149a2441f56291c7f2d96b64152ad28b

Sharing

Copy URL

Twitter E-mail

General

Target

149a2441f56291c7f2d96b64152ad28b
Size

332KB
MD5

149a2441f56291c7f2d96b64152ad28b
SHA1

39a5793bf07dc0f9472b5ca84ead573d2dc68fe1
SHA256

155c566948aafad774e2865a0c7006399d1098f23d197f0b68ae32359ed6a183
SHA512

cfb7fc5f4697d4644ed1bb83f3d85e7b8d835ab38606955b89b22ae433acdf3524979bdfd68ee8c092f64d13917e469af892d58bd7db965e31ebd435b75171a5
SSDEEP

6144:MqNkf1Xt/5yc6/Z0VHEu2vYtDubwoaL85kfYURwjOUj/FytoosiS:B6f1XtByc6cHEu2JwLjfY2wjOUcphS

Score

1^/10

Malware Config

Signatures

Files

149a2441f56291c7f2d96b64152ad28b
.exe windows:4 windows x86 arch:x86

27822ef0be6f2fcf1d0652a0debb0dbe

Code Sign

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24-10-2007 22:01

Not After

24-10-2017 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bb
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01-11-2014 00:09

Not After

31-10-2016 17:47

Subject

CN=ООО ”БАНДЛ” - Bundle LLC,O=ООО ”БАНДЛ” - Bundle LLC,L=Saint-Petersburg,ST=Saint Petersburg City,C=RU,1.2.840.113549.1.9.1=#0c16696e666f40696e7374616c6c62756e646c652e636f6d,2.5.4.13=#1310345173635459644f79754e45624e586d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a6:6c:30:23:ed:4d:27:9e:1d:2d:22:4b:3d:85:89:e3:74:d4:6d:91
Signer

Actual PE Digest

a6:6c:30:23:ed:4d:27:9e:1d:2d:22:4b:3d:85:89:e3:74:d4:6d:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMenuItemID
GetMenu
GetUpdateRect
IsWindowVisible
SetWindowLongA
GetClassWord
GetWindowRgn
SetWindowPos
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DestroyWindow
DefWindowProcA

gdi32

GetStockObject

kernel32

LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetStringTypeA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetFileType
HeapAlloc
GetTempFileNameA
GetProcAddress
CreateFileMappingA
GetModuleHandleA
PeekNamedPipe
LoadLibraryA
GetTempPathA
RemoveDirectoryA
GetFileTime
WaitNamedPipeA
DisconnectNamedPipe
GetStringTypeW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27822ef0be6f2fcf1d0652a0debb0dbe

Code Sign

24Certificate

Key Usages

10:bbCertificate

Extended Key Usages

Key Usages

a6:6c:30:23:ed:4d:27:9e:1d:2d:22:4b:3d:85:89:e3:74:d4:6d:91Signer

Headers

File Characteristics

Imports

user32

gdi32

kernel32

Sections

.text Size: 300KB - Virtual size: 298KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 6KB

24
Certificate

10:bb
Certificate

a6:6c:30:23:ed:4d:27:9e:1d:2d:22:4b:3d:85:89:e3:74:d4:6d:91
Signer

.text
Size: 300KB - Virtual size: 298KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 6KB