447d1620073d99634d6d38f831b667be

Sharing

Copy URL Twitter E-mail

General

Target

447d1620073d99634d6d38f831b667be
Size

604KB
MD5

447d1620073d99634d6d38f831b667be
SHA1

c2b7299767ab41426a161906e1286ec7065be9ca
SHA256

166e6766dab7a0df6e8b52e9e60c135fc14d15ed0f232c78b7de3e62d243c38d
SHA512

4c0840ff9d948bcdee8027ae4b4f3f94a237a15f273634a28c4b0c99054f4585e39d2ba94a9d8c29cae9edd72b80b3709b19ac873862ada090c7e583126443e6
SSDEEP

12288:38UeDcMcL9qnUpALYWgZCU5gcZ5dTzFrcM4:3Ficx3e0d2ezFrE

Score

1^/10

Malware Config

Signatures

Files

447d1620073d99634d6d38f831b667be
.exe windows:4 windows x86 arch:x86

6ba4d680ce1d4f0d928d7d11b11db0bc

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/04/2015, 00:00

Not After

12/04/2016, 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

54:6a:49:e5:cd:a8:03:2c:89:47:3c:6b:51:f7:b7:1c:6a:c8:e2:5e
Signer

Actual PE Digest

54:6a:49:e5:cd:a8:03:2c:89:47:3c:6b:51:f7:b7:1c:6a:c8:e2:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

MenuWindowProcA
CharLowerW
CreateDialogParamW
MapVirtualKeyW
PtInRect
GetKeyNameTextA
LoadStringA
IsCharLowerA
ScreenToClient
DispatchMessageW
GetGUIThreadInfo
SetWindowWord
SetClassLongA
MapVirtualKeyExW
InvalidateRgn
SetCaretPos
CreateDialogParamA
IsHungAppWindow
UnregisterClassA
GetWindowTextLengthW
SetMenuItemInfoW
LoadAcceleratorsA
GetLastActivePopup
SetClipboardData
GetWindowTextW
DrawMenuBarTemp
LoadMenuW
GetWindowRgn
CharToOemBuffA
SetDebugErrorLevel
wsprintfA
MessageBoxIndirectA
SetFocus
BroadcastSystemMessageA
FrameRect
GetSubMenu
SetPropA
LoadKeyboardLayoutW
GetThreadDesktop
LoadCursorFromFileA
IsDialogMessageW
SetDeskWallpaper
CloseDesktop
SetUserObjectInformationA
DialogBoxIndirectParamW
UnregisterHotKey
GetDC
GetMessageW
GetUpdateRgn
GetInputDesktop
GetMonitorInfoW
CascadeWindows
GetCapture
EnumDisplaySettingsExW
PrivateExtractIconsW
IsWindowVisible
GetFocus
DrawFocusRect
BeginPaint
GetMenuItemRect
FlashWindow
GetWindowDC
CharToOemBuffW
TabbedTextOutW
GetUpdateRect
GetClassLongA
AppendMenuW
ModifyMenuA
SendNotifyMessageA
EnableWindow
ShowWindowAsync
EnumWindowStationsW
EnumDisplayMonitors
GetMenuItemInfoA
RealGetWindowClassA
ToAscii
SendMessageTimeoutW
PrivateExtractIconExA
DefFrameProcA
SetDlgItemTextW
RemoveMenu
EndPaint
GetMenu
DrawIcon
GetClipboardFormatNameW
GetMenuBarInfo
ReleaseCapture
CharNextW
AllowForegroundActivation
ArrangeIconicWindows
IsCharAlphaW
EnableMenuItem
PrintWindow
wvsprintfW
SwitchDesktop
ValidateRgn
GetSystemMetrics
MessageBeep
CharNextA
SetCaretPos
IsHungAppWindow
GetWindowTextW
EnumPropsExW

kernel32

HeapSetInformation
GetSystemInfo
DosPathToSessionPathW
GetLocalTime
UnlockFileEx
FindNextFileA
EnumResourceTypesA
IsProcessInJob
GetStartupInfoW
QueryDosDeviceW
EndUpdateResourceA
GlobalFree
GetConsoleTitleW
EnumCalendarInfoExW
GetTapeParameters
WritePrivateProfileStructW
GetProfileIntW
GetTimeFormatW
DeleteCriticalSection
VirtualQueryEx
SetCalendarInfoA
BuildCommDCBA
ExitProcess
FindFirstVolumeW
WritePrivateProfileStringA
GlobalDeleteAtom
SetFileAttributesW
GlobalLock
CommConfigDialogA
GetPrivateProfileSectionNamesW
SetFileShortNameA
SetThreadLocale
GetModuleFileNameA
QueryPerformanceFrequency
Sleep
AssignProcessToJobObject
SetThreadUILanguage
GetPrivateProfileStructA
SetCommState
DeleteVolumeMountPointW
GetTempPathW
VirtualFreeEx
GetHandleContext
WinExec
CreateDirectoryExW
CreateMailslotA
LocalFileTimeToFileTime
LockFileEx
LZStart
CreateDirectoryW
ResetWriteWatch
GetDiskFreeSpaceW
GetConsoleInputWaitHandle
WaitNamedPipeA
GetStartupInfoA
EnumResourceTypesW
GetProfileSectionA
DeleteFileW
EnumCalendarInfoA
DnsHostnameToComputerNameW
GetLogicalDriveStringsA
RegisterWaitForInputIdle
GetLastError
ClearCommError
TransmitCommChar
GetLogicalDrives
GetAtomNameA
DeleteAtom
CompareStringA
LocalUnlock
GetCurrencyFormatW
InitAtomTable
PeekConsoleInputA
ReadConsoleInputW
GetProcessShutdownParameters
GlobalMemoryStatusEx
EnumResourceLanguagesW
GetProcessHeap
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

UrlCompareW

ole32

StgOpenAsyncDocfileOnIFillLockBytes
HPALETTE_UserMarshal
ReleaseStgMedium
CreateBindCtx

comdlg32

dwOKSubclass
GetOpenFileNameW

oleaut32

VarI2FromUI4
VarUI2FromI1

shell32

StrRChrA

winspool.drv

EnumPrinterKeyA
EnumPrinterDataExW
EnumPrintProcessorsW

advapi32

RegisterServiceCtrlHandlerExW
LsaGetSystemAccessAccount
LsaSetInformationPolicy
RegisterTraceGuidsW

