147d252594c94b97403de7322b5b5ebd

Sharing

Copy URL

Twitter E-mail

General

Target

147d252594c94b97403de7322b5b5ebd
Size

1.1MB
MD5

147d252594c94b97403de7322b5b5ebd
SHA1

2ea834d11d8f11e7c28d7a159f18107eaa00d2e2
SHA256

773bc66e1ce0aabcbe46e428f4a8241b448ff81155685d9fec7eb4d1561d8f0d
SHA512

c95de91da04c1a88c33a266c71785dd0e5900579ec8d627a4f56357154b2a877f79fb993c1dc69863a6f2eb6647df9ab8e15dcb5f69d141082ba2f9790bf5061
SSDEEP

12288:rdsokjs6RDOM8W7p9ykFsX+zMi4xyDnliTVW7/iVo9hWWz:rdn8DOMpN9ykG+zexyTIToaVo9hWWz

Score

1^/10

Malware Config

Signatures

Files

147d252594c94b97403de7322b5b5ebd
.exe windows:4 windows x86 arch:x86

c87cc929aeec0eb08916d2410c0e49b3

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:39:5a:86:d9:1d:a6:3b:ac:9c:ef:69:4a:77:2b:43
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20-05-2015 00:00

Not After

19-05-2016 23:59

Subject

CN=PKK OOO,O=PKK OOO,POSTALCODE=241037,STREET=103 ul.Krasnoarmeiskaya,L=Bryansk,ST=Bryansk Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:47:12:97:21:d2:19:b7:48:25:48:42:02:42:35:74:b3:80:99:c7
Signer

Actual PE Digest

fe:47:12:97:21:d2:19:b7:48:25:48:42:02:42:35:74:b3:80:99:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

EnumPropsA
GetMenuDefaultItem
GetWindowTextLengthA
ToAscii
DrawStateW
AppendMenuW
KillTimer
IsWindowEnabled
PostQuitMessage
RegisterDeviceNotificationW
InvalidateRgn
OemToCharBuffA
SetRectEmpty
ChildWindowFromPointEx
LoadMenuIndirectA
OpenDesktopW
GetClipCursor
CharLowerBuffW
GetTabbedTextExtentW
IsCharAlphaNumericW
GetMessageA
PrivateExtractIconsW
SetUserObjectInformationA
EnumDisplaySettingsW
RemovePropW
IsDialogMessage
CharUpperBuffW
DestroyIcon
ArrangeIconicWindows
GetDlgItem
IsCharAlphaA
EnumWindowStationsW
InsertMenuA
GetUserObjectInformationW
PostMessageW
GetMenuBarInfo
SetWindowPos
SetWindowTextA
SetWindowsHookW
MapVirtualKeyA
SendDlgItemMessageW
SetDebugErrorLevel
SendMessageTimeoutW
CharPrevW
SetParent
GetMenuStringA
RegisterWindowMessageA
GetCursorPos
GetGUIThreadInfo
GetMenuItemInfoA
GetKeyboardLayoutNameA
EnumDesktopsW
SystemParametersInfoA
PrivateExtractIconExA
InsertMenuItemW
GetLastInputInfo
OpenDesktopA
OpenClipboard
SetSystemCursor
CreateIconFromResource
GetClassInfoExW
ValidateRgn
DialogBoxIndirectParamW
GetUserObjectSecurity
LoadKeyboardLayoutW
SetDeskWallpaper
CreateDialogIndirectParamA
wvsprintfA
LoadStringA
MapVirtualKeyExA
MonitorFromWindow
CreateMDIWindowW
DefWindowProcW
PrivateExtractIconsA
ShowWindowAsync
CharToOemA
CreateIconIndirect
DrawTextW
InsertMenuItemA
GetInputDesktop
IsWindowVisible
FrameRect
CheckMenuItem
GetTopWindow
MonitorFromRect
IsCharUpperA
GetUpdateRect
CascadeChildWindows
EnumDesktopWindows
SetSystemMenu
PrintWindow
GetPropA
CharUpperA
LoadCursorFromFileA
BroadcastSystemMessageExA
OemToCharA
GetScrollInfo
SetPropW
SubtractRect
OemToCharW
MessageBoxTimeoutW
DefWindowProcA
GetMenuItemCount
GrayStringA
CreateMenu
MenuItemFromPoint
GetMessageTime
EnumPropsW
RealChildWindowFromPoint
ModifyMenuA
GetWindowTextW
MonitorFromPoint
GetProcessWindowStation
HideCaret
GetKeyboardType
DrawIcon
ChangeDisplaySettingsExW
DrawTextA
TranslateMessage
DrawCaptionTempW
RegisterWindowMessageW
AlignRects
GetClassNameW
ActivateKeyboardLayout
GetUpdateRgn
SetMenuDefaultItem
ChangeDisplaySettingsA
IsWindowUnicode
LoadStringW
FindWindowA
ChildWindowFromPoint
DlgDirListA
AttachThreadInput
TileWindows
SetWindowsHookA
LoadAcceleratorsA
InflateRect
wsprintfW
EndPaint
CheckMenuRadioItem
DialogBoxIndirectParamA
LoadIconW
SetDlgItemInt
DrawStateA
IsMenu
IsWindow
GetMenuItemInfoW
GetClipboardOwner
GetMenuInfo
ShowWindow
LoadImageW
GetMouseMovePointsEx
WinHelpW
SetDoubleClickTime
SetMessageExtraInfo
GetDCEx
CreateCursor
LockWorkStation
DragDetect
DrawMenuBarTemp
GetKeyNameTextW
RegisterClassA
ScrollWindow
DrawCaptionTempA
MapDialogRect
SetMenuItemInfoA
LoadMenuW
ShowCaret
wsprintfA
SetProgmanWindow
GetKeyboardState
GetClipboardFormatNameW
IsCharUpperW
IsDialogMessageW
AllowForegroundActivation
WaitMessage
DragObject
EnableWindow
CreateAcceleratorTableA
CopyImage
GetInternalWindowPos
DestroyAcceleratorTable
SetTimer
GetCursorInfo
CreatePopupMenu
EnumClipboardFormats
DefDlgProcW
ScreenToClient
InvertRect
FlashWindow
EndMenu
GetClassInfoA
TileChildWindows
GetWindowLongA
CopyRect
GetAltTabInfoA
MapWindowPoints
DrawFrameControl
GetThreadDesktop
ChangeDisplaySettingsExA
IsCharAlphaNumericA
CallNextHookEx
GetMessageW
RegisterClipboardFormatW
EnumDesktopsA
SetCaretBlinkTime
SetClassLongA
EnableMenuItem
DrawFocusRect
PostThreadMessageA
InvalidateRect
ChangeDisplaySettingsW
GetWindow
EmptyClipboard
SetMenuItemBitmaps
GetSystemMetrics
GetKeyboardLayout
ShowStartGlass
BringWindowToTop
GetKeyNameTextA
BlockInput
RealGetWindowClassW
GetMenuContextHelpId
CopyAcceleratorTableA
DestroyMenu
ValidateRect
SendNotifyMessageW
RedrawWindow
SendDlgItemMessageA
CopyIcon
OemToCharBuffW
FillRect
IsHungAppWindow
RegisterClassW
DialogBoxParamW
SetMenu
SetWindowsHookExA
MessageBeep
GetCursor
GetMenuItemRect
DrawCaption
DefFrameProcA
EnableScrollBar
GetMenuContextHelpId
IsDialogMessageW

kernel32

FormatMessageA
FreeUserPhysicalPages
GetVersionExW
SetSystemTime
OutputDebugStringW
IsProcessorFeaturePresent
RequestDeviceWakeup
lstrcmpA
SetErrorMode
CreateConsoleScreenBuffer
HeapFree
lstrcmpiW
ExitThread
GetOEMCP
Sleep
lstrcpy
WritePrivateProfileSectionA
GetCompressedFileSizeA
MoveFileWithProgressW
GetProcessHeap
GetVolumeNameForVolumeMountPointW
WriteProfileStringA
GetVolumeInformationA
GetPrivateProfileStringW
GetExpandedNameA
MoveFileExW
GetConsoleProcessList
CreateTimerQueueTimer
OpenSemaphoreW
GetEnvironmentStringsW
RegisterWaitForInputIdle
InvalidateConsoleDIBits
SetVolumeLabelW
RemoveDirectoryA
LockFile
WriteConsoleOutputA
LockFileEx
GetDiskFreeSpaceW
SetLastConsoleEventActive
CreateJobObjectW
FileTimeToLocalFileTime
GetNumberFormatW
GetPrivateProfileStringA
GetHandleInformation
GetConsoleCursorInfo
CommConfigDialogA
InterlockedCompareExchange
GetTapeStatus
FindResourceA
GetTapeParameters
VerifyVersionInfoA
GetPrivateProfileStructA
WinExec
GetDriveTypeW
FindFirstVolumeMountPointA
SetThreadPriority
RtlCaptureStackBackTrace
PrivMoveFileIdentityW
AddConsoleAliasA
DosPathToSessionPathW
AssignProcessToJobObject
ActivateActCtx
CompareFileTime
ReadConsoleInputExA
GetAtomNameW
SetDefaultCommConfigW
GlobalSize
ChangeTimerQueueTimer
CreateDirectoryW
ReadConsoleInputA
GetGeoInfoW
UpdateResourceA
EnumSystemLocalesA
SetEvent
OpenWaitableTimerW
GetProfileSectionA
BuildCommDCBA
EnumDateFormatsW
ReadDirectoryChangesW
LocalUnlock
GetDiskFreeSpaceExA
HeapReAlloc
CreateHardLinkA
WriteConsoleOutputAttribute
ConvertDefaultLocale
ReadConsoleOutputAttribute
lstrlenW
SetLocaleInfoW
CreateSemaphoreW
FindActCtxSectionStringW
CopyFileExA
GlobalAddAtomA
EndUpdateResourceA
GetConsoleInputWaitHandle
CreateProcessInternalA
LZStart
lstrcmp
GlobalFlags
EraseTape
CreateEventW
ResetWriteWatch
GetProfileIntA
IsBadStringPtrW
WriteConsoleOutputCharacterW
RtlUnwind
IsBadHugeWritePtr
FindCloseChangeNotification
GetPrivateProfileSectionNamesA
CreateDirectoryA
FatalExit
CreateFileMappingW
ReadConsoleInputExW
EnumTimeFormatsW
GetTapePosition
VirtualQuery
EnumCalendarInfoExW
SetProcessPriorityBoost
InterlockedDecrement
ExpandEnvironmentStringsA
FindActCtxSectionGuid
LZClose
GetVolumePathNameW
FindVolumeClose
GetCommModemStatus
BuildCommDCBAndTimeoutsA
GetCurrencyFormatW
SetTapeParameters
SetCurrentDirectoryA
SleepEx
WaitNamedPipeA
GetNativeSystemInfo
GetSystemDefaultUILanguage
WaitCommEvent
SetFileShortNameA
GetBinaryTypeA
DnsHostnameToComputerNameW
AllocateUserPhysicalPages
GetVolumePathNamesForVolumeNameA
SetCommMask
CreateJobSet
ReadConsoleW
CreateTimerQueue
OpenEventW
SetComputerNameExA
CreateHardLinkW
GetThreadTimes
FreeEnvironmentStringsW
SetWaitableTimer
SetComputerNameExW
IsBadStringPtrA
GetCommProperties
EnumSystemLocalesW
FindNextVolumeW
GlobalWire
GetConsoleMode
VirtualFreeEx
ReplaceFileW
PrivCopyFileExW
GetExitCodeProcess
SetSystemTimeAdjustment
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
LZOpenFileW
SetUserGeoID
GetModuleFileNameA
SetThreadPriorityBoost
GetCurrentThread
TlsAlloc
LoadLibraryExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

GetSaveFileNameW
ChooseColorA
GetOpenFileNameW
CommDlgExtendedError
ChooseFontW
ReplaceTextW
ChooseColorW
ChooseFontA
ReplaceTextA

oleaut32

VarR4CmpR8
VarI2FromUI4
VarR8FromDate
SafeArrayPtrOfIndex
SysAllocStringByteLen
VarUI2FromDec
OleCreatePropertyFrame
VarUI4FromI8
SafeArrayAccessData

gdi32

StretchDIBits
EngLineTo
SetArcDirection
SelectPalette
ModifyWorldTransform
GetCharacterPlacementA
GetTextAlign
EnumFontFamiliesA

comctl32

ImageList_LoadImageA
ImageList_Remove
FlatSB_SetScrollInfo
ImageList_GetImageRect
ImageList_Write
CreatePropertySheetPageA
InitCommonControlsEx
MenuHelp
ImageList_GetIconSize
CreateStatusWindowW
CreateStatusWindow
ImageList_SetImageCount
ImageList_AddMasked
DrawStatusTextA
ImageList_Replace
ImageList_SetOverlayImage
DllGetVersion
ImageList_BeginDrag

Exports

Exports

�|?T�C�?`��X� b�B��V�T��O�e�8C3'�Vc��c��ʌ�.�6Q)�3)��_��#��ϑ9��i�M��[k#҆(�]�D�K��c��Pf�*��I�3ǈ��QNa��@-��I �d��9p��.l�%<�ة�!��ΛL��m��g��0AJ}�lO��r�t~w'��.a!�9��}6��y�%��Q�)�/�䐢��[;xx�@YFc@=��O��g�58`M@�d)��P��:��g=�2oFZ��t�]qIcP��@�7��#@D��{�=��u�%L^�T��d�9�(��F��E�戺QX��H��Ȳ簚��gK��ql�,��>�D>70 ��wq��e`��DѼ�V2��y��렦uc��*��Lx��D�C u0�-��m�D��{/; s�B��h4�xz\e��>Ry��O��w �ΥO�O�� {��a��G��_��A��@��w��C,�)�dl��q�lDcW��^s,��[/1�`[��r��.� I�M�&�Տ¨��ap��N��U�E��{ 5#:K��3�q��I8��%��͉tm��R�d0:��c�B��Qʾ��]��Iڤk�[��-��1��I��=��%� '?��#\57��3�"0��](Z��gZBm��Q&\�3�>� ��ˌ�wz>>��%}��^z��;SCV�@j"�c-��yxHL8�|"��#�ʜzv/rκ�f��sg.Q)��H�[X�'��~.��I��4��6��' �Y�2z��e7r��N��ɱmA_��O�"\kY��Q��(��Rt�$�Q��EEȎq��F��i9�,��߆��u\keK�jdZ�2��$�ڇ��>�"(/T�E�Y��/��i�TS@��Vؾ��: �1��q'�t��?o�t3�qeuŤ��}�A��V �/-[M��>pp��tNP'f^��v�u;��}R�{zf��&��u1X��4��y�B��z��x�_#��v�ڦ��c��KFmA�v��-d�B�Q4G�Ư�� (G�&�Q��'��C�� s#3ȓ��4�h��Z��=X��K[�L�?��s��ʾ�Y��7��'��D8��$��C��z�2��;.&zT�=��Z1�kiۜ�B.K�]ƷO\�S8��z��<JR�a?�8NT|I�[S��lr|�� UQ'%h(��H!ߙ��!��F��YR�{��Y��g��#��S�2��h7ML��pr�ـf�p��Ǟu@6�X+�`�Q3��X<Q��k��2�`��*>�/ڝ�J�UA�)�D�K[t��U/8b�rRy}}oF�i��)��ؼ��7᚝�kTp��Y��H9�ׯSvX�zm�R>/F�C 7��;�W�u��N�Á��.a��*��lx�p��w��!��s,�b��a[�4n�[�ث�N�s({��yA��gT=g��B��ѯ�[P��L�K8��g��}tv��{$��?�ij蟩��Z��G��%:��F��ۂY��q�x��i[��S�c��G2��o~��Տ��լ=E��0{�A��zƩ�)�3�Cd�� ;o?R��z��s�,Ev[�<��x��ȸ�{�Mf�f�7m#�0OKc�D��W� ��u6;��Lx˸�@u?��ĭ;4, q��jP�c)��e>�8�ۏ�F��>5��p��Q��,<��9��K�Ϙ�ɵ��G��d�)қP��A�6ぇ�А�j��8l5B%�\C9��9_��vm>c8=y�?EK}�H��xq�� {�r��z�0�P(�>�+U��IF��w��U�m��xƘ�Oՠ.J��1�clQc��j�?��s5ΧM�_�/�+`U��8��9�3Qu�|� (�S��<E�<�͘=��Dx��L�.Z�]�m4��p�X��o��f��&��p��Nj�7��J�2q��p�D�Ђ�緃<��NJd��>T{��t9��!�� i��;�b�p��5�v+>S}��>��TM�� W6̏o�UOyAG�Q #�K�=tp��p�8��%q��u�* &^�ֆL^(0h��{�y`��H_D�Bh6��[ot�"�l{zLvHK��Y>'B$��B�$=␰w3sg��hD��#a��Tzi�n��{z��ȶ�M}`d� +tXV��吱=�fl��R�CJ��J�7|�<d&�7�-�xdΌ�<8��Bؤu��[-ľ�z��4 ��|�F�:YY� r.]c噿�<��Ì��L��0�y�]��5��N�a��}�ܝ�3A�i�v�mw��8�H��ϸK�GG��~..�Qg�K�T��p��笵�>��\��u'��<��9ͯm�\�yz*v�UW#Ra^�"�Za6��eR�c��u̍�Bs�� "��[�X��p��r��ci�w�+vp{�o�!1щ�DO�r|,�_'0F=N?uG�u��R��CE��3�ȃs;NA}J֏��G]b*`�1'�e��)EK��_LP�C��q�j�6�\9NŠ��$o.{�&�C뼫�oY��<�~��:��mg�w�'��q�Z��'��0�Oy��疫��*鈞�K�K��Θ��s0�>��9#��_`3�r6��D|��=:dq2턆�� x�*��~��8��QQ�� ڜɼm_n�R�ER�s��;�Gr�,$T��/fᵡ�U�x��s5� 4l$F�8��!�ں�Aw�c�ńuv�m�&

Sections

CODE
Size: 441KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c87cc929aeec0eb08916d2410c0e49b3

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

9c:39:5a:86:d9:1d:a6:3b:ac:9c:ef:69:4a:77:2b:43Certificate

Extended Key Usages

Key Usages

fe:47:12:97:21:d2:19:b7:48:25:48:42:02:42:35:74:b3:80:99:c7Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

comctl32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 444KB

DATA Size: 14KB - Virtual size: 20KB

.idata Size: 11KB - Virtual size: 12KB

.text0 Size: 15KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 64KB - Virtual size: 68KB

.reloc Size: 6KB - Virtual size: 8KB

.rsrc Size: 612KB - Virtual size: 612KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

9c:39:5a:86:d9:1d:a6:3b:ac:9c:ef:69:4a:77:2b:43
Certificate

fe:47:12:97:21:d2:19:b7:48:25:48:42:02:42:35:74:b3:80:99:c7
Signer

CODE
Size: 441KB - Virtual size: 444KB

DATA
Size: 14KB - Virtual size: 20KB

.idata
Size: 11KB - Virtual size: 12KB

.text0
Size: 15KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 64KB - Virtual size: 68KB

.reloc
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 612KB - Virtual size: 612KB