Receiver[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Receiver.exe
Size

1.1MB
MD5

43c71d7b910c39758c39dc6c559ad867
SHA1

60b0cb2e319bd5fb3eb45541068fe065c398901a
SHA256

dc95d30ed3d18246e32dd3a16f7d162fbc5f8dd6f5936c958bc2b7cae478a1dd
SHA512

ad6a5de1b75945a7d8afc4f3fc61ba2e7f04375921beb68b02c379ffb904347e9983962c84206505f256690bd6667ba0df82abc1f2f94409a0df4dc718bcdd13
SSDEEP

24576:JRUCRl5pHK3z6uBAzCZPhZbEFmuCVd5kWaLOC:oCQz6EBuCVd5TaLOC

Score

1^/10

Malware Config

Signatures

Files

Receiver.exe
.exe windows:6 windows x86

3f0d5e77b3039cd2809ce22eba8c568f

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2015, 17:15

Not After

18/11/2016, 17:15

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:f6:db:b0:4e:33:e1:cd:e0:7c:c9:43:96:a7:83:fd:34:ed:58:89:c7:fb:0c:ef:c0:b6:49:36:d6:63:94:38
Signer

Actual PE Digest

e9:f6:db:b0:4e:33:e1:cd:e0:7c:c9:43:96:a7:83:fd:34:ed:58:89:c7:fb:0c:ef:c0:b6:49:36:d6:63:94:38

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeConditionVariable
InitOnceBeginInitialize
SetEvent
WakeAllConditionVariable
ResetEvent
SleepConditionVariableSRW
CreateSemaphoreExW
ReleaseMutex
CreateMutexExW
WaitForSingleObject
InitOnceComplete
InitializeCriticalSectionEx
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateEventExW
Sleep
InitializeSRWLock
ReleaseSRWLockExclusive

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-1

CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
PropVariantClear
PropVariantCopy
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoGetObjectContext
CoGetApartmentType
CoGetContextToken
CoCreateGuid

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCompareStringOrdinal
WindowsConcatString
WindowsIsStringEmpty
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringLen
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-error-l1-1-1

RoReportUnhandledError
RoGetMatchingRestrictedErrorInfo
SetRestrictedErrorInfo

msvcrt

wcsncmp
wcslen
memset
_CxxThrowException
__CxxFrameHandler3
memcpy
??0exception@@QAE@ABQBDH@Z
_callnewh
_lock
_unlock
_ismbblead
memcmp
??1type_info@@UAE@XZ
__dllonexit
_onexit
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_acmdln
_except_handler4_common
_controlfp
_wcsicmp
_mbstowcs_s_l
_free_locale
swprintf_s
wcsrchr
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
malloc
free
wcsstr
_vsnprintf_s
memcpy_s
??_V@YAXPAX@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
?terminate@@YAXXZ
__ExceptionPtrCreate
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
__ExceptionPtrCopy
__ExceptionPtrDestroy
memmove
_vsnwprintf
_purecall
??3@YAXPAX@Z
_create_locale
_ftol2

