104c3d0bafeeedac930d93086eed8465

Sharing

Copy URL Twitter E-mail

General

Target

104c3d0bafeeedac930d93086eed8465
Size

599KB
MD5

104c3d0bafeeedac930d93086eed8465
SHA1

2d13cb5c0b7dc2a1faf619a2fde4da4354aa1266
SHA256

c84270c2a05527e562c7a11875afd805e62233c26579b2234c71895d6b425fb5
SHA512

4125802e83d23b1b7ad1b47f1fd43c12ae5269582aa21f1561862b97ba40b93a47703bcab7f207e56477fe753a0ab51123e8d9806786dc8a0eb8ae4d50a6598a
SSDEEP

12288:yTme7hhMb4gMkRYYoGRG3IREOqZY/BwTDKluIyTmdM:yTmewb4gIB3IREZYpwTDKl

Score

1^/10

Malware Config

Signatures

Files

104c3d0bafeeedac930d93086eed8465
.exe windows:4 windows x86 arch:x86

5c428317d5e3acae614837f99f82679e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/04/2015, 00:00

Not After

28/04/2016, 23:59

Subject

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cf:d1:cd:35:a2:92:0e:26:82:62:9d:2b:a5:95:e5:3e:64:3a:00:c4
Signer

Actual PE Digest

cf:d1:cd:35:a2:92:0e:26:82:62:9d:2b:a5:95:e5:3e:64:3a:00:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

SetUserObjectInformationA
PrivateExtractIconExA
IsCharAlphaA
SendInput
GetWindowTextLengthA
ToAscii
SetMenuInfo
SetSystemMenu
GetMenuItemInfoW
CharUpperBuffA
IsDlgButtonChecked
GetNextDlgTabItem
GetScrollPos
GetSystemMetrics
EnableWindow
GetWindowRgn
IsCharUpperA
DlgDirSelectExW
DialogBoxParamA
SetClassLongA
IsIconic
LoadIconW
SendMessageCallbackW
PostThreadMessageW
SendMessageTimeoutA
PostMessageW
OffsetRect
IsMenu
GetScrollRange
GetKeyboardLayoutNameW
UnregisterDeviceNotification
UnregisterHotKey
SetWindowTextW
CheckMenuRadioItem
SetForegroundWindow
DialogBoxIndirectParamA
SetLayeredWindowAttributes
CharLowerBuffA
ChangeMenuA
PrivateExtractIconsW
GetIconInfo
EnumPropsW
FrameRect
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
LoadKeyboardLayoutW
EndTask
WaitForInputIdle
GetDC
CreateMDIWindowW
GetClassInfoW
DrawAnimatedRects
GetWindow
UnlockWindowStation
MessageBoxExA
FindWindowA
SetLastErrorEx
GetMenuBarInfo
GetWindowWord
EndDialog
SetDoubleClickTime
IsCharLowerA
RegisterHotKey
SetMenuDefaultItem
RegisterClipboardFormatW
SetWindowWord
GetWindowTextW
SetCaretPos
SetCaretBlinkTime
PeekMessageW

