
GlobalFree
FormatMessageA
GetFileSize
QueryPerformanceFrequency
TerminateThread
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
ResetEvent
GetModuleFileNameW
GetLongPathNameW
GetLongPathNameA
GetSystemDirectoryA
SearchPathA
SetErrorMode
GetVersion
DebugBreak
GetShortPathNameW
CreateFileW
GetDriveTypeA
DeviceIoControl
GetTempPathW
GetTempPathA
FindResourceA
SizeofResource
LoadResource
LockResource
DeleteFileA
LoadLibraryExW
CreateDirectoryW
FindFirstFileW
CreateDirectoryExW
RemoveDirectoryA
FindFirstFileA
SetFileAttributesA
GetFileAttributesExA
FindFirstFileExW
CreateProcessA
FindFirstFileExA
GetShortPathNameA
FindNextFileW
FindNextFileA
SetFileAttributesW
GetFileAttributesExW
CreateDirectoryA
CopyFileW
MoveFileW
CreateDirectoryExA
MoveFileExW
GetDateFormatW
CopyFileA
GetTimeFormatW
RemoveDirectoryW
MoveFileA
MoveFileExA
CopyFileExW
CreateProcessW
MoveFileWithProgressW
FindFirstChangeNotificationW
CopyFileExA
FindFirstChangeNotificationA
MoveFileWithProgressA
GetModuleHandleW
GetFileAttributesW
GetFileAttributesA
LoadLibraryW
DeleteFileW
VirtualQuery
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateThread
FindClose
SetEndOfFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
GetSystemDefaultLCID
CreateToolhelp32Snapshot
Module32First
Module32Next
GetProcessTimes
GlobalAlloc
ReleaseMutex
OpenMutexA
WaitForSingleObject
GetLastError
OpenEventA
InterlockedIncrement
SetEvent
GetCurrentThreadId
CreateEventA
InterlockedDecrement
ExitThread

user32

MsgWaitForMultipleObjects
GetCursor
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
GetForegroundWindow
PeekMessageA
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
MessageBoxW
CreateWindowExA
CallWindowProcA
SetWindowLongW
GetWindowLongW
RegisterClassA
CallWindowProcW
UnregisterClassA
SetMenuItemInfoA
GetMenuItemInfoA
RegisterClassW
UnregisterClassW
SetClassLongA
GetClassInfoA
InsertMenuItemA
SetClassLongW
SetWindowTextA
SetWindowTextW
GetWindowTextA
AppendMenuA
GetWindowTextW
DialogBoxParamW
DialogBoxParamA
SetCursor
SendMessageW
SetDlgItemTextW
SetDlgItemTextA
DefWindowProcW
CreateDialogParamW
DefWindowProcA
CreateDialogParamA
CreateWindowExW
SetCapture
SetParent
GetTopWindow
AdjustWindowRectEx
SetFocus
GetMenu
GetDC
ReleaseDC
ClientToScreen
RedrawWindow
ScreenToClient
GetWindowTextLengthW
GetWindowTextLengthA
EnableWindow
DialogBoxIndirectParamA
GetWindowLongA
GetFocus
IsWindowVisible
SetWindowLongA
EndDialog
MoveWindow
GetWindowRect
GetDlgItem
GetSystemMetrics
LoadCursorA
DispatchMessageA
GetAsyncKeyState
BeginPaint
PostQuitMessage
GetParent
FlashWindowEx
LoadIconA
GetActiveWindow
SetWindowPos
ReleaseCapture
GetClientRect
IsWindow
SystemParametersInfoA
DestroyWindow
EnumThreadWindows
MessageBeep
LoadImageA
ShowWindow
IsIconic
SetForegroundWindow
FindWindowExA
SendMessageA
PostMessageA
SetActiveWindow
GetClassNameA
GetWindow
EndPaint
GetDesktopWindow
MessageBoxA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileW
DragQueryFileA
SHFileOperationW
SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA
SHGetFileInfoW

comctl32

PropertySheetA
CreatePropertySheetPageA
PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW

mscms

GetColorDirectoryA

urlmon

FindMimeFromData

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW

wininet

InternetCrackUrlA
InternetSetStatusCallback
InternetConnectA
HttpSendRequestExA
HttpSendRequestA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenA
InternetGetConnectedStateEx
InternetCloseHandle
InternetGetConnectedState
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetErrorDlg

winmm

mciSendCommandA

ws2_32

gethostbyname

gdi32

GetTextExtentPoint32W
ExtTextOutW
TextOutW
GetTextExtentPoint32A
ExtTextOutA
TextOutA
SelectObject
CreateFontIndirectA
DeleteDC
GetDeviceCaps
CreateCompatibleDC
GetStockObject
GetKerningPairsA
GetGlyphOutlineA
GetGlyphOutlineW
SetBkMode
GetICMProfileA
CreateDIBSection
BitBlt
DeleteObject
Rectangle
CreatePen

comdlg32

GetSaveFileNameA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA

advapi32

RegEnumKeyExW
ReportEventA
DeregisterEventSource
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptReleaseContext
CryptDecrypt
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExA
RegCreateKeyExA
RegEnumValueW
RegisterEventSourceA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c6cf8123d4782167f2c0c00c889a02a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

33:ff:c6:47:27:ed:09:1c:a9:6b:63:2b:d4:39:aa:6a:10:9c:7c:04Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

comctl32

mscms

urlmon

version

wininet

winmm

ws2_32

gdi32

comdlg32

advapi32

oleaut32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 216KB - Virtual size: 215KB

.data Size: 64KB - Virtual size: 165KB

.rsrc Size: 280KB - Virtual size: 279KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

33:ff:c6:47:27:ed:09:1c:a9:6b:63:2b:d4:39:aa:6a:10:9c:7c:04
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 216KB - Virtual size: 215KB

.data
Size: 64KB - Virtual size: 165KB

.rsrc
Size: 280KB - Virtual size: 279KB