163d51d647f7926381db1f347e31d31e

Sharing

Copy URL Twitter E-mail

General

Target

163d51d647f7926381db1f347e31d31e
Size

347KB
MD5

163d51d647f7926381db1f347e31d31e
SHA1

ae126d13115511651cb553a360d3815e96697bf0
SHA256

205d2e9a410676449fa26f572d399dfd4defabd68f241cd80117cd322f946e88
SHA512

5185ace93b5246d69cd7086df4a4314f1414514cca9921a54fe284e14fe2f4df244cb507fbb52406b52189439216f18b1f39a682fd3f93ec5f201d8be26fc6b5
SSDEEP

6144:mJuqGms9b9b8ApL69uGQvGYhTU7NC3413QTQm5iQUCsd:mJU/Gg9hhkkC

Score

1^/10

Malware Config

Signatures

Files

163d51d647f7926381db1f347e31d31e
.exe windows:5 windows x64 arch:x64

e4b4cdf86866e38dee8fb6e670b2345c

Code Sign

68:5a:e1:20:77:84:63:53:aa:54:23:02:da:53:2a:bd
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/11/2014, 00:00

Not After

17/11/2015, 23:59

Subject

CN=Aussie Labs (BrightCircle Investments Limited),O=Aussie Labs (BrightCircle Investments Limited),POSTALCODE=2025,STREET=Dasoupoli Strovolos+STREET=Athinodorou 3,L=Nicosia,ST=Cyprus,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:61:f9:dd:dc:01:72:bb:ab:f8:3b:0a:38:e6:70:00:8c:e3:22:6d
Signer

Actual PE Digest

f1:61:f9:dd:dc:01:72:bb:ab:f8:3b:0a:38:e6:70:00:8c:e3:22:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoA
VerQueryValueA

wininet

InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle

kernel32

GetFileSize
WriteFile
ReadFile
FlushFileBuffers
PeekNamedPipe
LoadLibraryA
GetModuleFileNameA
CreateFileA
OpenThread
FindClose
GetSystemTimeAsFileTime
GetFileAttributesA
FindFirstFileA
LocalFree
SetLastError
LocalAlloc
GetCurrentProcess
GetVersion
FindNextFileA
MultiByteToWideChar
GetTimeZoneInformation
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
VirtualAllocEx
VirtualFreeEx
RaiseException
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MulDiv
lstrcmpA
lstrcmpiA
LoadLibraryExA
FindResourceA
GetLastError
GetModuleFileNameW
GetStdHandle
LCMapStringW
CompareStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetCommandLineA
VirtualQuery
VirtualProtect
GetSystemInfo
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetStringTypeW
EncodePointer
Sleep
DecodePointer
VirtualFree
VirtualAlloc
GetConsoleCP
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
OpenProcess
GetFileType
GetConsoleMode
QueryPerformanceCounter
GetCurrentProcessId
OpenMutexA
CreateMutexA
CloseHandle
WaitForSingleObject
WideCharToMultiByte
GetDiskFreeSpaceA
FindResourceExW
FindResourceW
GetMailslotInfo
GetModuleHandleA
GetTickCount
SizeofResource
LoadResource
GetProcAddress
LockResource
SetStdHandle
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
ExitProcess
GetOEMCP
GetACP
IsValidCodePage
IsDBCSLeadByte
GetModuleHandleExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
LoadLibraryW
LoadLibraryExW
OutputDebugStringW

user32

LoadCursorA
GetWindow
GetClassNameA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
GetWindowLongA
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthA
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetFocus
CharNextA
GetDlgItem
SetWindowPos
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
CallWindowProcA
DefWindowProcA
RegisterWindowMessageA
GetParent
GetDesktopWindow
GetWindowTextA
SetFocus
PostMessageA
SendMessageA
UnregisterClassA
SetWindowTextA

gdi32

GetStockObject
GetDeviceCaps
DeleteObject
SelectObject
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetObjectA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyW

ole32

CLSIDFromString
CoCreateInstance
CoGetClassObject
CLSIDFromProgID
CoInitialize
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
OleInitialize
OleLockRunning
OleUninitialize
CreateStreamOnHGlobal
CoUninitialize

oleaut32

LoadTypeLi
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear

comctl32

InitCommonControlsEx

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4b4cdf86866e38dee8fb6e670b2345c

Code Sign

68:5a:e1:20:77:84:63:53:aa:54:23:02:da:53:2a:bdCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

f1:61:f9:dd:dc:01:72:bb:ab:f8:3b:0a:38:e6:70:00:8c:e3:22:6dSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 218KB - Virtual size: 218KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 12KB - Virtual size: 24KB

.pdata Size: 13KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 6KB - Virtual size: 5KB

68:5a:e1:20:77:84:63:53:aa:54:23:02:da:53:2a:bd
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

f1:61:f9:dd:dc:01:72:bb:ab:f8:3b:0a:38:e6:70:00:8c:e3:22:6d
Signer

.text
Size: 218KB - Virtual size: 218KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 12KB - Virtual size: 24KB

.pdata
Size: 13KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 6KB - Virtual size: 5KB