04a53141344f20d0b842b87428467875

Sharing

Copy URL

Twitter E-mail

General

Target

04a53141344f20d0b842b87428467875
Size

605KB
MD5

04a53141344f20d0b842b87428467875
SHA1

416928fba8b91edd268642c90844681fe7f34c2e
SHA256

d1632d35d87cb0b24ee9eebd00f4542cac7a4a3f90f0706d9a5300df1e400eb5
SHA512

eccc40738d8728b0feca93779af14eea37cb876804321426bf40b832de15e779e4ea56ad773e0f10404503a63c131d46b40be4ef50013d765c387861d1c75974
SSDEEP

6144:nPtfapnX2DBkRuekI0NjCObY19Do97DmF5A7ep7ODQlMr1vkXl9Sq0yMX2YjcH+n:nMGDBcknfKUt0lMRM19SqXMmmceHzcM

Score

1^/10

Malware Config

Signatures

Files

04a53141344f20d0b842b87428467875
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

c1c185fd058fd4ca644b9030f2b2382e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/04/2015, 00:00

Not After

28/04/2016, 23:59

Subject

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:69:55:7a:a6:88:53:a5:76:a2:d7:5a:4e:1d:59:12:05:06:22:79
Signer

Actual PE Digest

3a:69:55:7a:a6:88:53:a5:76:a2:d7:5a:4e:1d:59:12:05:06:22:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

LockWindowUpdate
IsMenu
MonitorFromRect
OemToCharW
RealGetWindowClassW
CharToOemA
WaitForInputIdle
GetWindowThreadProcessId
PrintWindow
InvalidateRgn
GetMenuContextHelpId
DrawTextExW
MessageBoxW
SetCaretPos
LoadMenuW
ShowOwnedPopups
wsprintfW
GetMessageExtraInfo
EnumWindowStationsW
OemToCharA
CharUpperW
SetMenu
DrawFrame
DefDlgProcA
SendNotifyMessageA
RegisterClassW
BlockInput
MapVirtualKeyA
IsWindowUnicode
DrawEdge
GetDlgItemTextW
BroadcastSystemMessageW
SetWindowPlacement
SetDlgItemInt
InsertMenuItemA
LoadAcceleratorsA
OpenClipboard
LoadMenuIndirectA
IsDlgButtonChecked
FlashWindow
SetScrollPos
GetWindowModuleFileNameW
CharPrevW
DrawAnimatedRects
RemovePropW
DialogBoxIndirectParamW
RegisterClassA
MapVirtualKeyW
DlgDirListA
GetLastInputInfo
GetClassLongA
SetClipboardViewer
FillRect
ShowCaret
CloseWindow
CreateAcceleratorTableA
DialogBoxParamW
MonitorFromWindow
ChangeMenuA
SetMenuItemBitmaps
LoadCursorFromFileA
CreateMDIWindowW
CheckDlgButton
CreateIcon
DestroyAcceleratorTable
SetClipboardData
PostMessageA
TabbedTextOutW
GetAncestor
DlgDirSelectExA
GetClassInfoA
GrayStringW
IsWindowEnabled
EnableMenuItem
CheckMenuItem
LoadStringA
SetLayeredWindowAttributes
RegisterWindowMessageW
GetUserObjectInformationA
CharToOemBuffW
IsHungAppWindow
GetWindowWord
GetWindowContextHelpId
GetMenuItemInfoW
DrawIconEx
DragDetect
CharNextA
DispatchMessageA
SetWindowWord
GetWindowTextW
SetCaretPos
CharNextW

kernel32

LCMapStringW
PrepareTape
GetDiskFreeSpaceExW
CompareFileTime
GetCurrentActCtx
SetComPlusPackageInstallStatus
DefineDosDeviceA
QueryMemoryResourceNotification
HeapUnlock
GlobalDeleteAtom
GetUserGeoID
EnumLanguageGroupLocalesA
GetDriveTypeW
SetVolumeLabelA
FlushConsoleInputBuffer
GetFullPathNameA
AddConsoleAliasA
WriteConsoleInputW
WaitForDebugEvent
MoveFileW
GetPrivateProfileIntA
RtlUnwind
lstrcpyW
CancelIo
GetFileAttributesA
lstrcmpiA
GetNamedPipeHandleStateW
CreateJobSet
OutputDebugStringW
VirtualQueryEx
CreateProcessA
GetThreadLocale
WriteConsoleOutputCharacterW
GetWriteWatch
SetFileShortNameW
SetComputerNameW
GetConsoleKeyboardLayoutNameA
ShowConsoleCursor
EraseTape
GetStringTypeA
LZOpenFileW
GetLargestConsoleWindowSize
GetLastError
ConvertDefaultLocale
GetProcessHeap
GetVersion
TzSpecificLocalTimeToSystemTime
EndUpdateResourceA
VirtualQuery
LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

