613ec645ea3aa2fd611c763edf15706114291e1a4a09756b6a298597c02ce7c5

Sharing

Copy URL

Twitter E-mail

General

Target

613ec645ea3aa2fd611c763edf15706114291e1a4a09756b6a298597c02ce7c5
Size

824KB
MD5

ed43fdf053dbf8135a3aebcce6e3aed5
SHA1

044f5d25b5b50463e55db0e42659b67c6cf00f98
SHA256

613ec645ea3aa2fd611c763edf15706114291e1a4a09756b6a298597c02ce7c5
SHA512

d3ad217134daa45d090d7960e6d72cf8ee8aca0af8b8b08e96d5fe36eef83b4f44a4527a6c6c2af4c34407e08668eeeab675ed3c1ba34aedc3ee0f8070f6d3d6
SSDEEP

12288:1owN3u10J02aN7qNxwf7R2bjw4LOTRJHJNs4Q5PmOArn9X4zO:1oy3q0J87kAoM42HJNhQFmOArnP

Score

1^/10

Malware Config

Signatures

Files

613ec645ea3aa2fd611c763edf15706114291e1a4a09756b6a298597c02ce7c5
.exe windows:5 windows x86

29dfbc8eb759c474787a085d6fba1967

Code Sign

be:1c:e2:d6:d3:e8:e6:1d:b9:50:e4:bb:2e:ed:76:5c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16-08-2017 00:00

Not After

14-06-2018 23:59

Subject

CN=OOO\,RULON,O=OOO\,RULON,POSTALCODE=191104,STREET=Mayakovskogo 50,L=St. Petersburg,ST=RU,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MapFileAndCheckSumW
MapFileAndCheckSumA

comctl32

ord17

version

VerQueryValueW

setupapi

SetupDecompressOrCopyFileW
SetupGetBinaryField
SetupGetFileCompressionInfoA
SetupGetFileCompressionInfoW

wininet

InternetReadFile
InternetOpenW
InternetWriteFile
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestExA
InternetErrorDlg

kernel32

FindFirstFileA
GetProcAddress
GetLastError
GetModuleHandleA
LoadLibraryA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetFilePointer
GetOEMCP
GetCPInfo
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
IsProcessorFeaturePresent
lstrcmpiA
FindNextFileA
LockFile
ExpandEnvironmentStringsA
GetVolumeInformationW
SearchPathA
SetFileAttributesA
FindClose
RemoveDirectoryA
GetExitCodeProcess
GetConsoleCP
GetDiskFreeSpaceA
SetCurrentDirectoryA
GlobalUnlock
IsValidCodePage
SetEndOfFile
CreateDirectoryA
RaiseException
DuplicateHandle
GlobalLock
GetDateFormatA
GetTempPathA
GlobalFlags
FlushFileBuffers
GetTimeFormatA
GetACP
QueryPerformanceCounter
FreeLibrary
CloseHandle
GetTickCount
GetCurrentThreadId
CreateFileMappingA
GetVersionExA
WriteFile
GetStringTypeW

user32

SetScrollRange
ScreenToClient
GetWindowRect
GetSysColor
GetSystemMetrics
InvalidateRect
SetWindowTextW
CreateWindowExW
GetDlgItem
SetWindowPos
CloseClipboard
SetCursor
CheckDlgButton
BeginPaint
CreatePopupMenu
EnableMenuItem
CallWindowProcA
GetMessagePos
EndPaint
DrawTextA
MessageBoxIndirectA
SendMessageTimeoutA
LoadBitmapA
AppendMenuW
GetSystemMenu
IsWindowVisible
LoadCursorA
EndDialog
DefWindowProcA
GetWindowLongA

gdi32

OffsetViewportOrgEx
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
DeleteObject
SetTextColor
SetBkMode
GetStockObject
GetDIBits
ExtTextOutW
GetMapMode
RectVisible
Escape
SetMapMode
SetViewportExtEx
CreateBitmap
SetViewportOrgEx
PtVisible
ScaleWindowExtEx
TextOutW
SetWindowExtEx
GetViewportExtEx
GetWindowExtEx
GetTextColor
DeleteDC
ExtSelectClipRgn
GetObjectW
GetBkColor
GetRgnBox
CreateFontIndirectW
SelectObject
CreateFontIndirectA
RestoreDC
SetBkColor

rpcrt4

NdrClientInitializeNew
NdrClientCall2
NdrComplexArrayBufferSize
NdrClientInitialize
NdrComplexArrayFree

advapi32

RegDeleteKeyW
FreeSid
AllocateAndInitializeSid
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExW

shell32

ShellExecuteA
SHGetFileInfoA
Shell_NotifyIconA

oleaut32

VarAdd
VarDecRound
SafeArrayPutElement

shlwapi

PathAddBackslashA
PathAddBackslashW

ws2_32

WSASend
WSAAddressToStringA

Sections

.text
Size: 612KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29dfbc8eb759c474787a085d6fba1967

Code Sign

be:1c:e2:d6:d3:e8:e6:1d:b9:50:e4:bb:2e:ed:76:5cCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

imagehlp

comctl32

version

setupapi

wininet

kernel32

user32

gdi32

rpcrt4

advapi32

shell32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 612KB - Virtual size: 611KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 201KB

.tls Size: 4KB - Virtual size: 8B

.rsrc Size: 188KB - Virtual size: 186KB

be:1c:e2:d6:d3:e8:e6:1d:b9:50:e4:bb:2e:ed:76:5c
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

.text
Size: 612KB - Virtual size: 611KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 201KB

.tls
Size: 4KB - Virtual size: 8B

.rsrc
Size: 188KB - Virtual size: 186KB