gdi32

GetCharWidthW
GetDCOrgEx
GetDCPenColor
SetMiterLimit

version

VerQueryValueW

wtsapi32

WTSDisconnectSession
WTSSetSessionInformationA

ws2_32

WSASetServiceA
select
WSALookupServiceBeginW

comctl32

CreatePropertySheetPageW
ImageList_Copy
CreateMappedBitmap

Exports

Exports

��+��40}��M��9vkWg!�0��*�(��eP�*��i�z�ϪxBn'�K��Z�]�4F��mΕՆ��-�LƠ�� .�N�Y��s��渐v��<��7��],��0�گ;�7�;j��HA��]�8��U%Uw�Hk�4m�m��u�z�M��W�%Zzh�8r�Z�D_�xg�#��[W~��ۮ��N�[��I@x��Ox�� Y�6��Xo��+��_V��#0lF��P��N��6��K��G�/0��ڣfY��\�E�L��&Lӂ�7;�3qķ�5��:�{��d��N4#�󩁮 !��*�$c��at��Ȍ&��o}�*��թ�0��S��H!՗Ǜ{x�*��w�z ��^�\��X��@� ѱ��s�٣}��ć��X�:�� &�9�ǊɄ��E�J��[�H_E�h��?�E@��L"��'F�I摊� eR��b`��=?��:��UxM@�S`�?�[��@��Y�� "��`�Ț��ı�m�!�_K8zmW`Ԗf��ĝ\Pذ�|ǲr��@0��.�JSo��u��o�T.h�T��kL��4�!#� ��h��ȇ �k�l�I��"�� ^]�l�2,�lu� 4AN�G~�s�� r��1�f[�^2=�C�6=��3��X-��F�b�rny�xH�2�s츒��\_-��id�1˶��#PI��D�=��§� � UOw�q"��ӝQw�`��#j�W��f��[��C�G�NWo�Ҫ�ȤzR.T��O��|dq�,I��kM��-��o��T��d�֔%i,¯��M��;�'&��e��.�6rc#Z.4�Rk��ɜafX�0�L�-��6��P�ـ��EDm�=��L+ ��l��O,é��OD^>��W��5�GS˹�[/iHC:Iy�c�r�>(�s�k� ns �v��J��D53�a��m�^D�^��hV��q��D��X@x��W^فzy�^s?�f^��T��,HL�D�P��\�fE�D �?�� y��F��l��R]%p�ப(P��J��.3d��?�X|^��KI��E>��Pl��:��J��?��J��ZK��{q�͔��]{�,�]|6bUe � !ۚM��!i⭽��c��Xz��?kn[S-�)91��bY��?Ҷ��T�Z;)H�KH�e�i��h4�Y�u��i�*�o��d�W�ђJr<K�BgF��s��n Iz�i�]M��L?jΡC�Y��5fea��w@q��v/��3E�#R G��2�8�5��c��ՃJ$��|��j�1�h�v��#Ėi��q��bJ9��ӆ�9�w��7Z�ͼh �wM�7˦*7-�ƣ�iD��^��|�'�2�9y��1�� 9L�{-AԳ�Ұ�l��3s�g/0�b�2-P��q�zO��Zb'��&0Q��ʱJϹ.ݓ�n�V�y��:v��F��Z��-��B�R~�� M�dk�U��`Ӽ;܀��ʃ�N�+)��qf��{�X5�uڛ�f��68_dIƄPΕŬy] �� .�4��?J3��ٱNţ�)�.��Ҷ�|8q8��<QRI՟�«Y�!c��^�3�iPu]�N��Z$��G/�3v��Q3F�<�� E��O��gf�|��"��NOK�jE��@_�J`�K�s˛&��q��M�,�Xf��I6��"2dgo.�Ҋ) �@��=C�7� a2��F3�h�u�q�4X��vJtA�c�[��ѣ��^�S��|��|<{��'��=��L��Ss��=r�� K|��<��A�h��d&hV��{��W!�O=�<D?`�1�X��8��y��$G0�2��R��V�z��&��\� �=�n��=��D�q_��Z�ߥ~6��mW�#�B�[+V4�v_��B-��Y��P r�]��ٌ�eI�E]q[@1�zy<�Z�N0� �g��(`n��j��|��Uh�+1�b�RLԳJbq��g/Fٞ��+�B��/D��, ��B�I�g6 �;��\C��oq�=��&�8��i�:��n ��Nv�H��GR��(<]��PJ�{?��b@d�t�Ü��K�/~�!��j�F�#��ʃ��P:�3E&B�5�H2.H>7�7��Yܟ|��Wi��@�3S�4)^G<�o��0ph1�.4��|(��d��""d܄��F�\��N�=d6�"5� �=Q��?�a2�xժ7ݭ<䷞w��s�nD�0?\�8��SEv��鸉mŮ��j# ��QΥ%��"�'_;��*��2��w� �.�5��me��R��[�d^x�?��&eJ*.(�G|�mNE9c��Y^�V��T��a�R�f��DP�}��z��O��B��/��,7 �ɒ�Y�U�(�z�QAI�"ݽ.��]{U'��J�R=m��hqu��(},��*ҁ��%F�9�?)� ��R�I��7��}K�K�J/�G^vn�<b֒� 9ث��2��4��8�Z��Bi��AX��@�w��5�^Z�R�E�n�C��$`p�P��Ġ�X��%��]�\��a��w?�͟d��&묡�f�/wxZ�m-6n�H��?i�P?��CD� �6=��Q��ѯJE� ��|m6w��x��SjH��W��G|x?>��V�[��)��=`}��Lb�nSaK��_+�� Pc��a�tF�D� �SdTs��1P((�fF��[�<$��4'��X�ӵa"C�A��ڨ�6��5��Q嗴��>��ģ~�\�HD��,@9륍�(�LU��O��&!4�w

Sections

CODE
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 929B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ba4d680ce1d4f0d928d7d11b11db0bc

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

54:6a:49:e5:cd:a8:03:2c:89:47:3c:6b:51:f7:b7:1c:6a:c8:e2:5eSigner

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

ole32

comdlg32

oleaut32

shell32

winspool.drv

advapi32

gdi32

version

wtsapi32

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 437KB

DATA Size: 14KB - Virtual size: 13KB

BSS Size: - Virtual size: 929B

.idata Size: 5KB - Virtual size: 5KB

.text0 Size: 15KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 65KB - Virtual size: 65KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

54:6a:49:e5:cd:a8:03:2c:89:47:3c:6b:51:f7:b7:1c:6a:c8:e2:5e
Signer

CODE
Size: 438KB - Virtual size: 437KB

DATA
Size: 14KB - Virtual size: 13KB

BSS
Size: - Virtual size: 929B

.idata
Size: 5KB - Virtual size: 5KB

.text0
Size: 15KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 65KB - Virtual size: 65KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB