1dc746405aee178f685d2f24cd258cfe

Sharing

Copy URL

Twitter E-mail

General

Target

1dc746405aee178f685d2f24cd258cfe
Size

585KB
MD5

1dc746405aee178f685d2f24cd258cfe
SHA1

37eeb6720b77ee7500dffb9665899b3b269515c2
SHA256

22137b284d498a3438207eaa72df49f95eaa1c55e6222037426dab21fde88272
SHA512

0cea49bd4b847bf67caa91cc5c7ed3dccd62b6949ad7a771b1dc38512c90b6989e674bf687a280627809d736a3854f65b772e24bf42435f7ada18bed7f1e6584
SSDEEP

12288:VTStHGQQbjMG8KNhVFNGa/fVWIc0KgGGKbhMru:VTStqbjMGrN50wEIbOyu

Score

1^/10

Malware Config

Signatures

Files

1dc746405aee178f685d2f24cd258cfe
.exe windows:4 windows x86 arch:x86

d55323b5065376453d58c96e4acfec83

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2015 00:00

Not After

02-05-2016 23:59

Subject

CN=SBIS,O=SBIS,POSTALCODE=150001,STREET=PR-T MOSKOVSKIJ\, 12,L=YAROSLAVL,ST=YAROSLAVL REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

de:87:51:23:80:5c:aa:d1:15:f2:60:60:de:ec:be:03:11:a5:eb:4a
Signer

Actual PE Digest

de:87:51:23:80:5c:aa:d1:15:f2:60:60:de:ec:be:03:11:a5:eb:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetTabbedTextExtentW
TrackMouseEvent
DrawTextW
OemToCharA
DestroyIcon
MenuWindowProcW
RegisterHotKey
InvalidateRect
EnumDesktopWindows
CharToOemBuffW
BroadcastSystemMessageExW
GetWindowInfo
BringWindowToTop
CharPrevA
ChangeDisplaySettingsA
GetUpdateRgn
MessageBoxW
CreateDialogIndirectParamW
UnregisterDeviceNotification
GetSystemMetrics
OpenIcon
CheckRadioButton
ShowWindowAsync
CloseWindowStation
SendNotifyMessageA
IsIconic
SetCursorPos
GetMenuContextHelpId
SetFocus
EnumPropsExW
AppendMenuA
SetDlgItemInt
GetMenuItemID
GetWindowThreadProcessId
CharUpperBuffW
RemovePropW
SetCaretBlinkTime
UnregisterClassW
SetClassWord
GetMonitorInfoA
GetForegroundWindow
FillRect
GetTopWindow
SetProgmanWindow
GetAltTabInfoA
SetMenuItemInfoA
MenuItemFromPoint
ChangeMenuA
GetListBoxInfo
CharLowerA
CharToOemW
GetDC
CreateDialogParamW
SetProcessWindowStation
DrawCaptionTempA
EnumThreadWindows
DialogBoxParamA
GetClassLongA
CopyIcon
SetCursorContents
LockWindowUpdate
FindWindowExA
UnregisterClassA
DefFrameProcA
GetMenuState
GetDesktopWindow
SetSystemMenu
EnableWindow
CharToOemBuffA
CheckMenuItem
SetWindowsHookW
LoadStringA
DestroyAcceleratorTable
AttachThreadInput
RealGetWindowClassA
AdjustWindowRect
SetInternalWindowPos
DrawIcon
GetAncestor
GetUserObjectInformationA
RealGetWindowClassW
GetWindowWord
ClipCursor
DrawCaptionTempW
OpenWindowStationW
SetRect
ScrollWindow
GetDlgItemInt
SetPropA
LoadKeyboardLayoutW
ReleaseDC
CharPrevW
InvalidateRgn
IsDialogMessageW
GetWindowModuleFileNameA
CreateAcceleratorTableA
ValidateRgn
CloseWindow
ValidateRect
GetWindowDC
GetMenuStringA
SetCaretPos
GetWindowTextW
SetWindowWord
GetShellWindow

kernel32

GetConsoleFontInfo
SuspendThread
GetTapePosition
GetLargestConsoleWindowSize
GetLogicalDriveStringsA
SetFileValidData
GetProcessAffinityMask
GetPrivateProfileStructA
GetAtomNameW
SetVolumeMountPointA
Sleep
GetProcessPriorityBoost
GlobalAddAtomW
CreateThread
EnumTimeFormatsA
GetCurrentActCtx
LocalFlags
LoadResource
WriteFileEx
LocalHandle
OpenMutexA
CreateWaitableTimerW
ExpandEnvironmentStringsW
EndUpdateResourceA
QueryDosDeviceW
GetCPInfoExA
GetDiskFreeSpaceA
GetExitCodeProcess
CallNamedPipeW
CreateSocketHandle
lstrcmpiW
LCMapStringW
QueueUserWorkItem
WriteProfileStringW
EnumCalendarInfoW
RegisterWaitForInputIdle
GetTapeParameters
GetCommMask
SystemTimeToTzSpecificLocalTime
GetNamedPipeHandleStateA
WriteProfileStringA
GlobalUnWire
SetTimeZoneInformation
FindFirstVolumeW
MoveFileWithProgressW
GetNumberOfConsoleInputEvents
GetFileType
WriteTapemark
UnmapViewOfFile
lstrcmpW
RegisterWowExec
CreateEventW
GlobalSize
UpdateResourceA
FindResourceExW
WritePrivateProfileSectionA
ReadFile
Heap32ListNext
WideCharToMultiByte
FindAtomW
InterlockedDecrement
GetProcessTimes
TryEnterCriticalSection
QueryMemoryResourceNotification
SetFileApisToOEM
GetPrivateProfileSectionNamesW
GlobalWire
FillConsoleOutputCharacterA
InitializeCriticalSection
AddRefActCtx
GetNamedPipeInfo
DelayLoadFailureHook
SetSystemTime
GetTempPathA
SetCommTimeouts
GetModuleHandleExW
GetProfileIntA
SetFileShortNameW
GlobalGetAtomNameA
GetProcessHeap
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

PathAddExtensionA

comdlg32

CommDlgExtendedError
GetOpenFileNameW
ChooseColorW
ChooseFontA

oleaut32

VarUI2FromBool
GetVarConversionLocaleSetting
VarR4FromI2
VarI2FromDisp

winspool.drv

ADVANCEDSETUPDIALOG
AddMonitorW

gdi32

CreateBitmap
RemoveFontResourceW
GdiCleanCacheDC

version

GetFileVersionInfoSizeA

wtsapi32

WTSWaitSystemEvent
WTSEnumerateProcessesA
WTSVirtualChannelPurgeInput

ws2_32

gethostname
WSARecvDisconnect

comctl32

CreatePropertySheetPage
MenuHelp
ImageList_SetFlags
ImageList_SetIconSize

Exports

Exports

�'�B!?HG��Ȩz�<��͉iN��_�d�,xV��I�ќ}�% �z��M�Н�w�R9�rɮ� �̙e>�gMV�,!�(6��W� u/'�퓝�xv��sI�A�|j4��b^��D1��g�l��'��N�p8�P�L�Z`��1�-��Ȥtg��QG�� Q$~M��!ۇH��̝n�2Ia�IZl��/N:D�W��!��uQ�9��wQ0�Dy��-��[��Ue�W��k��V~q��2_��<gk��R��e��0J��o��ȑ��$�SC�wս�� (WHP��y�C��p>� D6��Ҽ�1e�%͉��XPMU�!��ڕZ ��?�P]6�N'��L2� �)�O�Ŏ��C�+��w8[y"FX=�x�d-�KL�-�Ҿ��9$�S��$rT�r��hL�p��1�0�WW�N�Ĵ��_��I!5� �8��/��e� �A �=��\�z�;[�sZ�.:��s��a �z0�� xu ��>�|��9��&�Kſ�6��Y>�+ɰZ��c#9t�M��2[�M��[E�Y�t#��{r�$��Օ^��<?qZ:��R��g�4o�VٍT�I� �A#�E\�sh3k2��댇��|� y�ȪѨ qn��?��U�ġ�Pxm��/�'�5c�I��9b@�Fl�ax��Zq��Ġx��%)��_nK��"Ɍ��-��$�&J��FDu��̞pf��v��3��13��~,1��˳ݘ�臯]k?~��Un�6u��Iq�r��c�2��D��S�ia�3� �[fSI)J��!w%�A�;�M��ɇ�|�H��e��V��6� �|��7cX:��0��,P�z|#��b��@��uo2��T]�H�]��n�,�� P%��6�06؊�q�FkT�B�`�,��,��a[z��2��6��;[%�z=%EdRݾ�rE�F��\��V=03 �ۮŊ��хy6�;��(��uX��k�V ��+^T]�(i&g��{^^�H��Bz�c(�vQŵ��MNg,EO�8�躭�DyҾ�� ݰ��A�ʊ�@��?g��9Ӆ��Y$ ��2uke��c�K��#��F�3o�~0��<T~��{��(ZhU�i��gжY��b.��ܫ*�W�?_�C��Xҽ7�2:��{��A��{U��e 3��t��]ǣVsi�^"�8K�g�4`P��U �ێ��P��7fx��9��{r.Vv��"+h�꤫��lH�I�3��Bs�r��Őd�G�Z}�` ns�ɶ��R��%��0v�@x�͠�,��;}�U��/X#�]�`��_��%s�B��:Z��3�r��6�w��ò�/#[��!b��Ѷn��p�۟�>��WLV��6t!��:��|B�;!��4m��ӣZE�O Mܦ�ԑ�h� e:�n�A�3쨴�-h��88N�D��p.|"�G�^��;4��d�OWlv�R/=׈��%hq\�d��5L��ErDT�P��FĒ�� (uA�`�j�~�G1�ޛ�E�\F��$��\��w��u��E��,�̬��,PeUB�>��o&R��+5�"� �턑),a�qm�T 8yB�*�q�rX��Eu88K��[�Z;F��j�D2&vO��-�-�2��m�� &+PcE%�DF�31��Ӓ�T�v��ROҎ�G^:/]%([��"_��%�g��L~��T�&%$��>E>��b,�5q��Rh̲�O��)rX2�L��K�m��7o&��jl��0��c�Ѯ��i�?^�6�'��9l��Y"Щ�/�":��[Ϲ��!��I��`Y��=��B*̚:�Ҁ�� k�WK��-��Z��h�X�v�}VJ��)�\؛�r�g�MNo��{��˘mX�� |��YKտ�r�I$�,�ju�ЈU��zd��Ƹ��}a�%14l�}FE㜄��[��S*��Y�� ?^��q��@��);��~��9��gqb9�yh��ǣ��D1�\�"x�(NBm2��!l�-�=a�do$*��-��%6#�¤��݋�0��"��0r&�N��2-�jWE�N��^��2��N��K,c1E��₤�� F��,R��Mյ��G"ܝ�p*6jH��m��6�L�c64a�~��L��9^mJ�˶��@�C��;FG;0I�)�4G��n�� $<gz�.��T�:q(q��M��1�}B��i��o�Q��(yw,�V��B^�7;}�{K*9��8E��Y�Xq�8IT��n?��e�%��_5O�r�{c c�6�8��؂#Sb�6n��0��-,�Ҫ+�3�H��㾘��S��51+�B��<ᗔ��g�� >X;�<7W 2ʹF��tɉd�I��*�y��)K��C7��,n9��9�ٕKӧ�䛝��u#�^l�Ki�d��?yT��?� ��/��<,��ݟ'��Q�>��b��#��SL��2� "!��[&E��yu�q��f�l��3D�(e��v��cbM��a-|7ЛO�k��2�AZC)<�{@��I�ox+| he�)X��ʓ#�n.<�z��6*�A��`Ȟ~W3'|cap�;>��w��_(��b��ܬ�F-�� fm��q��=:��&du�qO1��GdK nqi�$K�y�^΀��:��v_{F5�khm�Z Yϩ�WmG�<q��(��X6�i[pIT�FpBj�a�jEda>/��e㋲�� B��M��`^ ?��)�>�[��%k��Ž�1��2��O��@9�F6qHE�<6�K��F�I � X�2,��P�I�0��22��.��N

Sections

CODE
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d55323b5065376453d58c96e4acfec83

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2Certificate

Extended Key Usages

Key Usages

de:87:51:23:80:5c:aa:d1:15:f2:60:60:de:ec:be:03:11:a5:eb:4aSigner

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

comdlg32

oleaut32

winspool.drv

gdi32

version

wtsapi32

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 404KB - Virtual size: 404KB

DATA Size: 18KB - Virtual size: 18KB

BSS Size: - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.text0 Size: 17KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 72KB - Virtual size: 72KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

de:87:51:23:80:5c:aa:d1:15:f2:60:60:de:ec:be:03:11:a5:eb:4a
Signer

CODE
Size: 404KB - Virtual size: 404KB

DATA
Size: 18KB - Virtual size: 18KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.text0
Size: 17KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 72KB - Virtual size: 72KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB