1af42937a766f92b8413f16d00502e77

Sharing

Copy URL Twitter E-mail

General

Target

1af42937a766f92b8413f16d00502e77
Size

585KB
MD5

1af42937a766f92b8413f16d00502e77
SHA1

6c2a7a406de67f169eb887211b0c4a37ba1d47f1
SHA256

24bb64806dd20376935a198f908e62b08afde9ca58e936a01d31021cb7acad3e
SHA512

2ab7148baaec95dd43a8104200e3e10f9af44e4695f32d87d79c477d630748c7e1c32a2cc3c74d9a09d7846ff6d4195188d7262bb8b8b8b13d9821912bc3b772
SSDEEP

12288:IMoP9b1SG5q2o3zmwNkadmajr0tGGObhM/:JoPVYj2o3Pj+SG

Score

1^/10

Malware Config

Signatures

Files

1af42937a766f92b8413f16d00502e77
.exe windows:4 windows x86 arch:x86

d12ef2f94520ad9cc2a8e10bb204a785

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2015, 00:00

Not After

02/05/2016, 23:59

Subject

CN=SBIS,O=SBIS,POSTALCODE=150001,STREET=PR-T MOSKOVSKIJ\, 12,L=YAROSLAVL,ST=YAROSLAVL REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

24:0d:67:88:5a:af:42:09:a7:24:34:f2:d5:8c:09:a2:fc:3c:cb:33
Signer

Actual PE Digest

24:0d:67:88:5a:af:42:09:a7:24:34:f2:d5:8c:09:a2:fc:3c:cb:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetTabbedTextExtentW
TrackMouseEvent
DrawTextW
OemToCharA
DestroyIcon
MenuWindowProcW
RegisterHotKey
InvalidateRect
EnumDesktopWindows
CharToOemBuffW
BroadcastSystemMessageExW
GetWindowInfo
BringWindowToTop
CharPrevA
ChangeDisplaySettingsA
GetUpdateRgn
MessageBoxW
CreateDialogIndirectParamW
UnregisterDeviceNotification
GetSystemMetrics
OpenIcon
CheckRadioButton
ShowWindowAsync
CloseWindowStation
SendNotifyMessageA
IsIconic
SetCursorPos
GetMenuContextHelpId
SetFocus
EnumPropsExW
AppendMenuA
SetDlgItemInt
GetMenuItemID
GetWindowThreadProcessId
CharUpperBuffW
RemovePropW
SetCaretBlinkTime
UnregisterClassW
SetClassWord
GetMonitorInfoA
GetForegroundWindow
FillRect
GetTopWindow
SetProgmanWindow
GetAltTabInfoA
SetMenuItemInfoA
MenuItemFromPoint
ChangeMenuA
GetListBoxInfo
CharLowerA
CharToOemW
GetDC
CreateDialogParamW
SetProcessWindowStation
DrawCaptionTempA
EnumThreadWindows
DialogBoxParamA
GetClassLongA
CopyIcon
SetCursorContents
LockWindowUpdate
FindWindowExA
UnregisterClassA
DefFrameProcA
GetMenuState
GetDesktopWindow
SetSystemMenu
EnableWindow
CharToOemBuffA
CheckMenuItem
SetWindowsHookW
LoadStringA
DestroyAcceleratorTable
AttachThreadInput
RealGetWindowClassA
AdjustWindowRect
SetInternalWindowPos
DrawIcon
GetAncestor
GetUserObjectInformationA
RealGetWindowClassW
GetWindowWord
ClipCursor
DrawCaptionTempW
OpenWindowStationW
SetRect
ScrollWindow
GetDlgItemInt
SetPropA
LoadKeyboardLayoutW
ReleaseDC
CharPrevW
InvalidateRgn
IsDialogMessageW
GetWindowModuleFileNameA
CreateAcceleratorTableA
ValidateRgn
CloseWindow
ValidateRect
GetWindowDC
GetMenuStringA
SetCaretPos
GetWindowTextW
GetWindowWord
GetShellWindow

