1bb52117917bc4b2e7de50af52887c50

Sharing

Copy URL Twitter E-mail

General

Target

1bb52117917bc4b2e7de50af52887c50
Size

369KB
MD5

1bb52117917bc4b2e7de50af52887c50
SHA1

1f2cbb2d8c687768b45edba6c35e9aea76b5bd72
SHA256

1381cc049ed0f3ec0abb31359de29989c8d9b498c9511f9c697eae5ccbf17733
SHA512

36a46ecc16c33d7df62d880c5b5862784a0a92db30f8dbfa17f393bd69920575de421f42153fe4470f7c591f55123543d820a04f3a93902c5d7b05a7b7b895b2
SSDEEP

6144:XAotfzF7IVK+3Rrh69U6ZWEq+taSe5Pjha8SNXEJhkA7qjh6sdpNu4qqB0S1:Xvl2V/3RrYPq+ItPjg8SiJhkA7qjh6sj

Score

1^/10

Malware Config

Signatures

Files

1bb52117917bc4b2e7de50af52887c50
.exe windows:4 windows x86 arch:x86

b110f57e0507e4c4c8b7ac4b0c05a5b0

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:a6:9e:72:e3:8a:fe:48
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

08/12/2015, 18:56

Not After

08/12/2016, 18:56

Subject

CN=Super Click Interactive,O=Super Click Interactive,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:46:a4:86:ac:c6:8a:b2:dd:ab:82:43:29:f7:e3:0f:38:eb:8e:61
Signer

Actual PE Digest

80:46:a4:86:ac:c6:8a:b2:dd:ab:82:43:29:f7:e3:0f:38:eb:8e:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

crypt32

CertCloseStore
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CryptQueryObject

imagehlp

CheckSumMappedFile
MapAndLoad
UnMapAndLoad

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
EnterCriticalSection
EnumCalendarInfoA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceExA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetTempPathA
GetThreadLocale
GetThreadPriority
GetTickCount
GetUserDefaultLCID
GetVersionExA
GetWindowsDirectoryA
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MoveFileA
MoveFileW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadProcessMemory
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpA

ole32

CoCreateInstance

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

shell32

ShellExecuteExA

user32

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharUpperBuffW
GetSystemMetrics
MessageBeep
MessageBoxA
WaitForInputIdle

Sections

.text
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b110f57e0507e4c4c8b7ac4b0c05a5b0

Code Sign

1b:e7:15Certificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

62:a6:9e:72:e3:8a:fe:48Certificate

Extended Key Usages

Key Usages

80:46:a4:86:ac:c6:8a:b2:dd:ab:82:43:29:f7:e3:0f:38:eb:8e:61Signer

Headers

File Characteristics

Imports

crypt32

imagehlp

kernel32

ole32

oleaut32

shell32

user32

Sections

.text Size: 291KB - Virtual size: 290KB

.data Size: 60KB - Virtual size: 59KB

.bss Size: - Virtual size: 12KB

.CRT Size: 512B - Virtual size: 4B

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

1b:e7:15
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

07
Certificate

62:a6:9e:72:e3:8a:fe:48
Certificate

80:46:a4:86:ac:c6:8a:b2:dd:ab:82:43:29:f7:e3:0f:38:eb:8e:61
Signer

.text
Size: 291KB - Virtual size: 290KB

.data
Size: 60KB - Virtual size: 59KB

.bss
Size: - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 4B

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB