12bc2a30ac0cb3f3bc92e726f9eeb0f1

Sharing

Copy URL

Twitter E-mail

General

Target

12bc2a30ac0cb3f3bc92e726f9eeb0f1
Size

352KB
MD5

12bc2a30ac0cb3f3bc92e726f9eeb0f1
SHA1

157a8b1651921f5493d70c5619008dd2b474eb3f
SHA256

20276ed50815158e24bbcae4a449c713ea0732f6568f3c9724b8a89c38139c06
SHA512

1758b5868d9264c0e98fa18367e92818de5b5670222163625ce881f3ba50b297dff463c328fd8c29c21d2237e8c3e43b027e45c4fb9f78075cb489d52f93dd63
SSDEEP

6144:8yErq0yLAFck9JZeYxUXBHpZte8bk4M/TIOj+c7zWjoMWlYhKYue4cJdM+94g+:CG0ahk1eYUBJZt/6xj+4zH4RR4sdMGv+

Score

1^/10

Malware Config

Signatures

Files

12bc2a30ac0cb3f3bc92e726f9eeb0f1
.exe windows:4 windows x86 arch:x86

3cbfbb833cc5050971164899134121e3

Code Sign

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24/10/2007, 22:01

Not After

24/10/2017, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bb
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/11/2014, 00:09

Not After

31/10/2016, 17:47

Subject

CN=ООО ”БАНДЛ” - Bundle LLC,O=ООО ”БАНДЛ” - Bundle LLC,L=Saint-Petersburg,ST=Saint Petersburg City,C=RU,1.2.840.113549.1.9.1=#0c16696e666f40696e7374616c6c62756e646c652e636f6d,2.5.4.13=#1310345173635459644f79754e45624e586d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:c4:3f:90:4f:1e:a5:b8:e4:32:15:ec:25:cf:57:9b:be:9e:b2:6f
Signer

Actual PE Digest

3d:c4:3f:90:4f:1e:a5:b8:e4:32:15:ec:25:cf:57:9b:be:9e:b2:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ScrollWindow
SetWindowTextA
ShowWindow
EnableWindow
LoadStringA
CloseWindow
GetMenuItemCount
SetThreadDesktop
GetClassNameA
GetActiveWindow
GetUpdateRect
GetSystemMenu
IsWindow
GetPropA
GetKeyboardLayoutNameA
SetClassLongA
SetParent
GetKeyboardType
GetDesktopWindow
GetTopWindow
SwitchDesktop
GetWindowLongA
SetWindowPos
GetWindowRect
GetDC
GetClassWord
LoadCursorA
GetScrollRange
RegisterClassA
PostMessageA
MoveWindow
CreateWindowExA
GetWindowRgn
GetMessageA
TranslateMessage
IsWindowEnabled
GetParent
DispatchMessageA
GetClassLongA
GetWindowThreadProcessId
SetPropA
GetMenuItemID
SetFocus
PostQuitMessage
GetMenu
DestroyWindow
RemovePropA
GetWindowTextLengthA
SetClassWord
GetUpdateRgn
BeginPaint
DrawTextA
GetClientRect
GetClassInfoA
FindWindowA
EndPaint
IsWindowUnicode
SetActiveWindow
LoadIconA
SetWindowLongA
DefWindowProcA

gdi32

SetTextColor
SetBkMode
GetStockObject

kernel32

MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
VirtualAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetStartupInfoA
HeapAlloc
GetSystemPowerStatus
GetCurrentProcessId
ReleaseSemaphore
LCMapStringA
GetCommandLineA
CopyFileA
DeleteFileA
GetLocalTime
GetProcAddress
ConnectNamedPipe
GetFileType
GetVersion
CreateEventA
OpenFileMappingA
CreateFileA
GetComputerNameA
CreateNamedPipeA
CreateFileMappingA
GetModuleHandleA
FindResourceA
WinExec
SetFilePointer
InitializeCriticalSection
SetFileTime
DisconnectNamedPipe
LockFile
GetTempFileNameA
GetDiskFreeSpaceA
GetEnvironmentStrings
PeekNamedPipe
GetTempPathA
WaitForSingleObject
WriteFile
LCMapStringW
GetStringTypeA
FileTimeToSystemTime
OpenSemaphoreA
LoadLibraryA
GetCurrentProcess
GetLogicalDriveStringsA
GetStringTypeW
ReleaseMutex
UnlockFile
SetCurrentDirectoryA
CreateDirectoryA
CreateMutexA
OpenMutexA
ReadFile

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cbfbb833cc5050971164899134121e3

Code Sign

24Certificate

Key Usages

10:bbCertificate

Extended Key Usages

Key Usages

3d:c4:3f:90:4f:1e:a5:b8:e4:32:15:ec:25:cf:57:9b:be:9e:b2:6fSigner

Headers

File Characteristics

Imports

user32

gdi32

kernel32

Sections

.text Size: 304KB - Virtual size: 302KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 6KB

24
Certificate

10:bb
Certificate

3d:c4:3f:90:4f:1e:a5:b8:e4:32:15:ec:25:cf:57:9b:be:9e:b2:6f
Signer

.text
Size: 304KB - Virtual size: 302KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 6KB