11344325b0e0126f35b170fc2fbaa4bc

Sharing

Copy URL

Twitter E-mail

General

Target

11344325b0e0126f35b170fc2fbaa4bc
Size

606KB
MD5

11344325b0e0126f35b170fc2fbaa4bc
SHA1

2170ede9f08ef2abf1d669b8bc5d8c978aaa1b4d
SHA256

10a176f12611bbbf211c82cf674883527f981028e12234b82819073b1244d95b
SHA512

e5382a4f8ef9392b8f6abbf5feec517e943b2d804d87fe0bced87943f7fbd02d6350f760ee3c990e4433219fab2f41ffd33b604f0d3f7d8d55bb8afb2fcc2b68
SSDEEP

12288:v7vgHZvpwJWlYI3u4uy/ouC8SLneo6NjMrk:Lg5xU23u4UgSzZ6ik

Score

1^/10

Malware Config

Signatures

Files

11344325b0e0126f35b170fc2fbaa4bc
.exe windows:4 windows x86 arch:x86

476fc2ef6ec925388fce10bb6fc86300

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2015 00:00

Not After

24-05-2016 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:32:29:38:6d:ef:77:30:05:3d:e8:a5:15:7e:43:fd:36:fc:e5:1b
Signer

Actual PE Digest

7e:32:29:38:6d:ef:77:30:05:3d:e8:a5:15:7e:43:fd:36:fc:e5:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DragObject
BringWindowToTop
EmptyClipboard
OemToCharA
RegisterDeviceNotificationA
SetClipboardData
WaitMessage
ToUnicode
MoveWindow
GetKeyState
SendMessageCallbackW
GetGuiResources
GetWindowTextLengthW
SetWindowPos
GetClientRect
IsCharUpperW
CreateMDIWindowW
LoadKeyboardLayoutW
GetMenuBarInfo
SetClassLongW
ShowWindowAsync
GetCapture
DrawTextExA
wsprintfW
IsMenu
GetKeyboardLayoutNameW
UnloadKeyboardLayout
LoadCursorFromFileW
AdjustWindowRectEx
SetMenuItemInfoW
DefFrameProcA
GetWindowThreadProcessId
MessageBoxTimeoutA
GetMessageW
EnumDisplaySettingsA
CopyAcceleratorTableW
GetClipboardFormatNameW
SubtractRect
SendMessageTimeoutA
OemToCharBuffA
RegisterClipboardFormatW
DrawIcon
SetMenuInfo
CreateCursor
ShowCaret
LoadStringW
LoadCursorA
SetClassLongA
GetTabbedTextExtentW
GetAncestor
UnhookWindowsHook
GetClassInfoExA
LoadCursorFromFileA
GetListBoxInfo
ShowOwnedPopups
EnumDesktopsA
DefDlgProcA
SystemParametersInfoW
DlgDirListA
SystemParametersInfoA
FindWindowA
MessageBoxTimeoutW
PeekMessageA
HideCaret
MessageBoxIndirectA
GetKeyboardLayoutNameA
CloseDesktop
GetUserObjectInformationA
ActivateKeyboardLayout
OpenInputDesktop
ModifyMenuA
PostThreadMessageA
GetKeyboardState
SetDlgItemTextA
GetMenuItemInfoW
RealGetWindowClassW
GetUpdateRgn
IsDialogMessageW
UnregisterHotKey
GetMonitorInfoA
GetWindowWord
GetCursorPos
FindWindowW
IsWindow
EqualRect
EnumThreadWindows
IsDlgButtonChecked
GetMessagePos
EnumDesktopsW
CreateDialogIndirectParamA
UpdateWindow
GetClipboardFormatNameA
BroadcastSystemMessageExA
InsertMenuW
BroadcastSystemMessageExW
GetSystemMetrics
TranslateMessageEx
GetScrollInfo
GetMessageTime
MessageBoxA
IsCharAlphaNumericA
OpenWindowStationA
SetCaretPos
GetWindowTextA
GetWindowWord

