54049fa0bcdf989b013b089110942d823c0ab0be7dd03b6ea5f64f010ccb8f08

Sharing

Copy URL

Twitter E-mail

General

Target

54049fa0bcdf989b013b089110942d823c0ab0be7dd03b6ea5f64f010ccb8f08
Size

1.3MB
MD5

2b9aef7fe462aa36d862cabf963297c5
SHA1

d0996d3518ad7f8ed9860f386554f22cd3f7ea13
SHA256

54049fa0bcdf989b013b089110942d823c0ab0be7dd03b6ea5f64f010ccb8f08
SHA512

6c6e8599bbffa2491595290d92f9d43af09f3a67c7e84692e7ce4bf22b8e9442f4faf400377ef5b4eb1549ddc332d9cd5401c0219e09beaa63a959849f84be6e
SSDEEP

24576:egvPWz7ZE/HL5EiE5BkmUuAlUSAMAUgzP4vjJTz0fJHPm3T5p8k9jw:/vPWnZEtBDuAlUSqxUJz0fdm3T5p8k98

Score

1^/10

Malware Config

Signatures

Files

54049fa0bcdf989b013b089110942d823c0ab0be7dd03b6ea5f64f010ccb8f08
.exe windows:5 windows x86

9913fb5239cfc7e7677699c0f2853239

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:27:99:cc:5b:72:a1:1a:19:21:16:7c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

15-09-2017 13:23

Not After

27-03-2018 18:44

Subject

CN=Cloud Software,O=Cloud Software,L=Incline Village,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:47:37:6c:8a:49:b5:1d:44:90:3a:d5:5d:b2:ac:06:bb:7d:5a:3a
Signer

Actual PE Digest

98:47:37:6c:8a:49:b5:1d:44:90:3a:d5:5d:b2:ac:06:bb:7d:5a:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
FreeLibrary
VerSetConditionMask
GetCurrentProcess
GetPrivateProfileStringW
LoadLibraryW
GetVersionExW
GetExitCodeProcess
TerminateProcess
GetTempPathW
VerifyVersionInfoW
GetProcAddress
WaitForMultipleObjects
GetModuleHandleA
OutputDebugStringA
GetVersion
InterlockedExchange
CreateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetErrorMode
SetEndOfFile
HeapFree
GetProcessHeap
FormatMessageA
FlushFileBuffers
GetFullPathNameW
GetFullPathNameA
CreateFileA
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
GetFileAttributesA
LockFileEx
SetFileAttributesW
DeleteFileW
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetTempPathA
AreFileApisANSI
DeleteFileA
HeapAlloc
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetDiskFreeSpaceW
GetSystemTime
FindNextFileW
RemoveDirectoryW
SetCurrentDirectoryW
GetModuleHandleW
FindClose
MultiByteToWideChar
ReadFile
GetFileAttributesW
CopyFileW
SetFileTime
CreateDirectoryW
MoveFileExW
SystemTimeToFileTime
FindFirstFileW
GetFileSize
GetTempFileNameW
GetCurrentProcessId
GetCurrentThreadId
LockResource
LocalAlloc
CreateFileW
FormatMessageW
SizeofResource
WideCharToMultiByte
WriteFile
InterlockedIncrement
LoadResource
FindResourceW
FindResourceExW
SetFilePointer
CreateMutexW
lstrlenA
OutputDebugStringW
DebugBreak
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReleaseMutex
OpenMutexW
Sleep
SetLastError
LocalFree
CloseHandle
RaiseException
GetLastError
SetEvent
WaitForSingleObject
CreateEventW
GetModuleFileNameW
lstrlenW
InterlockedDecrement
LoadLibraryA
ExitProcess
VirtualQuery
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapSize
HeapReAlloc
HeapDestroy

user32

IsWindow
SendMessageW
SetWindowTextW
CharNextW
wvsprintfW
LoadStringW
UnregisterClassA
RealGetWindowClassW
IsMenu
LoadImageW
ModifyMenuW
LoadBitmapW
GetSystemMetrics

advapi32

CloseServiceHandle
RevertToSelf
ImpersonateLoggedOnUser
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
LookupAccountSidW
IsValidSid
GetLengthSid
ConvertSidToStringSidW
CopySid
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
DeleteService
OpenServiceW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerW
CreateServiceW
OpenSCManagerW
StartServiceCtrlDispatcherW

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
OleRun
CoCreateGuid
StringFromGUID2
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysStringLen
GetErrorInfo

shlwapi

PathFileExistsW
PathFindExtensionW
PathIsSystemFolderW
PathAppendW
PathAddBackslashW
PathIsDirectoryW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

wininet

HttpOpenRequestW
InternetGetConnectedState
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW
InternetQueryOptionW
InternetOpenW
HttpQueryInfoW
InternetReadFile

Sections

.text
Size: 964KB - Virtual size: 963KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9913fb5239cfc7e7677699c0f2853239

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

7f:27:99:cc:5b:72:a1:1a:19:21:16:7cCertificate

Extended Key Usages

Key Usages

98:47:37:6c:8a:49:b5:1d:44:90:3a:d5:5d:b2:ac:06:bb:7d:5a:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wininet

Sections

.text Size: 964KB - Virtual size: 963KB

.rdata Size: 211KB - Virtual size: 210KB

.data Size: 34KB - Virtual size: 42KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 43KB - Virtual size: 42KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

7f:27:99:cc:5b:72:a1:1a:19:21:16:7c
Certificate

98:47:37:6c:8a:49:b5:1d:44:90:3a:d5:5d:b2:ac:06:bb:7d:5a:3a
Signer

.text
Size: 964KB - Virtual size: 963KB

.rdata
Size: 211KB - Virtual size: 210KB

.data
Size: 34KB - Virtual size: 42KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 43KB - Virtual size: 42KB