kernel32

GetConsoleFontInfo
SuspendThread
GetTapePosition
GetLargestConsoleWindowSize
GetLogicalDriveStringsA
SetFileValidData
GetProcessAffinityMask
GetPrivateProfileStructA
GetAtomNameW
SetVolumeMountPointA
Sleep
GetProcessPriorityBoost
GlobalAddAtomW
CreateThread
EnumTimeFormatsA
GetCurrentActCtx
LocalFlags
LoadResource
WriteFileEx
LocalHandle
OpenMutexA
CreateWaitableTimerW
ExpandEnvironmentStringsW
EndUpdateResourceA
QueryDosDeviceW
GetCPInfoExA
GetDiskFreeSpaceA
GetExitCodeProcess
CallNamedPipeW
CreateSocketHandle
lstrcmpiW
LCMapStringW
QueueUserWorkItem
WriteProfileStringW
EnumCalendarInfoW
RegisterWaitForInputIdle
GetTapeParameters
GetCommMask
SystemTimeToTzSpecificLocalTime
GetNamedPipeHandleStateA
WriteProfileStringA
GlobalUnWire
SetTimeZoneInformation
FindFirstVolumeW
MoveFileWithProgressW
GetNumberOfConsoleInputEvents
GetFileType
WriteTapemark
UnmapViewOfFile
lstrcmpW
RegisterWowExec
CreateEventW
GlobalSize
UpdateResourceA
FindResourceExW
WritePrivateProfileSectionA
ReadFile
Heap32ListNext
WideCharToMultiByte
FindAtomW
InterlockedDecrement
GetProcessTimes
TryEnterCriticalSection
QueryMemoryResourceNotification
SetFileApisToOEM
GetPrivateProfileSectionNamesW
GlobalWire
FillConsoleOutputCharacterA
InitializeCriticalSection
AddRefActCtx
GetNamedPipeInfo
DelayLoadFailureHook
SetSystemTime
GetTempPathA
SetCommTimeouts
GetModuleHandleExW
GetProfileIntA
SetFileShortNameW
GlobalGetAtomNameA
GetProcessHeap
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

PathAddExtensionA

comdlg32

CommDlgExtendedError
GetOpenFileNameW
ChooseColorW
ChooseFontA

oleaut32

VarUI2FromBool
GetVarConversionLocaleSetting
VarR4FromI2
VarI2FromDisp

winspool.drv

ADVANCEDSETUPDIALOG
AddMonitorW

gdi32

CreateBitmap
RemoveFontResourceW
GdiCleanCacheDC

version

GetFileVersionInfoSizeA

wtsapi32

WTSWaitSystemEvent
WTSEnumerateProcessesA
WTSVirtualChannelPurgeInput

ws2_32

gethostname
WSARecvDisconnect

comctl32

CreatePropertySheetPage
MenuHelp
ImageList_SetFlags
ImageList_SetIconSize

Exports

Exports

�'�B!?HG��Ȩz�<��͉iN��_�d�,xV��I�ќ}�% �z��M�Н�w�R9�rɮ� �̙e>�gMV�,!�(6��W� u/'�퓝�xv��sI�A�|j4��b^��D1��g�l��'��N�p8�P�L�Z`��1�-��Ȥtg��QG�� Q$~M��!ۇH��̝n�2Ia�IZl��/N:D�W��!��uQ�9��wQ0�Dy��-��[��Ue�W��k��V~q��2_��<gk��R��e��0J��o��ȑ��$�SC�wս�� (WHP��y�C��p>� D6��Ҽ�1e�%͉��XPMU�!��ڕZ ��?�P]6�N'��L2� �)�O�Ŏ��C�+��w8[y"FX=�x�d-�KL�-�Ҿ��9$�S��$rT�r��hL�p��1�0�WW�N�Ĵ��_��I!5� �8��/��e� �A �=��\�z�;[�sZ�.:��s��a �z0�� xu ��>�|��9��&�Kſ�6��Y>�+ɰZ��c#9t�M��2[�M��[E�Y�t#��{r�$��Օ^��<?qZ:��R��g�4o�VٍT�I� �A#�E\�sh3k2��댇��|� y�ȪѨ qn��?��U�ġ�Pxm��/�'�5c�I��9b@�Fl�ax��Zq��Ġx��%)��_nK��"Ɍ��-��$�&J��FDu��̞pf��v��3��13��~,1��˳ݘ�臯]k?~��Un�6u��Iq�r��c�2��D��S�ia�3� �[fSI)J��!w%�A�;�M��ɇ�|�H��e��V��6� �|��7cX:��0��,P�z|#��b��@��uo2��T]�H�]��n�,�� P%��6�06؊�q�FkT�B�`�,��,��a[z��2��6��;[%�z=%EdRݾ�rE�F��\��V=03 �ۮŊ��хy6�;��(��uX��k�V ��+^T]�(i&g��{^^�H��Bz�c(�vQŵ��MNg,EO�8�躭�DyҾ�� ݰ��A�ʊ�@��?g��9Ӆ��Y$ ��2uke��c�K��#��F�3o�~0��<T~��{��(ZhU�i��gжY��b.��ܫ*�W�?_�C��Xҽ7�2:��{��A��{U��e 3��t��]ǣVsi�^"�8K�g�4`P��U �ێ��P��7fx��9��{r.Vv��"+h�꤫��lH�I�3��Bs�r��Őd�G�Z}�` ns�ɶ��R��%��0v�@x�͠�,��;}�U��/X#�]�`��_��%s�B��:Z��3�r��6�w��ò�/#[��!b��Ѷn��p�۟�>��WLV��6t!��:��|B�;!��4m��ӣZE�O Mܦ�ԑ�h� e:�n�A�3쨴�-h��88N�D��p.|"�G�^��;4��d�OWlv�R/=׈��%hq\�d��5L��ErDT�P��FĒ�� (uA�`�j�~�G1�ޛ�E�\F��$��\��w��u��E��,�̬��,PeUB�>��o&R��+5�"� �턑),a�qm�T 8yB�*�q�rX��Eu88K��[�Z;F��j�D2&vO��-�-�2��m�� &+PcE%�DF�31��Ӓ�T�v��ROҎ�G^:/]%([��"_��%�g��L~��T�&%$��>E>��b,�5q��Rh̲�O��)rX2�L��K�m��7o&��jl��0��c�Ѯ��i�?^�6�'��9l��Y"Щ�/�":��[Ϲ��!��I��`Y��=��B*̚:�Ҁ�� k�WK��-��Z��h�X�v�}VJ��)�\؛�r�g�MNo��{��˘mX�� |��YKտ�r�I$�,�ju�ЈU��zd��Ƹ��}a�%14l�}FE㜄��[��S*��Y�� ?^��q��@��);��~��9��gqb9�yh��ǣ��D1�\�"x�(NBm2��!l�-�=a�do$*��-��%6#�¤��݋�0��"��0r&�N��2-�jWE�N��^��2��N��K,c1E��₤�� F��,R��Mյ��G"ܝ�p*6jH��m��6�L�c64a�~��L��9^mJ�˶��@�C��;FG;0I�)�4G��n�� $<gz�.��T�:q(q��M��1�}B��i��o�Q��(yw,�V��B^�7;}�{K*9��8E��Y�Xq�8IT��n?��e�%��_5O�r�{c c�6�8��؂#Sb�6n��0��-,�Ҫ+�3�H��㾘��S��51+�B��<ᗔ��g�� >X;�<7W 2ʹF��tɉd�I��*�y��)K��C7��,n9��9�ٕKӧ�䛝��u#�^l�Ki�d��?yT��?� ��/��<,��ݟ'��Q�>��b��#��SL��2� "!��[&E��yu�q��f�l��3D�(e��v��cbM��a-|7ЛO�k��2�AZC)<�{@��I�ox+| he�)X��ʓ#�n.<�z��6*�A��`Ȟ~W3'|cap�;>��w��_(��b��ܬ�F-�� fm��q��=:��&du�qO1��GdK nqi�$K�y�^΀��:��v_{F5�khm�Z Yϩ�WmG�<q��(��X6�i[pIT�FpBj�a�jEda>/��e㋲�� B��M��`^ ?��)�>�[��%k��Ž�1��2��O��@9�F6qHE�<6�K��F�I � X�2,��P�I�0��22��.��N

Sections

CODE
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d12ef2f94520ad9cc2a8e10bb204a785

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2Certificate

Extended Key Usages

Key Usages

24:0d:67:88:5a:af:42:09:a7:24:34:f2:d5:8c:09:a2:fc:3c:cb:33Signer

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

comdlg32

oleaut32

winspool.drv

gdi32

version

wtsapi32

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 404KB - Virtual size: 404KB

DATA Size: 18KB - Virtual size: 18KB

BSS Size: - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.text0 Size: 17KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 72KB - Virtual size: 72KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

24:0d:67:88:5a:af:42:09:a7:24:34:f2:d5:8c:09:a2:fc:3c:cb:33
Signer

CODE
Size: 404KB - Virtual size: 404KB

DATA
Size: 18KB - Virtual size: 18KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.text0
Size: 17KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 72KB - Virtual size: 72KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB