0f189cdf4775e331a50114606868f5d4

Sharing

Copy URL Twitter E-mail

General

Target

0f189cdf4775e331a50114606868f5d4
Size

606KB
MD5

0f189cdf4775e331a50114606868f5d4
SHA1

ee087c760445eaa7f40b3958d811e51c512e346e
SHA256

113985e1fece2c52c4ce876c660870383dba197b79abd6b9d0a5bee5d3ebe085
SHA512

a5b44931f1ea2f23cadd7f4d6f4e0c654518412caf09ee3be42e6513b369ac18206d23e9a9e2ba0e46a25a636872e2ab188ff59781c64d98e13deb203384cf33
SSDEEP

12288:TBK9ad8/jP1VliP/H3u4umruC8SLneo6NjMb:TUEirPHlU/H3u4HgSzZ6u

Score

1^/10

Malware Config

Signatures

Files

0f189cdf4775e331a50114606868f5d4
.exe windows:4 windows x86 arch:x86

476fc2ef6ec925388fce10bb6fc86300

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2015, 00:00

Not After

24/05/2016, 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:49:83:6b:df:00:cc:3c:59:ed:54:bd:92:5a:86:92:be:a6:cc:a9
Signer

Actual PE Digest

dd:49:83:6b:df:00:cc:3c:59:ed:54:bd:92:5a:86:92:be:a6:cc:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DragObject
BringWindowToTop
EmptyClipboard
OemToCharA
RegisterDeviceNotificationA
SetClipboardData
WaitMessage
ToUnicode
MoveWindow
GetKeyState
SendMessageCallbackW
GetGuiResources
GetWindowTextLengthW
SetWindowPos
GetClientRect
IsCharUpperW
CreateMDIWindowW
LoadKeyboardLayoutW
GetMenuBarInfo
SetClassLongW
ShowWindowAsync
GetCapture
DrawTextExA
wsprintfW
IsMenu
GetKeyboardLayoutNameW
UnloadKeyboardLayout
LoadCursorFromFileW
AdjustWindowRectEx
SetMenuItemInfoW
DefFrameProcA
GetWindowThreadProcessId
MessageBoxTimeoutA
GetMessageW
EnumDisplaySettingsA
CopyAcceleratorTableW
GetClipboardFormatNameW
SubtractRect
SendMessageTimeoutA
OemToCharBuffA
RegisterClipboardFormatW
DrawIcon
SetMenuInfo
CreateCursor
ShowCaret
LoadStringW
LoadCursorA
SetClassLongA
GetTabbedTextExtentW
GetAncestor
UnhookWindowsHook
GetClassInfoExA
LoadCursorFromFileA
GetListBoxInfo
ShowOwnedPopups
EnumDesktopsA
DefDlgProcA
SystemParametersInfoW
DlgDirListA
SystemParametersInfoA
FindWindowA
MessageBoxTimeoutW
PeekMessageA
HideCaret
MessageBoxIndirectA
GetKeyboardLayoutNameA
CloseDesktop
GetUserObjectInformationA
ActivateKeyboardLayout
OpenInputDesktop
ModifyMenuA
PostThreadMessageA
GetKeyboardState
SetDlgItemTextA
GetMenuItemInfoW
RealGetWindowClassW
GetUpdateRgn
IsDialogMessageW
UnregisterHotKey
GetMonitorInfoA
GetWindowWord
GetCursorPos
FindWindowW
IsWindow
EqualRect
EnumThreadWindows
IsDlgButtonChecked
GetMessagePos
EnumDesktopsW
CreateDialogIndirectParamA
UpdateWindow
GetClipboardFormatNameA
BroadcastSystemMessageExA
InsertMenuW
BroadcastSystemMessageExW
GetSystemMetrics
TranslateMessageEx
GetScrollInfo
GetMessageTime
MessageBoxA
IsCharAlphaNumericA
OpenWindowStationA
SetCaretPos
GetWindowTextA
GetWindowWord