kernel32

GetProcessVersion
TransmitCommChar
DisableThreadLibraryCalls
AddVectoredExceptionHandler
GetUserGeoID
EnumResourceLanguagesW
SetVolumeLabelA
CreateHardLinkW
ResetWriteWatch
ReplaceFileW
GetPrivateProfileSectionA
WriteProfileSectionA
SystemTimeToTzSpecificLocalTime
IsProcessorFeaturePresent
LZStart
GetCommModemStatus
ReplaceFileA
GetVolumePathNameA
GetCalendarInfoW
UpdateResourceW
ClearCommBreak
GetDiskFreeSpaceExW
GetModuleHandleExW
SetCriticalSectionSpinCount
GetPrivateProfileStringA
EnumSystemLanguageGroupsW
WriteFileEx
WaitForSingleObject
HeapLock
IsValidLocale
GetFileSize
MoveFileExW
MoveFileWithProgressW
GetDefaultCommConfigA
LZCreateFileW
ActivateActCtx
SetVolumeMountPointW
CancelWaitableTimer
VerifyVersionInfoA
RtlMoveMemory
FindResourceW
DefineDosDeviceW
CopyFileA
MoveFileA
IsWow64Process
GetConsoleWindow
EnumCalendarInfoW
EnumCalendarInfoExA
FindAtomA
ReplaceFile
SuspendThread
MapViewOfFile
SetEndOfFile
CreateFileMappingA
RequestDeviceWakeup
Heap32ListFirst
SetComPlusPackageInstallStatus
ExpandEnvironmentStringsW
ConnectNamedPipe
ScrollConsoleScreenBufferW
VirtualQueryEx
SetCommMask
GetCurrentProcessId
DeleteVolumeMountPointW
GetUserDefaultUILanguage
GlobalAddAtomW
LocalFileTimeToFileTime
GetGeoInfoA
FreeUserPhysicalPages
GetACP
SetThreadAffinityMask
lstrcpynW
FindVolumeMountPointClose
SetLastConsoleEventActive
GetNamedPipeHandleStateA
GetTapePosition
GetLastError
ConvertDefaultLocale
GetProcessHeap
GetVersion
WriteConsoleOutputA
MoveFileExW
VirtualQuery
LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

GetOpenFileNameA
LoadAlterBitmap
GetFileTitleA

oleaut32

VarI4FromUI4
SafeArrayCreateEx
SafeArrayGetUBound
RevokeActiveObject

gdi32

GdiReleaseDC
CreateScalableFontResourceA

comctl32

GetMUILanguage

Exports

Exports

t>�y�1��`o�*og��Ӭ(�J�{s�L�R0��?�?xL+<"R�={�G=��X�G�,��@�/R�)��"��n(o�3V�e��E�}p�*eѷ�(pN��-�3��?�^�S�T L-��G�f��v�B��¯��!P_#a��ߕU޾ �!�_5.(�E��h�g1�Y��վK�J��+r��!��,�� ה��6㝽,M��dq'Lk|~�v`��6e�l.)��2�وe��`�q/$�lT��z� �L�BJ�ŘuKM�_\��o�a�ٚZTo�|�:�%e�)�I�A��Z� �]�_6Bpz�� K��DcG��n��3+GY��=-�`,اw5�"4��Q��e��R�մ��3d�Z��d�9�$��zB��9yM[sE��Q��1��M��6��,�?��a!��p66f�TV$i��U��ًD��-R��y��~~�}+�0h̒f�bT� 7��Yo��Vnl�s,ƌ��=>_�@��U��!݂�|�v;��k�%�HT>�[��5�!�{L5b��_��3.�d��p��P'��9�^2O.U6��5��Ņ�~��-e}�;��S��X7�$��.��B�X��Nwub'�z��6OԈ��,�`�$��=�齦��K�/��;�o�1��Y��B�¼�D)�ه�M��ψ�s#R��t�,��ib|_Ve��rѓ �Zvz H[�A0��)��<� Ȧ��S��j�kdjn��5��+/�I�A��@7�'�H�1�g�W��^�� I2�@�}�oO �\&��}�O!G�S��X��1ZV?!|�*J��W�8 /N.�� 9�溆nM�9xaU �9M��m)�u.eQe��R�z��E��-�Cy5T��ߵ_N�q��O�%n*C��Th� ��%N��6�P[Iq+i��љ Ц��A��gu�ӊg�5JI��:��"'ip��eqb�8d d{��(�\m�.��3��<��f#Q�B!��z��M��CD�=��A��]��wԸet��q�#��.m��"n>bSV��w��]�� è��r0erw;� (cI��J(��j[�5�l�� 8�`[1��xq�Nu�X�NnN��FJ^�CHЎ��g��I�� Ո��jd�}�᝻�v�! ��7��g��j`��h� E<G��P��W�c_��:��iy�+BD�e�`�K�Y_F1Z*�lv��G��E��g(&��ꏳ��O+�� W�9�;�(�?Z�v�F��x�v��>�,�� \xFW�q�agz��g�P`Ż��0�$�Q@{謳�ΐ� ��zG��j��3j�:��)}4��k@��.j�|q�3�8^�%ܳt��a�`��-��>坘��m��7I��<�N�+è�l��y�(�� T�ۥ�!}S�iQ�RJ��N��ӄ)�Oٹt�Vz��x�2<�\r��Y��W��7�qo��S�� -�T�P()��1�:E.��P촽��4A��?��- �t�J��y��y��hk��e�Ʌ�X��x�O�]�ޠFՓ�Q�::��+��U2�Ȧ��65�y�� ;x��Ș�H��*IC>�﾿�Ȣ��T�on�g�/�y'B��DK� �D� �H�B~ �.i�r�~�sHX��'�"[��&PW�_�,~�i�enW��E�s��٢�:�/�հG�}�7�3I�� Xv�|!� �`��m$<.}�ʓ�;G��!��q�Ew(�Q[�__�U�\-Q^��E�ڇnF��:+� `��ko�/hm�3|�;>I��~Gȶn)�� !GQs_H��Ĝ�-~]|��'��F�ˠ�=J<H� �u4v�>�Be�[��t�z�D��}��>C��U2f��w ��Z<��h!��20��Q�N)��_��7�� {��ѕ�&��!��C셳�c�ޟ�� _BK&�׸b��3��'I,��A0`ǲm��M��e|�]q��Dj�/�� *��Ƭ�Ov�[T�(p��z�e�/^~�2[��r��_�I8��|��&1%�Ƙ��ukl��P��D �gv8@þ�AS��1� ��3qQ皂x��n��9�ʈ܎Ҳ��IȳS�XX/3��)�<�|��F.��Q�H��Ѩ=]��h[��}�ʬ~�y�1��%)�[v�詈ؾ)�$�#CJ��`�$�>(��:��m-��>:d�ZjL��K��U�$�c"$_8R��ń4�h�H^|%�;��6��R��}D�*L+d?� )Y��G�t��fH}��$��(�Q^J��o��emy��6=��L��}�1��\7+��Zr(KQ�M��h�F��n��>J�^?��/<ki��]F��˲ΕI�1zt8q�eG��s�?r��I��5=y �Q��a�z^ ��#հ:!F�d�� V��d�76gÏ�yj��lޫ��̩ː�of2i�.�66mj-��%!k�@�� X{��Ĵ��<��'b��Y7�Ѹ,д�3��V㡍MΨ$��>�ӡ٪(�֔�QC��WKb��_��c]8+e�]f�5��_��ecRV��y?�pfe�qv }Į��(��b�?��{��pC�EbW�(�Қ�w��#�A,�Pe4�S~D��w��[l%�]E�z�j Ԉ'H��C�Pf�q�<=�( Z�!ݝ��s�� %��J��Pr��|��kn��7�չ9�;ٳg7=��b��;��<�C��ꗍ(�G�27��M��+��J�3?N�.�x�Yy>p:�i��#��y�]ѐX��ܸ�w��o\��n:ԥ]��>Ҳ

Sections

CODE
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c428317d5e3acae614837f99f82679e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:deCertificate

Extended Key Usages

Key Usages

cf:d1:cd:35:a2:92:0e:26:82:62:9d:2b:a5:95:e5:3e:64:3a:00:c4Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

comctl32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 438KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.text0 Size: 13KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 57KB - Virtual size: 56KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

cf:d1:cd:35:a2:92:0e:26:82:62:9d:2b:a5:95:e5:3e:64:3a:00:c4
Signer

CODE
Size: 438KB - Virtual size: 438KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.text0
Size: 13KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 57KB - Virtual size: 56KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 53KB - Virtual size: 53KB