44629be8fb1f08fe7ec70c849d41a83d[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

44629be8fb1f08fe7ec70c849d41a83d.exe
Size

206KB
MD5

44629be8fb1f08fe7ec70c849d41a83d
SHA1

be9e06d6545cfaa0151280ea0c54705c41067b2b
SHA256

b1cb2ee7b289237cb3ac540ca87c7840e4cd610f8e92bb85fd86730348708800
SHA512

af2dd7fb966927c545c5fc593d1615918a3fcea649598f5c6a3a62468abd1debc246fbe3c3c7906fb05c345e69595e46328f7fbc803d6715eb97664d6a797192
SSDEEP

3072:EnY9tqi07/+8qZip+YRADRddUpBYzkcGSaUyRt6umF4T/L+htRTA5M9Qfcl:EY9P07/O2+UGd0HPRhT/L+hU5wkcl

Score

1^/10

Malware Config

Signatures

Files

44629be8fb1f08fe7ec70c849d41a83d.exe
.exe windows:4 windows x86 arch:x86

9d53547e2efa39438a541baca1510d96

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:9d:0d:35:8a:e0:ae:f4:07:c4:2b:56:f6:b9:95:3a:f6:11:a6:21
Signer

Actual PE Digest

26:9d:0d:35:8a:e0:ae:f4:07:c4:2b:56:f6:b9:95:3a:f6:11:a6:21

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
SearchPathW
GetWindowsDirectoryA
CopyFileA
lstrcmpiA
CompareStringA
GetLocaleInfoW
GetSystemTime
GetVolumeInformationW
GetFileAttributesA
OpenMutexW
CreateEventW
GetThreadPriority
lstrcpyn
IsBadStringPtrW
GetAtomNameW
ExitThread
GetExpandedNameA
GetCalendarInfoW
SetThreadPriority
CreateDirectoryW
OpenFile
GetFullPathNameA
IsBadWritePtr
GetNumberFormatW
GetProcessHeap
CreateEventA
SetPriorityClass
GetProcAddress
LocalFree
FreeResource
GetModuleHandleA
EndUpdateResourceW
lstrlenW

user32

IsChild
SetFocus
SetDlgItemTextA
GetMenuItemRect
CopyIcon
DefFrameProcW
CopyRect
AnimateWindow
EndMenu
EnumChildWindows
CreateDesktopA
CharNextA
wsprintfW
GetDlgItemTextW
GetAsyncKeyState
SetForegroundWindow
PostMessageA
EnumWindows
CreateDialogIndirectParamW
GetCapture
CharPrevW
GetMenuStringA
FrameRect
RegisterWindowMessageW
FindWindowW
LoadIconW
CloseWindow
wvsprintfA
CreateAcceleratorTableW
MessageBoxIndirectW
RegisterClassExA
SetCapture
IsMenu
LoadCursorW
CallWindowProcA
SetWindowLongW
GetMenuItemInfoW
TrackPopupMenuEx
DefDlgProcW
SetTimer
CharUpperW
GetCursorPos
GetMenuStringW
GetDCEx
MessageBoxW
GetSysColorBrush
SetCursorPos
CheckRadioButton
CreateWindowExW

gdi32

SetMetaRgn
RealizePalette
CreateFontIndirectExW
GetWorldTransform
CreatePalette
OffsetViewportOrgEx
SetMapperFlags
AnimatePalette
OffsetRgn
SetPixel
EndFormPage

advapi32

RegFlushKey
RegCreateKeyExW
RegQueryValueW
RegCreateKeyExA
RegOpenKeyW

shell32

ShellExecuteW
ShellExecuteA
ExtractIconW
StrNCmpA
ExtractIconExA
ExtractAssociatedIconExW
SHGetDiskFreeSpaceExA
StrChrW

shlwapi

UrlCombineA

setupapi

SetupGetStringFieldA
SetupDiGetSelectedDevice
CM_Open_DevNode_Key_Ex
CM_Find_Range
SetupDiGetHwProfileFriendlyNameExA
SetupVerifyInfFileA
pSetupIsUserAdmin
SetupDiDrawMiniIcon
pSetupAddMiniIconToList
SetupUninstallOEMInfA
CM_Get_Log_Conf_Priority

wininet

FindNextUrlCacheContainerA
CreateMD5SSOHash
FtpDeleteFileA
InternetGetConnectedStateEx
InternetWriteFile
InternetGetCookieExW
CommitUrlCacheEntryA
UrlZonesDetach
SetUrlCacheEntryInfoA
InternetEnumPerSiteCookieDecisionW
HttpSendRequestExW
UnlockUrlCacheEntryFileW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Omw
Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.A
Size: 1KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vcmkEH
Size: 4KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FtWC
Size: 2KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Pqc
Size: 2KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Lj
Size: 2KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d53547e2efa39438a541baca1510d96

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

26:9d:0d:35:8a:e0:ae:f4:07:c4:2b:56:f6:b9:95:3a:f6:11:a6:21Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

setupapi

wininet

Sections

.text Size: 12KB - Virtual size: 12KB

.Omw Size: 1KB - Virtual size: 33KB

.A Size: 1KB - Virtual size: 38KB

.vcmkEH Size: 4KB - Virtual size: 46KB

.FtWC Size: 2KB - Virtual size: 45KB

.Pqc Size: 2KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 7KB

.Lj Size: 2KB - Virtual size: 182KB

.rsrc Size: 165KB - Virtual size: 165KB

.reloc Size: 1024B - Virtual size: 940B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

26:9d:0d:35:8a:e0:ae:f4:07:c4:2b:56:f6:b9:95:3a:f6:11:a6:21
Signer

.text
Size: 12KB - Virtual size: 12KB

.Omw
Size: 1KB - Virtual size: 33KB

.A
Size: 1KB - Virtual size: 38KB

.vcmkEH
Size: 4KB - Virtual size: 46KB

.FtWC
Size: 2KB - Virtual size: 45KB

.Pqc
Size: 2KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 7KB

.Lj
Size: 2KB - Virtual size: 182KB

.rsrc
Size: 165KB - Virtual size: 165KB

.reloc
Size: 1024B - Virtual size: 940B