0fc9ae0b3e3ef3f97c14a7f0d37d07db

Sharing

Copy URL

Twitter E-mail

General

Target

0fc9ae0b3e3ef3f97c14a7f0d37d07db
Size

1.2MB
MD5

0fc9ae0b3e3ef3f97c14a7f0d37d07db
SHA1

a825b84ea4fbda0a783c3b9af8ef8fd6d1b6d5e1
SHA256

15df82324693123774a9d40a112ea55db13fef0b16d677e941f8540837f29582
SHA512

245ae813d74243137ec046425edad219cd97c124176484eb1f4ababdfa964f1c8c713980ad129e95ce487e46e1a389c2d07f831cc4ab0c0152ca8ce557e7595f
SSDEEP

24576:5Z+uEduReobsAsv3CoeKWBcvvNBQPF4e8MAyJLvMp9p:jlYA4SAUcvvTQab7yJLvMR

Score

1^/10

Malware Config

Signatures

Files

0fc9ae0b3e3ef3f97c14a7f0d37d07db
.exe windows:5 windows x86 arch:x86

648f259ce8385b706569fa1d8b5963c2

Code Sign

bb:ac:4a:51:36:01:16:44:b2:f0:f0:83:eb:9b:b8:c3
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/11/2014, 00:00

Not After

07/11/2015, 23:59

Subject

CN=Consortium Group ltd.,O=Consortium Group ltd.,POSTALCODE=00152,STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR. ROSEAU\,DOMINICA\, 00152+STREET=3RD FLOOR\, C&h TOWERS,L=ROSEAU,ST=ROSEAU,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:c1:1d:15:f9:92:ce:05:12:97:32:2e:be:86:1b:2b:93:00:b3:e4
Signer

Actual PE Digest

39:c1:1d:15:f9:92:ce:05:12:97:32:2e:be:86:1b:2b:93:00:b3:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_Create
ImageList_GetDragImage
ImageList_Read
ImageList_Write
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Remove
ord17

setupapi

SetupDiDestroyDeviceInfoList

wininet

InternetOpenA
HttpEndRequestA
InternetCloseHandle

kernel32

GetTempPathW
GetCurrentProcess
lstrcatW
GetWindowsDirectoryW
SetCurrentDirectoryW
DeleteFileW
CreateDirectoryW
GetLastError
GetTempPathA
GetSystemInfo
GetStringTypeExA
FreeResource
InterlockedIncrement
GetCurrentProcessId
CreateFileMappingA
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
FlushFileBuffers
SetStdHandle
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
HeapAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
HeapFree
GetCommandLineW
GetModuleHandleW
VirtualAlloc
WriteFile
SetErrorMode
GetVersion
GetProcAddress
GetVersionExA
GetCommandLineA
lstrcmpiA
GetStartupInfoA
GetSystemTimeAsFileTime
GetStringTypeW
GetTickCount
ReadFile
ExitProcess
CloseHandle
CreateFileA
GetCurrentThreadId
QueryPerformanceCounter
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

user32

RegisterClassExA
MessageBoxA
SetWindowPlacement
ShowWindow
GetCapture
SetScrollPos
GetClassNameA
GetSystemMenu
GetWindowLongA
GetSystemMetrics
SetWindowLongA
SetScrollRange
SetWindowPos
WindowFromPoint
WaitMessage
ValidateRect
TranslateMessage
ShowCursor
ShowScrollBar
GetClassInfoA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
CharNextW
ShowOwnedPopups

gdi32

DeleteEnhMetaFile
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
TextOutW
OffsetWindowOrgEx
DeleteMetaFile
GetLogColorSpaceW
SetAbortProc
Rectangle
UnrealizeObject
StretchBlt
SetROP2
SetPixel
CreateFontIndirectA
SetEnhMetaFileBits

comdlg32

GetSaveFileNameA
ChooseFontA
ReplaceTextW
FindTextW
GetOpenFileNameA
PageSetupDlgW

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExW
AllocateAndInitializeSid

shell32

ShellExecuteA
StrStrIA
SHGetFileInfoW

ole32

OleInitialize
CoTaskMemAlloc

oleaut32

SafeArrayRedim
VariantInit
VarDecRound
VarRound
VarNumFromParseNum
VariantChangeType
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayPutElement

Sections

.text
Size: 944KB - Virtual size: 943KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CodE
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

648f259ce8385b706569fa1d8b5963c2

Code Sign

bb:ac:4a:51:36:01:16:44:b2:f0:f0:83:eb:9b:b8:c3Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

39:c1:1d:15:f9:92:ce:05:12:97:32:2e:be:86:1b:2b:93:00:b3:e4Signer

Headers

File Characteristics

Imports

comctl32

setupapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 944KB - Virtual size: 943KB

CodE Size: 132KB - Virtual size: 131KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 57KB

.rsrc Size: 148KB - Virtual size: 147KB

bb:ac:4a:51:36:01:16:44:b2:f0:f0:83:eb:9b:b8:c3
Certificate

01
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

39:c1:1d:15:f9:92:ce:05:12:97:32:2e:be:86:1b:2b:93:00:b3:e4
Signer

.text
Size: 944KB - Virtual size: 943KB

CodE
Size: 132KB - Virtual size: 131KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 57KB

.rsrc
Size: 148KB - Virtual size: 147KB