e8d062f0b45137824009eb14bad21da0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

e8d062f0b45137824009eb14bad21da0.exe
Size

225KB
MD5

e8d062f0b45137824009eb14bad21da0
SHA1

7577e0b6df271a343ba87170ef0e4737606bb2df
SHA256

3a19baa79ada8d3f4a80962c9ba3f230d75bd4b93ad1c9a774eb55f18a338993
SHA512

4e23eb77159683be7f930f353c9f645c5b1a31c94f5ef2d88e570fd3f65cb217db35ece7c384991f3ec40e6887f8f2bd6be63f869d44566a47314e95d413ff17
SSDEEP

6144:Bt9YbbJwuHqK9nOJeuGYdBV+UdvrEFp7hKN:ubbZqKondBjvrEH7a

Score

1^/10

Malware Config

Signatures

Files

e8d062f0b45137824009eb14bad21da0.exe
.dll windows:5 windows x86 arch:x86

b1295d099d6788c2d4ce99b12968ef79

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a7:ac:44:a8:70:04:35:30:16:23:36:b3:09:f6:b8:75:e2:55:75:21
Signer

Actual PE Digest

a7:ac:44:a8:70:04:35:30:16:23:36:b3:09:f6:b8:75:e2:55:75:21

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EncodePointer
DecodePointer
TlsFree
TlsGetValue
TlsSetValue
FormatMessageW
GetLastError
TlsAlloc
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetCurrentThreadId
WaitForSingleObject
CloseHandle
RtlCaptureStackBackTrace
GetModuleHandleExW
GetModuleFileNameW
GetVersionExW
IsWow64Process
OpenFileMappingW
CreateFileMappingW
CreateMutexW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
LoadLibraryA
FreeLibrary
VirtualProtect
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetProcAddress
GetModuleHandleW
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LocalAlloc

msvcr90

?terminate@@YAXXZ
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
memmove
memcpy
_vscwprintf
__CxxFrameHandler3
memset
_CxxThrowException
vswprintf_s
wcsncpy_s
_vsnwprintf_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ

ole32

CreateBindCtx
CoRegisterMessageFilter

Exports

Exports

??0CToolbarData@MsoCF@@QAE@XZ
??0CWindow@MsoCF@@QAE@XZ
??0CallbackCount_EHSafe@MsoCF@@QAE@XZ
??1CToolbarData@MsoCF@@QAE@XZ
??1CWindow@MsoCF@@UAE@XZ
?Allocate@Allocator@Memory@MsoCF@@YGPAXIW4FailureStrategy@23@@Z
?AppendArrayOfCharactersToWz@Strings@MsoCF@@YGXPB_WHAAV?$CWzInBuffer_T@V?$String@UWzTraits@MsoCF@@@MsoCF@@V?$CBuffer@_W@2@@2@PAH@Z
?ClonePropertySet_Imp@IPropertySet@MsoCF@@UAGXPAPAU12@@Z
?Copy@Memory@MsoCF@@YGXPBXPAXI@Z
?CopyWzToWz@Strings@MsoCF@@YGXPB_WAAV?$CWzInBuffer_T@V?$String@UWzTraits@MsoCF@@@MsoCF@@V?$CBuffer@_W@2@@2@PAH@Z
?Copy_MakeDeep_ComplexType@CPropertyData@MsoCF@@SGXQAXW4PropertyType@2@@Z
?Create@CWindow@MsoCF@@QAGXPB_W0KKHHIIPAUHWND__@@PAUHINSTANCE__@@@Z
?CreateActionManager@MsoCF@@YGXPAPAUIActionManager@1@@Z
?CreatePropertySet@MsoCF@@YGXPAPAUIPropertySet@1@PAU21@@Z
?CreateTheApp@Frame@MsoCF@@YGXAAUCreateTheAppArgs@12@@Z
?Destroy@CWindow@MsoCF@@QAGXXZ
?DisablePropertiesTypeSafety@MsoCF@@YGXXZ
?FGet@Properties@MsoCF@@YG_NPAUIPropertySet@2@PBUPropertyInfo@2@PAXHW4PropertyType@2@@Z
?Finish@Frame@MsoCF@@YGXXZ
?Finish@Utilities@MsoCF@@YGXXZ
?Free@Allocator@Memory@MsoCF@@YGXPAX@Z
?FreeAndZero_ComplexType@CPropertyData@MsoCF@@SGXPAXW4PropertyType@2@@Z
?Get@Properties@MsoCF@@YGXPAUIPropertySet@2@PBIPAVCPropertyValue@2@H@Z
?GetIterator_Imp@IPropertySet@MsoCF@@MAGXPAPAUIPropertySetIterator@2@@Z
?GetMsoHinst@MsoCF@@YGPAUHINSTANCE__@@XZ
?GetProperty@IPropertySet@MsoCF@@QAGXABUPropertyInfo@2@PAVCPropertyValue@2@@Z
?Init@CToolbarData@MsoCF@@QAGXPBUStaticToolbarDesc@2@IPBUStaticMenuDesc@2@I@Z
?ListProperties@IPropertySet@MsoCF@@QAGXPAHPAIHI@Z
?LookupProperty@MsoCF@@YGABUPropertyInfo@1@I@Z
?OnFinalMessage@CWindow@MsoCF@@UAGXPAUHWND__@@@Z
?OnPropertyChange@IPropertySet@MsoCF@@UAGXABUPropertyInfo@2@@Z
?ProduceAtom@MsoCF@@YGXPAPAVIAtom@1@PBXH@Z
?Reallocate@Allocator@Memory@MsoCF@@YGPAXPAPAXIW4FailureStrategy@23@I@Z
?RegisterPropertySpace@MsoCF@@YGXPBUPropertySpaceInfo@1@@Z
?Set@Properties@MsoCF@@YGXPAUIPropertySet@2@ABUPropertyInfo@2@PBXW4PropertyType@2@@Z
?SetAllProperties_Imp@IPropertySet@MsoCF@@UAGXPAU12@@Z
?SetProperty@IPropertySet@MsoCF@@QAGXABUPropertyInfo@2@ABVCPropertyValue@2@@Z
?SetWtzFromPattern@Strings@MsoCF@@YGXAAV?$CWtzInBuffer_Template@V?$CBuffer@_W@MsoCF@@@2@PAUHINSTANCE__@@IQAPB_WH@Z
?SetWzFromNumber@Strings@MsoCF@@YGXAAV?$CWzInBuffer_T@V?$String@UWzTraits@MsoCF@@@MsoCF@@V?$CBuffer@_W@2@@2@IHHPAH@Z
?SetWzFromNumber@Strings@MsoCF@@YGXAAV?$CWzInBuffer_T@V?$String@UWzTraits@MsoCF@@@MsoCF@@V?$CBuffer@_W@2@@2@_KHHPAH@Z
?SetWzFromPattern@Strings@MsoCF@@YGXAAV?$CWzInBuffer_T@V?$String@UWzTraits@MsoCF@@@MsoCF@@V?$CBuffer@_W@2@@2@PAUHINSTANCE__@@IQAPB_WHPAH@Z
?SetWzFromResource@Strings@MsoCF@@YGXAAV?$CWzInBuffer_T@V?$String@UWzTraits@MsoCF@@@MsoCF@@V?$CBuffer@_W@2@@2@PAUHINSTANCE__@@IPAH@Z
?Start@Frame@MsoCF@@YGXXZ
?Start@Utilities@MsoCF@@YGXHPAU_msotcfcf@@@Z
?TerminateTheApp@Frame@MsoCF@@YGXXZ
?TheActionManager@MsoCF@@YGPAUIActionManager@1@XZ
?TheApp@Frame@MsoCF@@YGPAUAFrameApp@2@XZ
?WndProc@CWindow@MsoCF@@UAGJIIJ@Z
?Zero@Memory@MsoCF@@YGXPAXI@Z
?c_Zeros@MsoCF@@3QBEB
?g_FastBufferAllocator@MsoCF@@3VCFastBufferAllocator@1@A
?g_FixedBufferAllocator@MsoCF@@3VCFixedBufferAllocator@1@A

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1295d099d6788c2d4ce99b12968ef79

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

a7:ac:44:a8:70:04:35:30:16:23:36:b3:09:f6:b8:75:e2:55:75:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcr90

ole32

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

a7:ac:44:a8:70:04:35:30:16:23:36:b3:09:f6:b8:75:e2:55:75:21
Signer

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB