3d76e3b7056b1996247bb6e5f882fe57

Sharing

Copy URL

Twitter E-mail

General

Target

3d76e3b7056b1996247bb6e5f882fe57
Size

249KB
MD5

3d76e3b7056b1996247bb6e5f882fe57
SHA1

2ae60502ea25bb21f54b4baf8b96dfd4913d9855
SHA256

200ce475a60fe1c636bc320bc8bad9c35adbedddf7a5d86adb00b49484836c76
SHA512

971594ffd162378809f123e1ebe4ebb87cc5e7950094796c377698b18ba539600b84dacf369c7dcc5c58721c1de5cbfc8aba946194eb119aa6d43c822eb32795
SSDEEP

3072:6WJjfED5oooooo84NY+itwYAYM+6SuD9OpSPhniZGvwPjfGOA3S+55UO24bnpaUq:6UfED+4N86Xy3Q2aR24Ndq

Score

1^/10

Malware Config

Signatures

Files

3d76e3b7056b1996247bb6e5f882fe57
.exe windows:5 windows x86 arch:x86

01e1b3bf28f5225e2223c7beed0d5c43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Iebug Bibjox,O=Hhg Nhadaqaaf Tiz,L=Myarixo,ST=Bopdixph,C=RU

Not Before

14/07/2015, 12:05

Not After

13/07/2016, 12:05

Subject

CN=Fhghtudv Hisay,O=Hhg Nhadaqaaf Tiz,L=Myarixo,ST=Bopdixph,C=RU

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f5:cf:cc:c4:06:57:d4:9c:11:5e:70:2e:85:fa:08:2b:7a:f8:79:fb
Signer

Actual PE Digest

f5:cf:cc:c4:06:57:d4:9c:11:5e:70:2e:85:fa:08:2b:7a:f8:79:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
HeapDestroy
HeapSize
HeapReAlloc
WideCharToMultiByte
FindResourceExW
CreateFileA
WaitNamedPipeA
SetNamedPipeHandleState
CreateEventW
CreateThread
SetEvent
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
ReleaseMutex
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
DeviceIoControl
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
RaiseException
ReadFile
InitializeCriticalSectionAndSpinCount
DecodePointer
UnhandledExceptionFilter
lstrlenA
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
GetFileType
GetOEMCP
GetACP
GetFileSize
FlushFileBuffers
WriteFile
CreateFileW
LockResource
GetCPInfo
LoadResource
SizeofResource
FindResourceW
HeapFree
GetProcessHeap
HeapAlloc
MultiByteToWideChar
GetCurrentProcess
IsWow64Process
Sleep
WaitForSingleObject
CloseHandle
TerminateProcess
GetLastError
GetLongPathNameW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
TlsAlloc
IsValidCodePage
GetStdHandle
LCMapStringW
GetStartupInfoW
TlsFree
RtlUnwind
GetCommandLineW
ExitThread
GetModuleHandleExW
ExitProcess
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TlsGetValue
LoadLibraryExW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetStringTypeW
TlsSetValue

user32

RegisterClassExW
CreateWindowExW
LoadCursorW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
SetTimer
DefWindowProcW
KillTimer
PostQuitMessage
ShowWindow
UpdateWindow
LoadIconW

advapi32

CryptReleaseContext
CryptCreateHash
RegDeleteKeyW
StartServiceCtrlDispatcherW
StartServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
ChangeServiceConfigW
DeleteService
ControlService
CloseServiceHandle
ChangeServiceConfig2W
QueryServiceStatus
OpenServiceW
CreateServiceW
OpenSCManagerW
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
LookupAccountSidW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptAcquireContextW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc
OleRun

oleaut32

LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
GetErrorInfo

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01e1b3bf28f5225e2223c7beed0d5c43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

f5:cf:cc:c4:06:57:d4:9c:11:5e:70:2e:85:fa:08:2b:7a:f8:79:fbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 856B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

f5:cf:cc:c4:06:57:d4:9c:11:5e:70:2e:85:fa:08:2b:7a:f8:79:fb
Signer

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 856B