048bd67b58806117394040b97bc8c66c

Sharing

Copy URL Twitter E-mail

General

Target

048bd67b58806117394040b97bc8c66c
Size

348KB
MD5

048bd67b58806117394040b97bc8c66c
SHA1

a6e0213e99d16f6d3a4b2067415b970ec9e8aaab
SHA256

0dc681a04fa94e14f29c655affbd983a0f1a925226f1e20f7f5bbcb48db322e6
SHA512

8a4b56b1554b4d1167523988d4b36aab1bdfa14785d29d5a68e2fd02d49bb68811bb55fca49d1ded8b8c89db5ba0d5fd9cc3256a70aaf9d7649c060bc5694ddb
SSDEEP

6144:fgLBP8kttZzCza+DHEeOHFEyV+/T3u+ucgOVAB9IWzeBkNoJQTiKSXVdR:fOD9CzaefOv4zu++LBNWQkVdR

Score

1^/10

Malware Config

Signatures

Files

048bd67b58806117394040b97bc8c66c
.exe windows:4 windows x86 arch:x86

83425734cc4065c39ebf906b6586e96a

Code Sign

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24/10/2007, 22:01

Not After

24/10/2017, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bb
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/11/2014, 00:09

Not After

31/10/2016, 17:47

Subject

CN=ООО ”БАНДЛ” - Bundle LLC,O=ООО ”БАНДЛ” - Bundle LLC,L=Saint-Petersburg,ST=Saint Petersburg City,C=RU,1.2.840.113549.1.9.1=#0c16696e666f40696e7374616c6c62756e646c652e636f6d,2.5.4.13=#1310345173635459644f79754e45624e586d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5d:d9:1d:14:11:55:80:e7:fe:41:9b:c7:d1:d3:7a:64:9d:63:93:59
Signer

Actual PE Digest

5d:d9:1d:14:11:55:80:e7:fe:41:9b:c7:d1:d3:7a:64:9d:63:93:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetTopWindow
GetClassInfoA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DestroyWindow
DefWindowProcA

kernel32

HeapCreate
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetFileType
GetTempFileNameA
RemoveDirectoryA
GetCommandLineA
SetFileTime
GetSystemPowerStatus
WinExec
GetCurrentProcess
UnlockFile
CreateFileA
GetModuleHandleA
HeapAlloc
GetStartupInfoA
GetVersion
ExitProcess
HeapDestroy
GetStringTypeW
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle

Sections

.text
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83425734cc4065c39ebf906b6586e96a

Code Sign

24Certificate

Key Usages

10:bbCertificate

Extended Key Usages

Key Usages

5d:d9:1d:14:11:55:80:e7:fe:41:9b:c7:d1:d3:7a:64:9d:63:93:59Signer

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 316KB - Virtual size: 313KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 6KB

24
Certificate

10:bb
Certificate

5d:d9:1d:14:11:55:80:e7:fe:41:9b:c7:d1:d3:7a:64:9d:63:93:59
Signer

.text
Size: 316KB - Virtual size: 313KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 6KB