0240316967cadee54a6f345fea1d27cf

Sharing

Copy URL Twitter E-mail

General

Target

0240316967cadee54a6f345fea1d27cf
Size

40KB
MD5

0240316967cadee54a6f345fea1d27cf
SHA1

acfe6d5a213456e8d0fca32ff518ba3f9ed2fdbb
SHA256

8711146400a6e64ed54510ab7be3f92ec295d6e0866e9491a12bf28e8a0673e7
SHA512

47a2298b76774a1c031f6bedf282ba719b1d782dc6b4be1822f6ed6a1939108ee0cb0d51111d4f33134c4b91261e3b63ccc1739117ccb01e24d45cd177a6a18d
SSDEEP

768:McxnGYWa9wSMuNQizZu/J8vh7OxzE4jU5gN6crbvKSuXX:McxnZp2uNVu/JMKzmwHvKhH

Score

1^/10

Malware Config

Signatures

Files

0240316967cadee54a6f345fea1d27cf
.exe windows:5 windows x86 arch:x86

8dc5a524dfb69798a10095e3d787bd53

Code Sign

47:9a:d6:f3:08:4e:97:9a:44:d0:c9:91:9f:44:b9:5f
Certificate

Issuer

CN=W15z7HA02mlISbGVx5jdFSA6F

Not Before

27/04/2012, 05:07

Not After

31/12/2039, 23:59

Subject

CN=W15z7HA02mlISbGVx5jdFSA6F

Extended Key Usages

ExtKeyUsageCodeSigning

60:89:d5:e4:28:20:ed:bc:07:62:cb:5f:49:0f:43:4d:e7:e1:a3:5e
Signer

Actual PE Digest

60:89:d5:e4:28:20:ed:bc:07:62:cb:5f:49:0f:43:4d:e7:e1:a3:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
AddAtomA
BindIoCompletionCallback
CallNamedPipeW
CreateFileMappingA
DeleteTimerQueue
FindNextFileA
FreeResource
GetConsoleAliasExesW
GetConsoleAliasesA
GetLocaleInfoW
GetPrivateProfileSectionNamesW
GetThreadContext
lstrcatA
InterlockedIncrement
Module32First
PeekConsoleInputA
ReadConsoleA
SetCommState
SetProcessPriorityBoost
WaitForDebugEvent
WaitForSingleObject
WideCharToMultiByte
WriteProfileStringW
_lwrite
lstrcatW
CreateFileA
GlobalGetAtomNameA
VirtualAllocEx

advapi32

RegOpenKeyW
RegCloseKey

shlwapi

AssocCreate
AssocQueryStringByKeyA
ChrCmpIA
ChrCmpIW
ColorRGBToHLS
HashData
IntlStrEqWorkerA
IntlStrEqWorkerW
PathAddBackslashA
PathAddBackslashW
PathAppendA
PathCanonicalizeA
PathCombineA
PathCommonPrefixW
PathCompactPathExA
PathCompactPathExW
PathCreateFromUrlA
PathCreateFromUrlW
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindNextComponentA
PathFindNextComponentW
PathFindOnPathA
PathFindOnPathW
PathFindSuffixArrayW
PathGetArgsA
PathGetCharTypeA
PathGetDriveNumberW
PathIsContentTypeA
PathIsDirectoryA
PathIsDirectoryEmptyW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsRelativeW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCW
PathIsURLW
PathMatchSpecA
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathSearchAndQualifyW
PathSetDlgItemPathA
PathSetDlgItemPathW
PathStripPathA
PathStripToRootA
PathUnExpandEnvStringsA
PathUndecorateW
PathUnmakeSystemFolderA
PathUnmakeSystemFolderW
PathUnquoteSpacesA
SHDeleteEmptyKeyW
SHDeleteValueW
SHGetInverseCMAP
SHIsLowMemoryMachine
SHOpenRegStream2A
SHOpenRegStreamA
SHOpenRegStreamW
SHQueryInfoKeyW
SHQueryValueExW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHRegDeleteEmptyUSKeyA
SHRegDeleteUSValueA
SHRegEnumUSKeyA
SHRegEnumUSValueW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetPathA
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyA
SHRegQueryInfoUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetPathA
SHRegSetUSValueA
SHRegSetUSValueW
SHSetThreadRef
StrCSpnA
StrCatBuffA
StrCatBuffW
StrCatW
StrChrA
StrCmpIW
StrCmpNIA
StrCmpNIW
StrCmpNW
StrFormatByteSize64A
StrFormatKBSizeA
StrPBrkA
StrRChrIW
StrRStrIW
StrRetToStrW
StrStrA
StrStrIW
UrlApplySchemeW
UrlCombineW
UrlCreateFromPathW
UrlEscapeA
UrlEscapeW
UrlGetLocationA
UrlIsNoHistoryA
UrlIsNoHistoryW
UrlIsOpaqueW
UrlUnescapeW
wvnsprintfA

Sections

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dc5a524dfb69798a10095e3d787bd53

Code Sign

47:9a:d6:f3:08:4e:97:9a:44:d0:c9:91:9f:44:b9:5fCertificate

Extended Key Usages

60:89:d5:e4:28:20:ed:bc:07:62:cb:5f:49:0f:43:4d:e7:e1:a3:5eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 25KB - Virtual size: 25KB

.rsrc Size: 7KB - Virtual size: 6KB

47:9a:d6:f3:08:4e:97:9a:44:d0:c9:91:9f:44:b9:5f
Certificate

60:89:d5:e4:28:20:ed:bc:07:62:cb:5f:49:0f:43:4d:e7:e1:a3:5e
Signer

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 7KB - Virtual size: 6KB