11516c341b8d565499e7a25ee252412f

Sharing

Copy URL

Twitter E-mail

General

Target

11516c341b8d565499e7a25ee252412f
Size

26KB
MD5

11516c341b8d565499e7a25ee252412f
SHA1

42bb4d719ae5efb2b45a9af76b2623a6a54a7a20
SHA256

34d35d78a513cc9522eee6a943d5203d5fd18fb4ee5a61af067a6d26c8328184
SHA512

68566964ce5c62ad8348be30a7b24cae0609c0459ea45c932426e6321be1af18cbf92835f9131c108b9ad68b10958dcdc3a35227f4d4cd710439401ebd9e96a8
SSDEEP

384:YHfPivHaERLcuxNrtNBDwHJ88pYw4KPVdFxvhh4WWieZW:yfPELRRxNrdwDzdnvhhde

Score

1^/10

Malware Config

Signatures

Files

11516c341b8d565499e7a25ee252412f
.exe windows:5 windows x86 arch:x86

5cf5aa9c487cdbbe4e880187a6926345

Code Sign

1f:94:ed:d6:61:61:a7:bb:49:21:58:0f:bc:15:8f:59
Certificate

Issuer

CN=235235623562

Not Before

23/02/2012, 07:47

Not After

31/12/2039, 23:59

Subject

CN=235235623562

Extended Key Usages

ExtKeyUsageCodeSigning

e2:b6:31:fb:53:65:84:99:ae:7d:20:45:b7:21:1a:8b:33:83:84:78
Signer

Actual PE Digest

e2:b6:31:fb:53:65:84:99:ae:7d:20:45:b7:21:1a:8b:33:83:84:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTapePosition
GetThreadContext
GetThreadPriority
GetThreadPriorityBoost
GetTimeFormatW
GetVersion
GetVolumeInformationW
GetVolumeNameForVolumeMountPointA
GetVolumePathNameA
GlobalGetAtomNameW
GlobalUnfix
Heap32Next
HeapCompact
HeapSize
HeapValidate
IsBadReadPtr
LCMapStringA
LeaveCriticalSection
LocalAlloc
LocalCompact
LocalFileTimeToFileTime
LocalReAlloc
Module32First
MoveFileWithProgressW
OpenEventW
OpenFileMappingW
OutputDebugStringW
Process32First
QueryPerformanceCounter
ReadConsoleOutputCharacterA
ReadFileEx
ReadProcessMemory
ReleaseMutex
GetSystemWindowsDirectoryW
SetComputerNameW
SetConsoleActiveScreenBuffer
SetConsoleCursorPosition
SetConsoleTitleA
SetFileApisToANSI
SetProcessAffinityMask
SetProcessPriorityBoost
SetSystemTime
SetThreadPriorityBoost
SetVolumeLabelA
SetVolumeLabelW
SetWaitableTimer
SignalObjectAndWait
SwitchToFiber
TerminateThread
TlsFree
VerLanguageNameW
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualFreeEx
VirtualLock
VirtualUnlock
WaitForDebugEvent
WideCharToMultiByte
WriteConsoleOutputA
WriteConsoleW
WritePrivateProfileSectionA
_hwrite
lstrcmpA
lstrcpynA
GetSystemTimeAdjustment
GetSystemDefaultLangID
GetStringTypeW
GetStartupInfoW
GetProfileStringA
GetProcessTimes
GetProcessPriorityBoost
GetProcessHeap
GetPrivateProfileStructW
GetLocaleInfoA
GetHandleInformation
GetFullPathNameW
GetFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileAttributesA
GetDevicePowerState
GetDefaultCommConfigA
GetCurrentProcess
GetCurrentDirectoryW
GetConsoleScreenBufferInfo
GetConsoleCP
GetConsoleAliasesLengthA
GetConsoleAliasExesLengthA
GetCommandLineA
GetCommMask
GetCalendarInfoA
GetBinaryTypeW
GetAtomNameA
GetModuleHandleA
FreeEnvironmentStringsW
FlushConsoleInputBuffer
FindResourceExW
FindResourceExA
FindFirstFileExW
FindFirstFileExA
FindFirstChangeNotificationW
FillConsoleOutputCharacterA
ExpandEnvironmentStringsA
EnumUILanguagesA
EnumSystemLanguageGroupsA
EnumSystemCodePagesW
EnumSystemCodePagesA
EnumDateFormatsA
DnsHostnameToComputerNameW
DnsHostnameToComputerNameA
DisconnectNamedPipe
DeleteVolumeMountPointA
DeleteTimerQueueTimer
DeleteFileW
DeleteFiber
CreateTimerQueueTimer
CreateSemaphoreW
CreateProcessW
CreatePipe
CreateFileMappingW
ConnectNamedPipe
CompareFileTime
CommConfigDialogA
CloseHandle
ClearCommError
ChangeTimerQueueTimer
CancelIo
CallNamedPipeA
BuildCommDCBW
BuildCommDCBAndTimeoutsA
BeginUpdateResourceW
AllocConsole
GetProcAddress
ScrollConsoleScreenBufferW

