1f6a1932bcc5565d3f252d2c607ae9f0

Sharing

Copy URL

Twitter E-mail

General

Target

1f6a1932bcc5565d3f252d2c607ae9f0
Size

525KB
MD5

1f6a1932bcc5565d3f252d2c607ae9f0
SHA1

8a524bab68c84971ab6cf1af0167cbfa69fa5ef4
SHA256

e57929289a3b02ed8b9a0a99448557607143d8a79b6a30c611a539a0b0e6cc67
SHA512

6dc998c99e93353cfbce3789fd8e433ed6a4f79c9bc27a43767c6af2cbb68d320640dfc0beae60580401e6e0635e120b562f54e1f5e4647f884a54b7ff028b32
SSDEEP

12288:Rttb3HMwxd0ApF1KfYe1hyszRSKm+9p8nNIue2JAQ8qvnlVdK:RtuEeEF1KVhyszRzmY8S2J1nvdK

Score

1^/10

Malware Config

Signatures

Files

1f6a1932bcc5565d3f252d2c607ae9f0
.exe windows:4 windows x86 arch:x86

35cc059b3cb64b5c23988281567b0da8

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

12-12-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6d:5b:6b:90:75:c8:7d:38:b5:73:75:ce:d5:95:53:47
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

27-12-2001 00:00

Not After

21-12-2002 23:59

Subject

CN=Excite Network\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Excite Network\, Inc.,L=Irvington,ST=NY,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
Sleep
LockResource
LoadResource
SizeofResource
FindResourceA
FreeLibrary
GetProcAddress
LoadLibraryExA
lstrcmpiA
DeleteFileA
CopyFileA
TerminateProcess
WaitForSingleObject
OpenProcess
lstrcmpA
SetFileAttributesA
GetModuleFileNameA
CreateDirectoryA
lstrlenA
GetShortPathNameA
GetModuleHandleA
MultiByteToWideChar
GetStartupInfoA
ExitProcess
GetCommandLineA
GetVersionExA
GetLastError
GetWindowsDirectoryA
GetCurrentDirectoryA
OpenFile
RemoveDirectoryA
ResetEvent
SetEvent
ReleaseMutex
MapViewOfFile
CreateFileMappingA
CreateMutexA
UnmapViewOfFile
WaitForMultipleObjects
lstrcpyA
SetCurrentDirectoryA
EnumResourceNamesA
lstrcatA
CreateProcessA
WritePrivateProfileStringA
CreateEventA

user32

wsprintfA
MessageBoxA
CharNextA
EnumWindows
SendMessageA
GetWindowTextA
GetWindowThreadProcessId
GetClassLongA
GetKeyboardType

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoInitialize
CoUninitialize

lz32

LZOpenFileA
LZCopy
LZClose

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35cc059b3cb64b5c23988281567b0da8

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75Certificate

Extended Key Usages

Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

6d:5b:6b:90:75:c8:7d:38:b5:73:75:ce:d5:95:53:47Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

lz32

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 956B

.rsrc Size: 500KB - Virtual size: 496KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

6d:5b:6b:90:75:c8:7d:38:b5:73:75:ce:d5:95:53:47
Certificate

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 956B

.rsrc
Size: 500KB - Virtual size: 496KB