kernel32

SetFileApisToANSI
CreateProcessW
lstrcmpiA
SetErrorMode
ReplaceFile
IsBadStringPtrW
AddAtomA
EnumResourceNamesW
HeapReAlloc
GetCalendarInfoA
FindFirstFileExA
SetFileShortNameW
VerLanguageNameW
SetFileApisToOEM
ClearCommError
CloseProfileUserMapping
CancelIo
GetLargestConsoleWindowSize
SetComputerNameA
CreateDirectoryA
GetPrivateProfileIntA
WinExec
GetThreadContext
GetFileInformationByHandle
ReadConsoleOutputCharacterA
GetModuleHandleExW
GetConsoleCursorInfo
GetPrivateProfileStringA
ClearCommBreak
GetEnvironmentStrings
RemoveDirectoryA
WaitNamedPipeW
GetStringTypeExA
SetEnvironmentVariableA
LZInit
CompareStringA
Heap32First
BuildCommDCBAndTimeoutsW
CreateProcessInternalW
FileTimeToLocalFileTime
WriteConsoleOutputA
ScrollConsoleScreenBufferA
OpenEventW
FindClose
GetDiskFreeSpaceExA
ConnectNamedPipe
EnumSystemLanguageGroupsA
WaitForSingleObject
CreateTimerQueue
MapUserPhysicalPages
GetOEMCP
GetProfileIntA
FlushConsoleInputBuffer
GetNamedPipeHandleStateA
GetThreadSelectorEntry
LocalSize
GetStringTypeA
GetTimeFormatA
CreateFileA
GetProcessTimes
ConvertDefaultLocale
GetConsoleKeyboardLayoutNameA
PulseEvent
FindFirstVolumeMountPointW
lstrcpyn
lstrcpyW
QueryDosDeviceW
ExpandEnvironmentStringsW
WaitForMultipleObjectsEx
GetConsoleFontInfo
GetDriveTypeA
GetTimeZoneInformation
FindFirstChangeNotificationA
GetACP
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextW
PageSetupDlgW
ChooseFontW

