2e8a60640e9c8ae8358cd4e065716c96

Sharing

Copy URL Twitter E-mail

General

Target

2e8a60640e9c8ae8358cd4e065716c96
Size

4.8MB
MD5

2e8a60640e9c8ae8358cd4e065716c96
SHA1

234758db54c9dfd16dc27798f2c5b9c1bf652410
SHA256

cafc261a28db6d015caadd18abeab9513eab0f0187560fc164b80f52b306d05e
SHA512

2baff6e710ed3b37005f2fc8699b5b115f64a80eca5c305af746692481f4ca3f92bff42a4f25e318c55c99d3cb4aa8913bd387b8194ace5e8832f17051074a7b
SSDEEP

98304:ovuhuM/gBnHZI+LX09BAjHc80R/P/B5ZG1MVOHZQE71U1GjPUJ:oGIhB5vk9y7c80S1MRE7MJ

Score

1^/10

Malware Config

Signatures

Files

2e8a60640e9c8ae8358cd4e065716c96
.exe windows:6 windows x86 arch:x86

f9e61196cbf799259ee40ecd8a6e5c8f

Code Sign

46:56:da:a8:b8:b1:f3:e9:4b:b8:db:c4:6b:50:26:c6
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/12/2016, 00:00

Not After

07/12/2019, 23:59

Subject

CN=JWTS,O=JWTS,POSTALCODE=75015,STREET=105 RUE DE L ABBE GROULT,L=Paris,ST=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:63:33:17:d2:b1:0d:04:2f:b0:6f:7a:aa:29:37:3b:f3:09:18:1f:4c:a2:4f:c0:02:e6:5b:b7:76:bf:13:80
Signer

Actual PE Digest

72:63:33:17:d2:b1:0d:04:2f:b0:6f:7a:aa:29:37:3b:f3:09:18:1f:4c:a2:4f:c0:02:e6:5b:b7:76:bf:13:80