wincorlib

?GetObjectContext@Details@Platform@@YGPAUIUnknown@@XZ
?ReleaseInContextImpl@Details@Platform@@YGJPAUIUnknown@@0@Z
??0Delegate@Platform@@Q$AAA@XZ
?Allocate@Heap@Details@Platform@@SAPAXI@Z
??0DisconnectedException@Platform@@Q$AAA@XZ
?ResolveWeakReference@Details@Platform@@YGP$AAVObject@2@ABU_GUID@@PAPAU__abi_IUnknown@@@Z
?FlushFactoryCache@@YGXXZ
?GetIBoxArrayVtable@Details@Platform@@YGPAXPAX@Z
?ReCreateException@Exception@Platform@@SAP$AAV12@H@Z
??0NotImplementedException@Platform@@Q$AAA@XZ
??0NullReferenceException@Platform@@Q$AAA@XZ
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@P$AAV12@@Z
?CreateValue@Details@Platform@@YGP$AAVObject@2@W4TypeCode@2@PBX@Z
??0ChangedStateException@Platform@@Q$AAA@XZ
?__abi_ObjectToString@__abi_details@@YGP$AAVString@Platform@@P$AAVObject@3@_N@Z
?__abi_cast_String_to_Object@__abi_details@@YGP$AAVObject@Platform@@P$AAVString@3@@Z
?__abi_cast_Object_to_String@__abi_details@@YGP$AAVString@Platform@@_NP$AAVObject@3@@Z
?GetProxyImpl@Details@Platform@@YGJPAUIUnknown@@ABU_GUID@@0PAPAU3@@Z
??0Exception@Platform@@Q$AAA@HP$AAVString@1@@Z
?get@Message@Exception@Platform@@Q$AAAP$AAVString@3@XZ
?CreateException@Exception@Platform@@SAP$AAV12@HP$AAVString@2@@Z
??0InvalidArgumentException@Platform@@Q$AAA@XZ
?get@FullName@Type@Platform@@Q$AAAP$AAVString@3@XZ
?InitializeData@Details@Platform@@YGJH@Z
?UninitializeData@Details@Platform@@YGXH@Z
?GetActivationFactoryByPCWSTR@@YGJPAXAAVGuid@Platform@@PAPAX@Z
?GetIidsFn@@YGJHPAKPBU__s_GUID@@PAPAVGuid@Platform@@@Z
?EventSourceInitialize@Details@Platform@@YGXPAPAX@Z
?GetIBoxVtable@Details@Platform@@YGPAXPAX@Z
??0FailureException@Platform@@Q$AAA@XZ
??0OutOfMemoryException@Platform@@Q$AAA@XZ
?EventSourceAdd@Details@Platform@@YG?AVEventRegistrationToken@Foundation@Windows@@PAPAXPAUEventLock@12@P$AAVDelegate@2@@Z
?CreateException@Exception@Platform@@SAP$AAV12@H@Z
?GetWeakReference@Details@Platform@@YGPAU__abi_IUnknown@@Q$ADVObject@2@@Z
?__abi_make_type_id@@YGP$AAVType@Platform@@ABU__abi_type_descriptor@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@P$AAV01@@Z
??0FailureException@Platform@@Q$AAA@P$AAVString@1@@Z
?AllocateException@Heap@Details@Platform@@SAPAXII@Z
??0Object@Platform@@Q$AAA@XZ
?Allocate@Heap@Details@Platform@@SAPAXII@Z
?EventSourceUninitialize@Details@Platform@@YGXPAPAX@Z
?EventSourceGetTargetArray@Details@Platform@@YGPAXPAXPAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YGIPAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YGPAXPAXIPBXPA_J@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AAEXXZ
?AlignedFree@Heap@Details@Platform@@SAXPAX@Z
?Free@Heap@Details@Platform@@SAXPAX@Z
?__abi_translateCurrentException@@YGJ_N@Z
?__abi_WinRTraiseNotImplementedException@@YGXXZ
?__abi_WinRTraiseInvalidCastException@@YGXXZ
?__abi_WinRTraiseNullReferenceException@@YGXXZ
?__abi_WinRTraiseOperationCanceledException@@YGXXZ
?__abi_WinRTraiseFailureException@@YGXXZ
?__abi_WinRTraiseAccessDeniedException@@YGXXZ
?__abi_WinRTraiseOutOfMemoryException@@YGXXZ
?__abi_WinRTraiseInvalidArgumentException@@YGXXZ
?__abi_WinRTraiseOutOfBoundsException@@YGXXZ
?__abi_WinRTraiseChangedStateException@@YGXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YGXXZ
?__abi_WinRTraiseWrongThreadException@@YGXXZ
?__abi_WinRTraiseDisconnectedException@@YGXXZ
?__abi_WinRTraiseObjectDisposedException@@YGXXZ
?__abi_WinRTraiseCOMException@@YGXJ@Z
?EventSourceRemove@Details@Platform@@YGXPAPAXPAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
??0InvalidArgumentException@Platform@@Q$AAA@P$AAVString@1@@Z
?GetCmdArguments@Details@Platform@@YGPAPA_WPAH@Z
??0OutOfBoundsException@Platform@@Q$AAA@XZ

ole32

CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-error-l1-1-0

RoFailFastWithErrorContext
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

kernel32

GetStartupInfoA

Sections

.text
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f0d5e77b3039cd2809ce22eba8c568f

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bcCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e9:f6:db:b0:4e:33:e1:cd:e0:7c:c9:43:96:a7:83:fd:34:ed:58:89:c7:fb:0c:ef:c0:b6:49:36:d6:63:94:38Signer

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

msvcrt

wincorlib

ole32

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-delayload-l1-1-1

kernel32

Sections

.text Size: 691KB - Virtual size: 690KB

.rdata Size: 349KB - Virtual size: 348KB

.data Size: 42KB - Virtual size: 44KB

.didat Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 21B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 67KB - Virtual size: 67KB

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e9:f6:db:b0:4e:33:e1:cd:e0:7c:c9:43:96:a7:83:fd:34:ed:58:89:c7:fb:0c:ef:c0:b6:49:36:d6:63:94:38
Signer

.text
Size: 691KB - Virtual size: 690KB

.rdata
Size: 349KB - Virtual size: 348KB

.data
Size: 42KB - Virtual size: 44KB

.didat
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 21B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 67KB - Virtual size: 67KB