kernel32

SetFileApisToANSI
CreateProcessW
lstrcmpiA
SetErrorMode
ReplaceFile
IsBadStringPtrW
AddAtomA
EnumResourceNamesW
HeapReAlloc
GetCalendarInfoA
FindFirstFileExA
SetFileShortNameW
VerLanguageNameW
SetFileApisToOEM
ClearCommError
CloseProfileUserMapping
CancelIo
GetLargestConsoleWindowSize
SetComputerNameA
CreateDirectoryA
GetPrivateProfileIntA
WinExec
GetThreadContext
GetFileInformationByHandle
ReadConsoleOutputCharacterA
GetModuleHandleExW
GetConsoleCursorInfo
GetPrivateProfileStringA
ClearCommBreak
GetEnvironmentStrings
RemoveDirectoryA
WaitNamedPipeW
GetStringTypeExA
SetEnvironmentVariableA
LZInit
CompareStringA
Heap32First
BuildCommDCBAndTimeoutsW
CreateProcessInternalW
FileTimeToLocalFileTime
WriteConsoleOutputA
ScrollConsoleScreenBufferA
OpenEventW
FindClose
GetDiskFreeSpaceExA
ConnectNamedPipe
EnumSystemLanguageGroupsA
WaitForSingleObject
CreateTimerQueue
MapUserPhysicalPages
GetOEMCP
GetProfileIntA
FlushConsoleInputBuffer
GetNamedPipeHandleStateA
GetThreadSelectorEntry
LocalSize
GetStringTypeA
GetTimeFormatA
CreateFileA
GetProcessTimes
ConvertDefaultLocale
GetConsoleKeyboardLayoutNameA
PulseEvent
FindFirstVolumeMountPointW
lstrcpyn
lstrcpyW
QueryDosDeviceW
ExpandEnvironmentStringsW
WaitForMultipleObjectsEx
GetConsoleFontInfo
GetDriveTypeA
GetTimeZoneInformation
FindFirstChangeNotificationA
GetACP
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextW
PageSetupDlgW
ChooseFontW

