abbfc47dc3ca3edaa424db0f8e4c5f7b0d68213beffc908f1fb68ec80dbe4624

Sharing

Copy URL Twitter E-mail

General

Target

abbfc47dc3ca3edaa424db0f8e4c5f7b0d68213beffc908f1fb68ec80dbe4624
Size

704KB
MD5

28d91ca4be5bfa0c7fd01f00b0d304cc
SHA1

dc957792693ac3161516966eb67360f470910b54
SHA256

abbfc47dc3ca3edaa424db0f8e4c5f7b0d68213beffc908f1fb68ec80dbe4624
SHA512

f1bf0fa2bdb1ac03e59742f55122ec93b15e3ddc0e08dcbcd801327b73761149fd2a77b1a43b12e75753d00e6f9da1d3e8a757520e8b0b1da7cef8b463209494
SSDEEP

12288:MybmmbXuuitiuvgcD3DOWtbbrAxmayR1yEvLa4zej0Tomoa:omLWtpocD6o/rcmG6lEs9oa

Score

1^/10

Malware Config

Signatures

Files

abbfc47dc3ca3edaa424db0f8e4c5f7b0d68213beffc908f1fb68ec80dbe4624
.exe windows:4 windows x86

cf48f8879f8c510c55853e922e9c0962

Code Sign

02:af:3d:0e:fe:7a:7a:d9:b4:63:cc:41:57:60:2e:6b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/09/2017, 00:00

Not After

16/06/2018, 23:59

Subject

CN=LOG\,OOO,O=LOG\,OOO,POSTALCODE=664047,STREET=proezd Trudovoi 40 pom 6,L=Irkutsk,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW

setupapi

SetupGetBinaryField
SetupDecompressOrCopyFileW
SetupGetFileCompressionInfoW

wininet

InternetOpenA

kernel32

GetACP
QueryPerformanceCounter
RemoveDirectoryA
ExpandEnvironmentStringsA
FindNextFileA
lstrcmpiA
GetConsoleCP
FlushFileBuffers
LockFile
FindClose
GlobalLock
IsValidCodePage
SetFileAttributesA
SetEndOfFile
GetTempPathA
FindFirstFileA
GetDriveTypeW
GetDateFormatA
GlobalFindAtomW
RaiseException
GlobalFlags
DuplicateHandle
CreateDirectoryA
GetExitCodeProcess
CompareFileTime
GetProcAddress
GetLastError
GetModuleHandleA
ExitProcess
CloseHandle
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
GetVersion
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
SetStdHandle
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
CreateFileMappingA
GetVersionExA
IsBadReadPtr
WriteFile
GetCPInfo
GetOEMCP
SetFilePointer
GetStringTypeA
VirtualProtect
GetStringTypeW

user32

SetCursor
CharPrevA
EnableMenuItem
EmptyClipboard
SetWindowPos
SetClassLongA
TrackPopupMenu
SetClipboardData
LoadCursorA
CheckDlgButton
GetMessagePos
AppendMenuW
EndPaint
GetDlgItem
SetScrollRange
SetWindowTextW
GetSysColor
GetWindowRect
GetSystemMetrics
DrawTextA
GetSystemMenu
EndDialog
CloseClipboard

gdi32

GetClipBox
GetDeviceCaps
SetBkMode
GetStockObject
SetTextColor

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegQueryValueW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

oleaut32

VarDecRound
VarAdd

shlwapi

PathAddBackslashA
PathAddBackslashW

Sections

.text
Size: 644KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf48f8879f8c510c55853e922e9c0962

Code Sign

02:af:3d:0e:fe:7a:7a:d9:b4:63:cc:41:57:60:2e:6bCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

version

setupapi

wininet

kernel32

user32

gdi32

advapi32

oleaut32

shlwapi

Sections

.text Size: 644KB - Virtual size: 642KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 330KB

.rsrc Size: 32KB - Virtual size: 29KB

.reloc Size: 8KB - Virtual size: 4KB

02:af:3d:0e:fe:7a:7a:d9:b4:63:cc:41:57:60:2e:6b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

.text
Size: 644KB - Virtual size: 642KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 330KB

.rsrc
Size: 32KB - Virtual size: 29KB

.reloc
Size: 8KB - Virtual size: 4KB