1907517a11d41c24bd3a8f9137e334b7[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

1907517a11d41c24bd3a8f9137e334b7.bin
Size

51KB
MD5

63c1683adfe5b9868953daf82e868faf
SHA1

c07cf6cf771c17f9f9311845f3d5dd90a630a60a
SHA256

898ec1702b518a86c1d9521bfdc844d367a5312523c9415487abdd9cfca7208c
SHA512

621c60f669359a53919854a2598978bb8acf9482388e619c50a576feae4888f209a3937dbfc11cb0e6f28ff41d044c4e04ff22a0e0f5bc0264441768753cccd0
SSDEEP

1536:8ZfZqFaVElOB+CIlE5sdbp+fOeoa3wYvop5W6HsE2rwZ:83q0ulOBElE5sL+2eokTvonvHCrwZ

Score

1^/10

Malware Config

Signatures

Files

1907517a11d41c24bd3a8f9137e334b7.bin
.zip

Password: infected
18ac567d9f1284b5cf60d5e98759d691e1bb1de2637e55cebee88c1b68c10cd9.bin
.exe windows:5 windows x86 arch:x86

Password: infected

daaeda7fe04dee1fb833293dfb192f00

Code Sign

05:b0:ff
Certificate

Issuer

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Not Before

16/02/2006, 18:01

Not After

19/02/2016, 18:01

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Equifax Secure Certificate Authority,O=Equifax,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:9b:73:e1:00:01:00:00:90:80
Certificate

Issuer

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Not Before

06/08/2012, 17:06

Not After

15/05/2015, 19:35

Subject

CN=Intel Corporation - Software and Firmware Products,OU=Intel Architecture Group,O=Intel Corporation

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1e:80:b7:00:00:00:00:00:07
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

15/05/2009, 19:25

Not After

15/05/2015, 19:35

Subject

CN=Intel External Basic Issuing CA 3A,O=Intel Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:17:cd:cc:87:a3:86:ea:6e:3f:1d:28:ff:0b:6b:b4:50:a7:7d:29
Signer

Actual PE Digest

73:17:cd:cc:87:a3:86:ea:6e:3f:1d:28:ff:0b:6b:b4:50:a7:7d:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
MultiByteToWideChar
CloseHandle
GetModuleFileNameW
Sleep
OpenProcess
CreateProcessW
FlushFileBuffers
CreateFileW
LCMapStringW
WriteConsoleW
SetStdHandle
HeapReAlloc
LoadLibraryW
GetStringTypeW
LocalFree
GetLastError
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
EncodePointer
DecodePointer
HeapAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
HeapSize
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

shlwapi

PathRemoveFileSpecW

psapi

GetModuleBaseNameW
EnumProcesses

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

daaeda7fe04dee1fb833293dfb192f00

Code Sign

05:b0:ffCertificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:0b:dc:8f:00:00:00:00:00:1aCertificate

Key Usages

2f:9b:73:e1:00:01:00:00:90:80Certificate

Extended Key Usages

Key Usages

61:1e:80:b7:00:00:00:00:00:07Certificate

Key Usages

73:17:cd:cc:87:a3:86:ea:6e:3f:1d:28:ff:0b:6b:b4:50:a7:7d:29Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

shlwapi

psapi

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 6KB - Virtual size: 5KB

05:b0:ff
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:0b:dc:8f:00:00:00:00:00:1a
Certificate

2f:9b:73:e1:00:01:00:00:90:80
Certificate

61:1e:80:b7:00:00:00:00:00:07
Certificate

73:17:cd:cc:87:a3:86:ea:6e:3f:1d:28:ff:0b:6b:b4:50:a7:7d:29
Signer

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 6KB - Virtual size: 5KB