3da31a5956ee08eec1d26fb943894cab

Sharing

Copy URL Twitter E-mail

General

Target

3da31a5956ee08eec1d26fb943894cab
Size

245KB
MD5

3da31a5956ee08eec1d26fb943894cab
SHA1

36820c0cbe4fbb8b159c26021a9053dcc4be7b02
SHA256

061fce02b7b5a56facba88f8b013af45ba66f00372d030452a68e16035b26b21
SHA512

4d42e164201230485154eb85aa400aab619c11839f05ae9c256d7bb68fc9f614388f9bd04cc75c9362079fb2d73b4618b979e029a6200084e32bbdb5159172b5
SSDEEP

6144:O85M2jxU4T0tzNbAaZCJSm6cmD5D/4VifyyyEnY:vb1otzNbt5BGYyEnY

Score

1^/10

Malware Config

Signatures

Files

3da31a5956ee08eec1d26fb943894cab
.exe windows:4 windows x86 arch:x86

02dbd33e47357d9dcbef2926eb3439c7

Code Sign

67:dd:07:f0:8d:a4:70:45:be:7f:7b:41:a5:a9:4c:d1
Certificate

Issuer

CN=cwigwwlmrpf

Not Before

09/07/2012, 11:02

Not After

31/12/2039, 23:59

Subject

CN=Aswert

8f:9d:93:95:a4:e1:fb:c1:68:c2:55:c5:1f:a0:7b:cd:01:a4:3f:e4
Signer

Actual PE Digest

8f:9d:93:95:a4:e1:fb:c1:68:c2:55:c5:1f:a0:7b:cd:01:a4:3f:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExA
RegisterEventSourceA
RegLoadKeyA
RegCreateKeyA
ClearEventLogW
RegDeleteKeyA
RegNotifyChangeKeyValue
RegQueryMultipleValuesA
RegDeleteValueA

kernel32

VerLanguageNameA
HeapCompact
OpenMutexA
GlobalFlags
CreateEventA
MultiByteToWideChar
LocalLock
GetACP
HeapUnlock
HeapWalk
HeapAlloc
GlobalAlloc
GetCPInfo
GlobalSize
GetPrivateProfileStringA
GetProfileSectionA
WriteProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetProcAddress
VirtualAlloc
GetModuleHandleA
GetStartupInfoA

winmm

waveInMessage

version

VerInstallFileA
GetFileVersionInfoA
VerFindFileA
VerQueryValueA

secur32

DecryptMessage
CompleteAuthToken
DeleteSecurityContext
FreeCredentialsHandle
ApplyControlToken
AcceptSecurityContext
EncryptMessage
ExportSecurityContext
MakeSignature
VerifySignature

msvcrt

_XcptFilter
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_exit

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02dbd33e47357d9dcbef2926eb3439c7

Code Sign

67:dd:07:f0:8d:a4:70:45:be:7f:7b:41:a5:a9:4c:d1Certificate

8f:9d:93:95:a4:e1:fb:c1:68:c2:55:c5:1f:a0:7b:cd:01:a4:3f:e4Signer

Headers

File Characteristics

Imports

advapi32

kernel32

winmm

version

secur32

msvcrt

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 210KB - Virtual size: 209KB

.data Size: 512B - Virtual size: 329KB

.rsrc Size: 20KB - Virtual size: 19KB

67:dd:07:f0:8d:a4:70:45:be:7f:7b:41:a5:a9:4c:d1
Certificate

8f:9d:93:95:a4:e1:fb:c1:68:c2:55:c5:1f:a0:7b:cd:01:a4:3f:e4
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 210KB - Virtual size: 209KB

.data
Size: 512B - Virtual size: 329KB

.rsrc
Size: 20KB - Virtual size: 19KB