shell32

ShellExec_RunDLL
InternalExtractIconListA

Exports

Exports

�B��$��~��'�=�#`wٝ@�U��WC0MX�b�sda�0��K�w��ϴ�݋�aӉ5��@�)c|1Q�Ģ�W�q1bȪ�T0>%��#Z��f4�[��"��Ι��[��PE�*��=y��GF��[u�z � ��a�x��vʙ�q��P�1A�=��I�.�1i��f�q67Մ�u�� I#�m��}N��g�tu�Ļ��5�@�w] ](��8�{��D� ��wg ��u] �͑;��y�'�iG�} ��QB��t�}�ާG�lݫ��*Eʩ�Y�Ҋ��+�b��-r��_��)h H��=&��)��S�<�$��s�v��bs��E��X��&��U��s��A�W��[Gʔ^.;�M-J�<�ج��Z6��ȕ&g��J�:��sY��D 6�)d6�n-U9��L��@_D��e|��C�]��n�y H3FҠ�b��L��kL�˨��:s��"�p�%�o[��]��1G��,��ܒ��zn��'�-A򎤽~�O�p�kp�Ʌ�xp��+XA'x)��C��~��*D�J�2aCi��s�~�� X�R�`TTs��9o�C�u�= *�i�;�)r5�%��Lܺ�S�F�8. ��'�s&DN�*RR��fN��KԳ�sk눢Bbw`��;�3hNW�Gn_n��=N�$�# �>�x�,��g^�'q��\QQ��z�nEх�M��/�-K�O��}3?��8��4w��/�\t-�[n�{��$�T�$ @I�D��#( ��܏��깰?�� ڢ�bl�!�1�'�,�P&`G��^��D�w[ú4V�j��ꮢ��!��*t�$� Kו��H}�?�<i��YTv(`��=y=B�� 1�z x��p)��Srh��q�X�3�E$��"��Fr��J%V��'O ��_>h�s�qE��+��/�`��"C��T�)��y�q!nc>�4�oc(�= �Fn� �ᩬhw>��/?� ��<|�*�H�,;��_W�o�hqx�t�NW��C��ըp��S�ǭWo�a[ �"�Y�Q�"��R�i�c�,�b��ل��j��a;A e�%�W$�y��إ��Ū�~\��nc"�2�D��CLeP \e�ݤB�� J_uE��n��F.LB��̓�k:�U�0?��aƭͣ�yE��ܜ��V0�zO�`0�U ��U��)��ݾc^��<k�L�{��b��ڹ�'�;�{0(��U��k�p`$��]�M�ѕ�.sg㋇�p�$�ʔ��_!3�^CQg׬�2�3�3�wB��)7;�6K n��X�:s=��`�*�(@��X�1ӷ��8��m��ۏ��A-�z��`GS��rp�WU=C�d�m��ύe*�"�7X��E0��ʰ�g61=;��:F䁱��`Y��`[sl�ļT�#��a�Z3�\ׁ��nQ�-�G��&�AI!w��w!�j�_��DcW@�9�??�s� �Չt�,��o;��>��[��1��I�-R��%�ƟY�?3].�e�䌗n۝B�+��&��_��kt��Kq�7TQM��g��싵(��P��`��lzьy�j��St��9wif|o��[�Vl��Ƴ�V�-�g��l��n>(��sΟ\�T�aǪͮ?��W��m=�7,�/A8�]>(Zzg��bQ��U��aR�Q�N��i��*(�� Pw�u��`�� `c�s��x�BL�#ض��|� NQ��x(��a��V��O �7i��I�j�T��p0r#�# U�u:��Qi'\y��Sڢ��> z|�w��n� ��"�,|�w�3�L:;@V�O�IR'K�.�h��'@��3 8n8��veEZ��n��gUdq�1�12�~t��y��&��u�%��Z��=e ��qU_�s�iL��2�3J:��Q�:�t��a�<��[��I,6@A�?��XҞ؁D�S�e��>��Bl��Gb�9�Y�|ˮ"��.��%u��o�Z�&�@�w�+�k��!�λL��%ޣ�p�qv&��˵��R�rs��?m*Fﷸd��*��[DC��)�=��){��U��zxz�8��P V�{'�"��<'��O�D�F�i��L��Y�us��v��sk��κ�G��V)9��G4q9�wG1�o�M�Y�:� ��q��*�u=��j�`ΐ`�n��%��x~h'��P(�~uJ�>�I!+h��DAkU��K�S��,��_�4��?�Dhy~gv�J/��V辳4��i0ٵ�%��c��Ғ/@B6e"e5-��)M��Jq��]��`��0�$ή�\��6�0��|�9ѯ�C|�M0��8ߛ�E��$vɁf�m5��kbr�|S/u1��F5��S��0:��_U��(��Z��+��f��9�z�R[n�'�$��,K.�|=>?1��F�M��Fg��u�T��kt� -)�$�c�Z�V�,��->�O�%�Մ��OB�c|+�� X�8��A��n[�4䔏�]�ɄOEg��^�^Q��"��1/ZvLS��ٰ�6��,�l΁�w@�E �'��Z�ia�$t�ҕb0��bĳĞ�*�pU��sG�}>8��ٚhrvQ4��k��0�<��w�Aq-�9�%5=��mgz��ᆟ��C�S[J�Ύ�P;M�$h��l�\��]�� 'BY�I m<&قsi^�ЫK�Vb�NTW�N��Fzh�k��X��o�_�6)��y��ue/��R;t�ز s��09?�W��NЏl��{�FVE��=�Y�f~��LP��%Y;$��j˽3.��3��

Sections

CODE
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 821B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

476fc2ef6ec925388fce10bb6fc86300

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

7e:32:29:38:6d:ef:77:30:05:3d:e8:a5:15:7e:43:fd:36:fc:e5:1bSigner

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

shell32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 440KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 821B

.idata Size: 5KB - Virtual size: 4KB

.text0 Size: 18KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 60KB - Virtual size: 60KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

7e:32:29:38:6d:ef:77:30:05:3d:e8:a5:15:7e:43:fd:36:fc:e5:1b
Signer

CODE
Size: 441KB - Virtual size: 440KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 821B

.idata
Size: 5KB - Virtual size: 4KB

.text0
Size: 18KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 60KB - Virtual size: 60KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB