1b8c139d97ae51e7bd20d644617f1e47fd317e1620b01159e3f882aaf2da6583

Sharing

Copy URL Twitter E-mail

General

Target

1b8c139d97ae51e7bd20d644617f1e47fd317e1620b01159e3f882aaf2da6583
Size

1.0MB
MD5

2fefdaeda164665beb4788ae2045cd93
SHA1

5a21ddd1d860d9df4ef5531559fb0b9a868c6343
SHA256

1b8c139d97ae51e7bd20d644617f1e47fd317e1620b01159e3f882aaf2da6583
SHA512

c307e49b4b17202d23e406d49bb93dfa497076df459edff3bf4a767949a3572946ab0a919d13e3588aa7beddb59bfb7f30f2215d0f0203567b602bf0fc72e7d7
SSDEEP

12288:y//GGGa2FkH3OVUBO/sOe0FjdrxeNHoKr6m/9ycfDko+CF/N9VgiYkgi9C:E/GGGaBXOVUgsOZFJACwJgTYVgiYq9C

Score

1^/10

Malware Config

Signatures

Files

1b8c139d97ae51e7bd20d644617f1e47fd317e1620b01159e3f882aaf2da6583
.exe windows:4 windows x86

6e681c5dbfe0006039c4baff4666ad72

Code Sign

bf:d5:6e:e5:ce:23:a2:36:2b:22:6a:43:da:1a:b0:b1
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/06/2018, 00:00

Not After

19/07/2018, 23:59

Subject

CN=METEO,O=METEO,POSTALCODE=620026,STREET=d. 193 pom. 218\, ul. Bazhova,L=Ekaterinburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
lstrcmpiA
GlobalUnlock
GetSystemDirectoryW
FindClose
ResetEvent
GetProcAddress
GetVersionExA
GetModuleHandleA
LoadLibraryA
SetLastError
IsBadReadPtr
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetCPInfo
GetTimeFormatA
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
RaiseException
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetQueuedCompletionStatus
CreateDirectoryA
RemoveDirectoryA
FormatMessageW
GetExitCodeProcess
SetEndOfFile
GetCurrentThreadId
FreeLibrary
GetStringTypeW
CloseHandle
GetACP
GetSystemTimeAsFileTime
CreateFileMappingA
SetCurrentDirectoryW
GetVolumeInformationW
GetFileAttributesA
GlobalLock
DuplicateHandle
OpenProcess
CreateThread
FindResourceExW
FindNextFileA
MulDiv
GetTimeZoneInformation
GetDiskFreeSpaceA
FindFirstFileA
LockFile
FlushFileBuffers
InterlockedExchange
GetShortPathNameA
EnterCriticalSection
CreateIoCompletionPort
UnlockFile
SetCurrentDirectoryA
GetDateFormatA
LeaveCriticalSection
SetFileAttributesA
SizeofResource
GetExitCodeThread
SearchPathA
GetEnvironmentVariableA
TerminateThread
GetTickCount
WriteFile
GetLastError

user32

DrawTextA
GetSysColor
DestroyMenu
GetSubMenu
TrackPopupMenuEx
LoadMenuW
GetParent
GetWindowLongA
TranslateMessage
SetWindowPos
InvalidateRect
GetClientRect
GetKeyState
CharLowerBuffW
SetClipboardData
LoadAcceleratorsW
GetMessagePos
RegisterClassExW
EndDialog
CheckDlgButton
AdjustWindowRectEx
SetFocus
AppendMenuW
TrackPopupMenu
DestroyWindow
CharNextW
SetWindowLongW
TranslateAcceleratorW
GetWindowLongW
ReleaseDC
CreateWindowExW
EndPaint
IsWindowVisible
DispatchMessageW
CloseClipboard
BeginPaint
GetClassNameW
SendMessageW
EnableMenuItem
GetSystemMetrics
MessageBoxIndirectA

gdi32

ScaleWindowExtEx
RectVisible
DeleteObject
CreateFontIndirectW
OffsetViewportOrgEx
GetStockObject
GetTextColor
GetDeviceCaps
SelectObject
CreateRectRgnIndirect
SetMapMode
SetWindowExtEx
GetViewportExtEx
SaveDC
SetViewportOrgEx
ExtTextOutW
GetWindowExtEx
GetDIBits
CreateFontIndirectA
GetBkColor
SetTextColor
CreateBitmap
SetViewportExtEx
Escape
GetMapMode
SetBkMode
Ellipse
Rectangle

advapi32

RegEnumValueW
GetSidSubAuthority
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
AllocateAndInitializeSid
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegQueryValueW
RegOpenKeyExW
RegOpenKeyW
FreeSid
RegCreateKeyExW

shell32

Shell_NotifyIconW
ShellExecuteW

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
VarDecRound
SysAllocString
VarAdd
SysStringByteLen
SafeArrayPutElement
VariantClear

shlwapi

PathAddBackslashW
PathAddBackslashA

Sections

.text
Size: 792KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e681c5dbfe0006039c4baff4666ad72

Code Sign

bf:d5:6e:e5:ce:23:a2:36:2b:22:6a:43:da:1a:b0:b1Certificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

shlwapi

Sections

.text Size: 792KB - Virtual size: 788KB

.data Size: 244KB - Virtual size: 242KB

.rsrc Size: 16KB - Virtual size: 14KB

bf:d5:6e:e5:ce:23:a2:36:2b:22:6a:43:da:1a:b0:b1
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

.text
Size: 792KB - Virtual size: 788KB

.data
Size: 244KB - Virtual size: 242KB

.rsrc
Size: 16KB - Virtual size: 14KB