msvcrt

memset

advapi32

RegOpenKeyExW

oleaut32

VarEqv
VarFormatDateTime
VarFormatFromTokens
VarFormatNumber
VarI1FromBool
VarI1FromDate
VarI1FromDisp
VarI1FromI4
VarI1FromStr
VarI1FromUI2
VarI1FromUI4
VarI2FromBool
VarI2FromCy
VarI2FromDisp
VarI2FromI4
VarI4FromDate
VarI4FromI1
VarI4FromR4
VarI4FromStr
VarI4FromUI4
VarMonthName
VarOr
VarParseNumFromStr
VarPow
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromI2
VarR4FromStr
VarR4FromUI2
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromI1
VarR8FromR4
VarR8Pow
VarUI1FromBool
VarUI1FromDec
VarUI1FromDisp
VarUI1FromI4
VarUI1FromR8
VarUI1FromStr
VarUI2FromR8
VarUI2FromStr
VarUI4FromCy
VarUI4FromDate
VarUI4FromDisp
VarUI4FromI2
VarUI4FromI4
VarUI4FromR4
VarUI4FromStr
VarUdateFromDate
VariantCopyInd
VariantTimeToDosDateTime
VarDiv
VarDecSu
VarDecMul
VarDecInt
VarDecFromUI4
VarDecFromUI2
VarDecFromR4
VarDecFromDate
VarDecFix
VarDateFromUdate
VarDateFromUI1
VarDateFromR4
VarDateFromI4
VarDateFromDisp
VarDateFromDec
VarCySu
VarCyNeg
VarCyMul
VarCyFromUI1
VarCyFromI4
VarCyFromI2
VarCyFromI1
VarCyFromDec
VarCyAbs
VarCmp
VarBstrFromUI2
VarBstrFromUI1
VarBstrFromI2
VarBstrFromI1
VarBstrFromDisp
VarBstrFromDate
VarBstrFromCy
VarBstrFromBool
VarBoolFromUI4
VarBoolFromR8
VarBoolFromR4
VarBoolFromI4
VarBoolFromDisp
UnRegisterTypeLi
SysReAllocStringLen
SafeArrayUnaccessData
SafeArrayRedim
SafeArrayPutElement
SafeArrayLock
SafeArrayGetVartype
SafeArrayGetRecordInfo
SafeArrayGetIID
SafeArrayGetElement
SafeArrayDestroyData
SafeArrayCreateEx
OleSavePictureFile
OleLoadPictureFileEx
OleLoadPictureFile
OleIconToCursor
OleCreatePropertyFrameIndirect
OleCreatePictureIndirect
OleCreateFontIndirect
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_Size
DispInvoke
DispGetIDsOfNames
CreateErrorInfo
ClearCustData
BstrFromVector
BSTR_UserUnmarshal
SysReAllocString

imm32

ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmAssociateContextEx
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetVirtualKey
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmLockIMC
ImmNotifyIME
ImmReSizeIMCC
ImmRegisterWordA
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmUnlockIMC
ImmGetIMCCLockCount
ImmUnlockIMCC
ImmUnregisterWordA
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cf5aa9c487cdbbe4e880187a6926345

Code Sign

1f:94:ed:d6:61:61:a7:bb:49:21:58:0f:bc:15:8f:59Certificate

Extended Key Usages

e2:b6:31:fb:53:65:84:99:ae:7d:20:45:b7:21:1a:8b:33:83:84:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 152B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

1f:94:ed:d6:61:61:a7:bb:49:21:58:0f:bc:15:8f:59
Certificate

e2:b6:31:fb:53:65:84:99:ae:7d:20:45:b7:21:1a:8b:33:83:84:78
Signer

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 152B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB