15a49864d0a67a2ace981662ac1076e9

Sharing

Copy URL

Twitter E-mail

General

Target

15a49864d0a67a2ace981662ac1076e9
Size

478KB
MD5

15a49864d0a67a2ace981662ac1076e9
SHA1

59835bffec8f74fcc5b1a8311348e443fa7b6cb7
SHA256

2298d061d4dcbc4bc0f877fbfc9f0295cc82f86d3c902041a3673f6bbb3c4992
SHA512

cdda32fd47c1bc177a1921194bc53d31b999288524c49b61525ff7c2791f2949331d34f66ff61736dd9817d3aa9fcb5e101f8721ef616d2674365f0b0f1568c2
SSDEEP

6144:52G4TETuO6WLjuWptGm69RXjhIVMy70n67BpFnN9CGmlqNdPblkN1FHs5TXJx9fa:UG4TguO6WLjwmMhIKf67hN9CgOOvmXwA

Score

1^/10

Malware Config

Signatures

Files

15a49864d0a67a2ace981662ac1076e9
.exe windows:5 windows x86 arch:x86

6fa4fdde9a1507f27d68ab852fe8bf48

Code Sign

47:15:4c:21:51:e9:eb:8d:fa:42:c2:c9:e4:5b:fc:6c
Certificate

Issuer

CN=Certum Code Signing CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

27-06-2014 08:37

Not After

27-06-2015 08:37

Subject

CN=Stepan Rybin,O=Stepan Rybin,C=UA,1.2.840.113549.1.9.1=#0c14727962696e2e737465704079616e6465782e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

f9:9c:fc:2a:96:79:51:f8:d4:ba:b4:2b:bd:ef:c7:57:8c:43:e0:3a
Signer

Actual PE Digest

f9:9c:fc:2a:96:79:51:f8:d4:ba:b4:2b:bd:ef:c7:57:8c:43:e0:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
WriteFile
GetCurrentThreadId
ExitThread
GetCurrentProcess
GetLastError
ExitProcess
GetProcAddress
CloseHandle
WriteConsoleW
HeapFree
GetCommandLineA
HeapAlloc
GetProcessHeap
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
Sleep
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
RtlUnwind
HeapReAlloc
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
CreateFileW

wininet

InternetCloseHandle

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fa4fdde9a1507f27d68ab852fe8bf48

Code Sign

47:15:4c:21:51:e9:eb:8d:fa:42:c2:c9:e4:5b:fc:6cCertificate

Extended Key Usages

Key Usages

f9:9c:fc:2a:96:79:51:f8:d4:ba:b4:2b:bd:ef:c7:57:8c:43:e0:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wininet

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 128KB - Virtual size: 138KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 7KB - Virtual size: 7KB

47:15:4c:21:51:e9:eb:8d:fa:42:c2:c9:e4:5b:fc:6c
Certificate

f9:9c:fc:2a:96:79:51:f8:d4:ba:b4:2b:bd:ef:c7:57:8c:43:e0:3a
Signer

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 128KB - Virtual size: 138KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 7KB - Virtual size: 7KB