PageSetupDlgA

oleaut32

VarBstrFromUI8

winspool.drv

GetFormW

gdi32

AnyLinkedFonts

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAGetOverlappedResult
WSAGetQOSByName

comctl32

DllGetVersion
ImageList_DragShowNolock
ImageList_BeginDrag

Exports

Exports

Z��V�R �S�#̭��@�+�3]�tW��ʉ�.��& W]�/��=Ǽ�=��'{�� S6~�ƴm��m�b��D̈́��20��X%Ou˵�?�7�HB�7.��T⇰��2�:m�OP��QO1M�DfW��nv��j�u"c�7n��̣8Yǝ��Y ��uI%|7�T�T��S�P�=� ��`G�ԂVU��؄�K�N�_l��y� �� S��[�c�V�^��L@��v�gI6s��]��W�0� =��g�X�^��w�]Bdg� n|Ey}��r��a�|�y��a*��+�R��N��쨅 P;~&*��"a�GmR��V��zoG�]��tCv�a&��.!��f�OʋUu��R~T��8+َsئ��^��<��<D�ᝠ#~�+��׷2��A�D J��pvM��y�(sN�iOͬ{�z��P�d�W��8�}� >��o��pl ��S=�� ZY#>>Xj�r�O�>sن+N��'��z��ی_��;��T�ͪ^��s��B]�K�n�=$nu�u��7��')�"�H�ާ�h�D8�g�� f��V��n�օ��񾟾��_�iX-�w��<-]��ٟ��=끏�5p��P ڿ�7�\D��K~��҂�Me_�V�I^ݡA��k�P2��g��KJy�5�U4�4b"�i�õt��ۂ��Y��K��ySLD�Ll��eޖM1��쑥�9��!e��B?u�>�/��\%=#��;m_[BB�53rn<��O��$�i�@T�?��l8��U��W3�d3��Ap5�S[1H�(�ZVb�7��|;��.P��q�/p�Y?��瘌m�~]��GϸAZq'&W�e�o�}��1�_g�/��P��lgiRm&��_;�=��'�Z�k��ܪ��cN��rف��JIŞ��,@�:u[��B�;iW��?_��U��!#K�~�^S�OZÐ��z��R�:��lSZ-�,�P��N��86�#&��\�4��Ҧ��Ժ��G�[��i+��ߔ[|�;��{8�T�|�v�$0�L�}�&�� 5�;��Uq��ߥf ��Z5�-�=��'�I�O�s`�Ēt��T�rf'��f+�=��I��#�%�#�[�,�� M�r�B��"��W-p�E��]G��6�#4�}��X�Zc��9�E~E��қ��6�t�2*�!^ɔ9%>�-\`��l��4u;��s�%`\$N�YD�Gl�%QU�'��t2d��L=��M�*�`��!? H��A��ș�X�Q��f9��a{%��3%��I͘�G�� Eђ~@]D�+-ŵ�<ǭ��Ap^��a��8λd�:��@�"T��`uA�pJ�!��"[�5�h��ҤR�!"�1@cSۨM�e� ��)��(�DH� ��`��{{:��a �0�:��j��G�Mt�t��\��с�p�D��+��rN��>�-�񺋳)TaA��-}�N�@�Խ�m�V��p*�Dozi�k�1�c�b8;�5�~�ۖ*9Q�[M��~��ؤ��\��O�uPg�}XF��*�=$��(C%.�3�FR��s^�l5��Uh��k�K��9�D|z�*�VV�,!��8y�#��>�3��vA�Jh�r��܊RJ�%��)V�X��a�v��()Y�i8%z{қ��*�^C��i@�0�C��;і^A?6x�#�G��6��(OV�;=��-�a'�,et��Ϳ�Z�{��:k�n.��U�B7H��K��앋��^Z��Y F#W��K�m�uy�O�\YL��SzTMN�=M^&�ṺB�tW�h�<q3n��%Z�C�Y^1�H �9��g.V$��3�a%|�Dd��q��=��c`��1"R��|�d��0k�R�96p'<��vj9"h�m��A��hB�0R�;�9a=� ��ϳ�)�r� IB*:tEs��V�^��@�X��4I��]� ��8�(��WP�h+�Up��\#@� �5�R�F�1�BJ`%|�z~6�(M��o��dE��E4��ℷ8��0��(��ǎ�TK�KJ�vr��CR��i#�#ø��H� ��_��-{R��|�i�7��>��<�FP1O>Նo�C��=!G�/��+J� V%�>ͯ�>�_�u��׎hU\N�{�4��c��us�{�N��4yê�Q�� e�Ńc��6��htD��<�:��F��F_�/#P��#�v�C��Q4��{ ��W��߳��ʜ��:��H�wK��?';��4��Y�`�_��4~EƑ��}7@fxK�� Sjvv4#e��q��o]��?$,��ݠNr��9��@��B$u��+b�!CD��Rҳ��g��$DN'�B`��i5��S�JX��NB�nrOR�|ܩ��`%��xTˀ��ɺ�d�Mww��>sl��q$��/a�uo+�{�)Gݧ'-h �W��<��v6�$�#,Թ�A&Sq�Y��JC�=n#ʓ�%-�4��lL{+�X\z��H;� ��~*:m�ˉWlP�nq��7o��GIlU0�3��~ZTX��R:�5t�Tt�لW�;�?�Ԕ�'oB<��_��,Udd��x�|��\7�X��SWa��u�x�>-�ɰX+x�cL�� ~ ��\��P��柍�:��!��o7��J� ��gRe��b��Cc\��$�@��:`�ɰuq�.�$�]?��w��#V�J��D�g'}�˅ ��'�� ,�T�Z��X�b��=EYO[o��&�ф>rxo,��`oPn�T�)�Y�Ʉ 2&��c��[}j��J��

Sections

CODE
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1c185fd058fd4ca644b9030f2b2382e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:deCertificate

Extended Key Usages

Key Usages

3a:69:55:7a:a6:88:53:a5:76:a2:d7:5a:4e:1d:59:12:05:06:22:79Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

winspool.drv

gdi32

version

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 439KB - Virtual size: 439KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.text0 Size: 15KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 61KB - Virtual size: 61KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

3a:69:55:7a:a6:88:53:a5:76:a2:d7:5a:4e:1d:59:12:05:06:22:79
Signer

CODE
Size: 439KB - Virtual size: 439KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.text0
Size: 15KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 61KB - Virtual size: 61KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 53KB - Virtual size: 53KB