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

SHGetFolderPathW

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

�Э_��5��G��S�ֿp��7�.腰�P� G��ᵻ�� DL��t�̇��"��n,~�xj�j[!M��ȑ� +Mb��i��f{�!��G�X�,5PzW��P#��A�Kj�~ N��?��u��o(e�N��M�.��Kz-��g��2Dv4��G�잹�C��ђ��N�(R��'ka�]��3�w�o�ޕk��{�!��H��㒯�i��-�e#<�T��üqI��xA �<a�c�U�d�J�f?�$Gͫ��A��z��sTw0�%^�s4��([��8]&��eѳa4�TD1��/�t��:�j��F��U��y�/�(�S��j,:��C��x�Ӣ��T�� ,�?�ٱ��,:��*zw�"2��]�(�<B�.`��V��|�@��_w��N-��mɧOApH��Sex ĊH�d/�Nx��Ǉ(�tU6gn��h�A�ƃ�i�F��!R�.��f+nW�߭�&�gK/��d��C�ww.��&��Yc�M��'|n��b<.p[�Z�w�*��p'K6�r�T��Ma@́�j��u�y�0;Y�{ES�rc`��W�y��ϰ�w��"J��>�OѠ�h�Fu�/��7�"��C`{�V�C�n��X�pDF��o�'��{<�D�/��{Y�>��J��~T��f,��P�0_J��V��mq1��>p��~}��Wzka�ýi>�ܔ��ZQ7OuI�mX��ʔB�g��X��:��Q��v0��P#;kK�:״~��0�J=�'ٳO��!��{h��ա�B��ĺo]��ւ�#��R83 J)��3��Ԯ,1�QI�~�^�r��m��v&� �x.$cX��g��1≫�U�h�&�R�R3�݈?1-�}��@l��Rv)!_��G.�Ϻ?��n�|{lMYR)m��q�8p��B��ͦ�n�Q9��O�*�9��vx3��Z2�$y+��PFbpB2j6 �Ī`��kswO�\�g��ɀ)|��@��O�}�mY��L�ۏ[��B�Q��#��q&8��o�$�&�v$W}&��M��|fdv��Uy�s:<>�0)��ۦ�[ɘf��s1P�8�L��j`mN��.��T��>K@F[~5S��q�˧��+��dܡ{%��A�;A<ЕD��k��38�+�}�h��gv��;5o;�@�1�X5��>N�hq��H�j�u1,�q��/�rJ;U~��T��+' ^!D0`^�z�fd�WfvI�R��"r�y=H^�� UJ��ͮ��*��W�`F��=%X-u� �r�Nu<�t�%��L�;�� vy��0�� k7��&Q�_fdH��O��X5��+U>K��VP�� 9ɷ�5c<��Zk��M�C�neyQ��t�{��/|��1wʖ��0��̧�~� N�W��B��E��*N�#��lcӎ[�6�} E�.�Jµ ��>�v��HT� V!��b��վ��)� aN��=Z&;6ag��qH�� kuiG�K^��{xF��c��൹ڂt�wP�eW��w��D��<H��RECq�k��l�)Z�gqm3h�Γco^>"�)��M�p9��G�e�R��c�7��G��܂��wN(F��MM�zկr>R̗%)��l�ɽ��t��B'׀��7��%�L ��1l�*�.�~@��e�bK��cs?ﯓ� �o:~S��V^lmFƇ��Aap��G��7�i�t]d� 4Jм-jZ� �U(y�6.��qX^_ 2��>��v(m6jR)�0��[<3�N�v�b/,�Xl ��qGB��-U9�w��0�ӿ�+L&��@Ea��0��?��0��#UAu��ť�� #�H7<a�4�H%q*��/^a"�0��^�O�=��)%.`��o{�a͂bG��ͱ\鬻��l<��Eo��F��'Y3�S�-�v��-��,?�G��`vdK%a��0+��#Wi�|��Aʶ��|��"��}��~ ��R9I�e�B� +C^b-�s�Vg�>R��x��Po�� ~��'HԏnZ��avʡ�w�,�ih��h�� qߏ{�#얠�#�g��@{�WY�W��'h��E8�Q�SR]8$��{U��;��@΀�>d�/��t[]N��rY� �c��s�PWz7��$��g�$�)i4��p��M��5�6`r&3D}㉳�3Г�[�S��+��p��a 3��Cbc�\}X��Bw �E�o��Ι��)�Q��`�P�Ȃ ��M��p��D�gǬ)7��_o��{loV��8�.��A��dr��9��HI_��M'�8��0�p�F!W�l\��fB��E�9�Xq8`?��_:9qa]��CTi�{�4M.4�f�V� � n�S;��ݡ��$�Z��V2W�x��ݸ՗��˾Z��g��Q��R��L��up�;�ߏ��}��D�Є� ��D��H��=�f΀!u�%�� t�01�㚧�\�LE� ��T̀��A�Ȼ�=��j? ��9�]Ғ�h�|<(&m�zi�+�}��gl�@�m��h:��G�'�*{u"h�\wYaw��Kalx@�|%��Z:$0T��w2]��D-��aA�ʧf �k�VXG^��"G��i�KVa�B��"/n�/<��?��3�G�_��1h��Gx��R_��!��K��c�Yv=eGe��71`�Ղ�I_0��V�OPR��8*�l��b6DE�S�;&�]�H��&ˏid�c3a|~��q�R��;��

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9e61196cbf799259ee40ecd8a6e5c8f

Code Sign

46:56:da:a8:b8:b1:f3:e9:4b:b8:db:c4:6b:50:26:c6Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

72:63:33:17:d2:b1:0d:04:2f:b0:6f:7a:aa:29:37:3b:f3:09:18:1f:4c:a2:4f:c0:02:e6:5b:b7:76:bf:13:80Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 96B

.data0 Size: - Virtual size: 2.8MB

.data1 Size: 4.8MB - Virtual size: 4.8MB

.rsrc Size: 12KB - Virtual size: 11KB

46:56:da:a8:b8:b1:f3:e9:4b:b8:db:c4:6b:50:26:c6
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

72:63:33:17:d2:b1:0d:04:2f:b0:6f:7a:aa:29:37:3b:f3:09:18:1f:4c:a2:4f:c0:02:e6:5b:b7:76:bf:13:80
Signer

.text
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 96B

.data0
Size: - Virtual size: 2.8MB

.data1
Size: 4.8MB - Virtual size: 4.8MB

.rsrc
Size: 12KB - Virtual size: 11KB