a5774644659e2777d186e779973aef2ee3d7af1249c222ce26637973f1dc0c60

Sharing

Copy URL Twitter E-mail

General

Target

a5774644659e2777d186e779973aef2ee3d7af1249c222ce26637973f1dc0c60
Size

817KB
MD5

97f99237f1b5adf0f7255405a1ac5f3a
SHA1

c744ddd7387533b6105af7292de6e2c371691b80
SHA256

a5774644659e2777d186e779973aef2ee3d7af1249c222ce26637973f1dc0c60
SHA512

f5046e2cc33f2649b2f0daec20fe870f99f974903253fa1cb1f2c9bc7ce83f621bec8fddd3a478bc3a6c3a5509e6b9f36d310083b59aba1ca41d2bc383494b7a
SSDEEP

24576:P0noA2Q1gD+iVc8zXPO7wKvcOxlC9U0y8ULYXZ:CJiDjTO7vEkC9U0pocZ

Score

1^/10

Malware Config

Signatures

Files

a5774644659e2777d186e779973aef2ee3d7af1249c222ce26637973f1dc0c60
.exe windows:5 windows x86

c4b1f0a8f8054e7d2ed50c852005d71d

Code Sign

3f:42:15:1c:ca:d6:e8:c6:10:94:6e:e4:40:21:da:f5
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

24/06/2014, 09:42

Not After

24/06/2015, 09:42

Subject

CN=Oleh Aleksyuk,O=Oleh Aleksyuk,C=RU,1.2.840.113549.1.9.1=#0c196f6c65682e616c656b7379756b40686f746d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20/09/2011, 11:04

Not After

20/09/2026, 23:59

Subject

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:84:4e:cd:5a:fe:ec:a6:64:fb:98:c5:32:10:f8:51:3c:cd:8a:da
Signer

Actual PE Digest

e1:84:4e:cd:5a:fe:ec:a6:64:fb:98:c5:32:10:f8:51:3c:cd:8a:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetTempPathW
GetCurrentThreadId
WaitForSingleObject
CloseHandle
FreeLibrary
DeleteCriticalSection
VirtualProtect
GetProcAddress
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
GetModuleFileNameW
GetCommandLineW
GetTickCount
CreateEventA
SetEvent
Sleep
GetCurrentProcess
DeleteFileW
GetFullPathNameW
CreateEventW
GetLastError
K32GetModuleBaseNameW
CopyFileW
GetCurrentProcessId
LoadLibraryA
VirtualFree
SizeofResource
LoadResource
GetModuleHandleA
LeaveCriticalSection
FindResourceW
HeapFree
ReadFile
GetSystemTimeAsFileTime
GetCommandLineA
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
HeapAlloc
GetProcessHeap
IsDebuggerPresent
IsProcessorFeaturePresent
SetFilePointer
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
RtlUnwind
SetLastError
InterlockedIncrement
InterlockedDecrement
WriteFile
WideCharToMultiByte
GetConsoleCP
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
FlushFileBuffers
CreateFileW
WriteConsoleW
OutputDebugStringW
LoadLibraryW
HeapReAlloc
GetStringTypeW
LCMapStringW
SetEndOfFile
HeapSize

advapi32

CryptDeriveKey
AddAccessAllowedAceEx
ClearEventLogW

comctl32

ImageList_DragEnter
ImageList_GetIcon
DrawStatusTextW

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 588KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4b1f0a8f8054e7d2ed50c852005d71d

Code Sign

3f:42:15:1c:ca:d6:e8:c6:10:94:6e:e4:40:21:da:f5Certificate

Extended Key Usages

Key Usages

04:44:c0Certificate

Key Usages

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5Certificate

Extended Key Usages

Key Usages

e1:84:4e:cd:5a:fe:ec:a6:64:fb:98:c5:32:10:f8:51:3c:cd:8a:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

comctl32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 588KB - Virtual size: 588KB

.data Size: 79KB - Virtual size: 87KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 7KB - Virtual size: 6KB

3f:42:15:1c:ca:d6:e8:c6:10:94:6e:e4:40:21:da:f5
Certificate

04:44:c0
Certificate

fa:33:b7:9d:d4:96:cf:d1:0c:84:65:39:a4:9d:63:b5
Certificate

e1:84:4e:cd:5a:fe:ec:a6:64:fb:98:c5:32:10:f8:51:3c:cd:8a:da
Signer

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 588KB - Virtual size: 588KB

.data
Size: 79KB - Virtual size: 87KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 7KB - Virtual size: 6KB