shell32

ShellExec_RunDLL
InternalExtractIconListA

Exports

Exports

�B��$��~��'�=�#`wٝ@�U��WC0MX�b�sda�0��K�w��ϴ�݋�aӉ5��@�)c|1Q�Ģ�W�q1bȪ�T0>%��#Z��f4�[��"��Ι��[��PE�*��=y��GF��[u�z � ��a�x��vʙ�q��P�1A�=��I�.�1i��f�q67Մ�u�� I#�m��}N��g�tu�Ļ��5�@�w] ](��8�{��D� ��wg ��u] �͑;��y�'�iG�} ��QB��t�}�ާG�lݫ��*Eʩ�Y�Ҋ��+�b��-r��_��)h H��=&��)��S�<�$��s�v��bs��E��X��&��U��s��A�W��[Gʔ^.;�M-J�<�ج��Z6��ȕ&g��J�:��sY��D 6�)d6�n-U9��L��@_D��e|��C�]��n�y H3FҠ�b��L��kL�˨��:s��"�p�%�o[��]��1G��,��ܒ��zn��'�-A򎤽~�O�p�kp�Ʌ�xp��+XA'x)��C��~��*D�J�2aCi��s�~�� X�R�`TTs��9o�C�u�= *�i�;�)r5�%��Lܺ�S�F�8. ��'�s&DN�*RR��fN��KԳ�sk눢Bbw`��;�3hNW�Gn_n��=N�$�# �>�x�,��g^�'q��\QQ��z�nEх�M��/�-K�O��}3?��8��4w��/�\t-�[n�{��$�T�$ @I�D��#( ��܏��깰?�� ڢ�bl�!�1�'�,�P&`G��^��D�w[ú4V�j��ꮢ��!��*t�$� Kו��H}�?�<i��YTv(`��=y=B�� 1�z x��p)��Srh��q�X�3�E$��"��Fr��J%V��'O ��_>h�s�qE��+��/�`��"C��T�)��y�q!nc>�4�oc(�= �Fn� �ᩬhw>��/?� ��<|�*�H�,;��_W�o�hqx�t�NW��C��ըp��S�ǭWo�a[ �"�Y�Q�"��R�i�c�,�b��ل��j��a;A e�%�W$�y��إ��Ū�~\��nc"�2�D��CLeP \e�ݤB�� J_uE��n��F.LB��̓�k:�U�0?��aƭͣ�yE��ܜ��V0�zO�`0�U ��U��)��ݾc^��<k�L�{��b��ڹ�'�;�{0(��U��k�p`$��]�M�ѕ�.sg㋇�p�$�ʔ��_!3�^CQg׬�2�3�3�wB��)7;�6K n��X�:s=��`�*�(@��X�1ӷ��8��m��ۏ��A-�z��`GS��rp�WU=C�d�m��ύe*�"�7X��E0��ʰ�g61=;��:F䁱��`Y��`[sl�ļT�#��a�Z3�\ׁ��nQ�-�G��&�AI!w��w!�j�_��DcW@�9�??�s� �Չt�,��o;��>��[��1��I�-R��%�ƟY�?3].�e�䌗n۝B�+��&��_��kt��Kq�7TQM��g��싵(��P��`��lzьy�j��St��9wif|o��[�Vl��Ƴ�V�-�g��l��n>(��sΟ\�T�aǪͮ?��W��m=�7,�/A8�]>(Zzg��bQ��U��aR�Q�N��i��*(�� Pw�u��`�� `c�s��x�BL�#ض��|� NQ��x(��a��V��O �7i��I�j�T��p0r#�# U�u:��Qi'\y��Sڢ��> z|�w��n� ��"�,|�w�3�L:;@V�O�IR'K�.�h��'@��3 8n8��veEZ��n��gUdq�1�12�~t��y��&��u�%��Z��=e ��qU_�s�iL��2�3J:��Q�:�t��a�<��[��I,6@A�?��XҞ؁D�S�e��>��Bl��Gb�9�Y�|ˮ"��.��%u��o�Z�&�@�w�+�k��!�λL��%ޣ�p�qv&��˵��R�rs��?m*Fﷸd��*��[DC��)�=��){��U��zxz�8��P V�{'�"��<'��O�D�F�i��L��Y�us��v��sk��κ�G��V)9��G4q9�wG1�o�M�Y�:� ��q��*�u=��j�`ΐ`�n��%��x~h'��P(�~uJ�>�I!+h��DAkU��K�S��,��_�4��?�Dhy~gv�J/��V辳4��i0ٵ�%��c��Ғ/@B6e"e5-��)M��Jq��]��`��0�$ή�\��6�0��|�9ѯ�C|�M0��8ߛ�E��$vɁf�m5��kbr�|S/u1��F5��S��0:��_U��(��Z��+��f��9�z�R[n�'�$��,K.�|=>?1��F�M��Fg��u�T��kt� -)�$�c�Z�V�,��->�O�%�Մ��OB�c|+�� X�8��A��n[�4䔏�]�ɄOEg��^�^Q��"��1/ZvLS��ٰ�6��,�l΁�w@�E �'��Z�ia�$t�ҕb0��bĳĞ�*�pU��sG�}>8��ٚhrvQ4��k��0�<��w�Aq-�9�%5=��mgz��ᆟ��C�S[J�Ύ�P;M�$h��l�\��]�� 'BY�I m<&قsi^�ЫK�Vb�NTW�N��Fzh�k��X��o�_�6)��y��ue/��R;t�ز s��09?�W��NЏl��{�FVE��=�Y�f~��LP��%Y;$��j˽3.��3��

Sections

CODE
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 821B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

476fc2ef6ec925388fce10bb6fc86300

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

dd:49:83:6b:df:00:cc:3c:59:ed:54:bd:92:5a:86:92:be:a6:cc:a9Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

shell32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 440KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 821B

.idata Size: 5KB - Virtual size: 4KB

.text0 Size: 18KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 60KB - Virtual size: 60KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

dd:49:83:6b:df:00:cc:3c:59:ed:54:bd:92:5a:86:92:be:a6:cc:a9
Signer

CODE
Size: 441KB - Virtual size: 440KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 821B

.idata
Size: 5KB - Virtual size: 4KB

.text0
Size: 18KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 60KB - Virtual size: 60KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB