182fca18fb9545c9fe3037ca57c95426

Sharing

Copy URL Twitter E-mail

General

Target

182fca18fb9545c9fe3037ca57c95426
Size

330KB
MD5

182fca18fb9545c9fe3037ca57c95426
SHA1

9b6ae90848128ea846d5abdaffe5caab1c92a070
SHA256

51cd210ae05e1b6e4b7644fb395e93e0223a183690adf5ede0d6dcc3b8963b2e
SHA512

2ca197f28ab2048e8ac715b5a28e48fc00fe5e3bcd325fe14475bdc370099216194068276c69c6f2dc3f77f981fb116f5e981933e6c1d3ad0a77d9e342f8b2b7
SSDEEP

6144:UZIeKttnBhsdxG+5s2SbITN95tJvxQs7/l4b+GYuvuN/7:U2ltBhsdQ+2biys7JzuvuR7

Score

1^/10

Malware Config

Signatures

Files

182fca18fb9545c9fe3037ca57c95426
.exe windows:5 windows x86 arch:x86

e72ad701758590c148d0ae5c8d30488c

Code Sign

7f:83:f9:fc:64:30:c2:89:48:7f:87:65:65:66:19:f6
Certificate

Issuer

CN=XyKEA22sschbxokC6Ukt8pWyonRIY85IKXseFQKeovMfQOREBRc6sqlH2Wq46elm5vpXzqLHtqfcp1EmXFixFATx41oyMK1M478vy92fXrn5e8sBMINzN1uHL2DOk3iGPAsFqRjO9Yc8TIQVKfa4rgLxrniGzR7qAEtrxN75jnYIuLdwxq75Gf9ZokN6Rpe1xVxVKCNkOQkqDDFeSmEO9lPHY2Rc6eb8TWlrsmqw3w3Uv58wx17D1hNYBBteHjg6X9MoBuSinri3LjiAhh23YfQKG3TDC2yT2R6oCQPSfxuP

Not Before

30/10/2012, 06:00

Not After

31/12/2039, 23:59

Subject

CN=XyKEA22sschbxokC6Ukt8pWyonRIY85IKXseFQKeovMfQOREBRc6sqlH2Wq46elm5vpXzqLHtqfcp1EmXFixFATx41oyMK1M478vy92fXrn5e8sBMINzN1uHL2DOk3iGPAsFqRjO9Yc8TIQVKfa4rgLxrniGzR7qAEtrxN75jnYIuLdwxq75Gf9ZokN6Rpe1xVxVKCNkOQkqDDFeSmEO9lPHY2Rc6eb8TWlrsmqw3w3Uv58wx17D1hNYBBteHjg6X9MoBuSinri3LjiAhh23YfQKG3TDC2yT2R6oCQPSfxuP

Extended Key Usages

ExtKeyUsageCodeSigning

e5:f1:2d:eb:50:80:de:06:69:96:bd:b6:07:35:47:48:17:67:61:29
Signer

Actual PE Digest

e5:f1:2d:eb:50:80:de:06:69:96:bd:b6:07:35:47:48:17:67:61:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleW
GetWindowsDirectoryW
BackupWrite
CallNamedPipeA
ChangeTimerQueueTimer
ClearCommError
CloseHandle
CommConfigDialogW
CompareFileTime
CreateEventW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateProcessW
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
EnumSystemLanguageGroupsA
FatalAppExitA
FileTimeToDosDateTime
FillConsoleOutputAttribute
FindFirstFileA
FindNextFileW
FindResourceExA
FoldStringA
FreeLibrary
GetBinaryType
GetComputerNameA
GetConsoleAliasW
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleCP
GetCurrentProcessId
GetDefaultCommConfigA
GetLocaleInfoW
GetNumberFormatW
GetNumberOfConsoleMouseButtons
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileSectionW
GetProcessAffinityMask
GetProcessShutdownParameters
GetProcessWorkingSetSize
GetProfileSectionW
GetStartupInfoW
GetSystemInfo
GetSystemWindowsDirectoryA
GetTempFileNameW
GetThreadSelectorEntry
GetUserDefaultUILanguage
GetVersionExA
GetWriteWatch
GlobalAlloc
GlobalFindAtomW
GlobalSize
Heap32ListFirst
HeapAlloc
HeapFree
HeapReAlloc
GetModuleHandleA
InitializeCriticalSection
InterlockedIncrement
IsBadReadPtr
IsBadStringPtrA
IsBadStringPtrW
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LocalLock
LockFile
MoveFileA
MoveFileExA
OpenFileMappingA
OpenProcess
Process32FirstW
ReadConsoleInputA
ReadConsoleW
ReadFileEx
ReleaseMutex
ReplaceFileA
ReplaceFileW
RequestDeviceWakeup
ResetWriteWatch
SearchPathA
SearchPathW
SetCommBreak
SetCommMask
SetConsoleActiveScreenBuffer
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleWindowInfo
SetDefaultCommConfigW
SetEvent
SetFileApisToOEM
SetLastError
SetProcessAffinityMask
SetProcessShutdownParameters
SetStdHandle
SetVolumeLabelA
SignalObjectAndWait
TerminateProcess
UnlockFile
UpdateResourceW
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFileGather
WriteProfileSectionA
WriteTapemark
_hwrite
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrlen
InitAtomTable
GetProcAddress

user32

PtInRect
RealGetWindowClass
RegisterWindowMessageA
RemovePropA
RemovePropW
ReplyMessage
ScreenToClient
SendDlgItemMessageW
SendMessageA
SendNotifyMessageW
SetCaretPos
SetForegroundWindow
SetLastErrorEx
SetMessageExtraInfo
SetProcessWindowStation
SetPropW
SetScrollRange
SetSysColors
SetWindowPlacement
SetWindowPos
SetWindowRgn
ShowCursor
SystemParametersInfoA
ToUnicode
UpdateWindow
WinHelpA
WinHelpW
wsprintfW
PaintDesktop
OemKeyScan
MsgWaitForMultipleObjectsEx
ModifyMenuW
MessageBeep
MapVirtualKeyExW
LoadMenuW
LoadKeyboardLayoutW
LoadImageW
LoadAcceleratorsW
LoadAcceleratorsA
IsZoomed
IsRectEmpty
IsHungAppWindow
IsCharAlphaNumericA
IsCharAlphaA
InternalGetWindowText
IMPGetIMEA
GetWindowWord
GetWindowRect
GetWindowModuleFileName
GetWindowLongW
GetWindow
GetUpdateRgn
GetSystemMenu
GetMonitorInfoA
GetMessageTime
GetMenuState
GetKeyboardLayoutList
GetKeyboardLayout
GetInputDesktop
GetClipboardViewer
GetClassNameW
GetActiveWindow
ExitWindowsEx
EnumWindowStationsW
EnumChildWindows
EndDeferWindowPos
DrawTextExW
DrawMenuBar
DispatchMessageW
DestroyMenu
DestroyCaret
DdeSetUserHandle
DdeQueryConvInfo
DdeConnectList
DdeCmpStringHandles
CreateIconFromResource
CreateDialogIndirectParamA
CopyIcon
ClipCursor
ClientToScreen
ChildWindowFromPoint
CharToOemBuffW
CharPrevA
CharNextExA
CharLowerA
ChangeClipboardChain
CallNextHookEx
BroadcastSystemMessageW
BringWindowToTop
BeginPaint
ArrangeIconicWindows
AppendMenuW
AnimateWindow
LoadIconA
CreateDesktopA

advapi32

RegOpenKeyW

shell32

WOWShellExecute
Shell_NotifyIcon
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
ShellAboutW
CheckEscapesW
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryPoint
ShellAboutA
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
FindExecutableA
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHChangeNotify
SHCreateDirectoryExA
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathW
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHLoadInProc
SHPathPrepareForWriteA
SHPathPrepareForWriteW

shlwapi

StrChrA
StrChrW
StrCmpNIW
StrCmpNW
StrRChrIW
StrRStrIA
StrRStrIW
StrStrIA
StrStrA

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e72ad701758590c148d0ae5c8d30488c

Code Sign

7f:83:f9:fc:64:30:c2:89:48:7f:87:65:65:66:19:f6Certificate

Extended Key Usages

e5:f1:2d:eb:50:80:de:06:69:96:bd:b6:07:35:47:48:17:67:61:29Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 296B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 2KB

7f:83:f9:fc:64:30:c2:89:48:7f:87:65:65:66:19:f6
Certificate

e5:f1:2d:eb:50:80:de:06:69:96:bd:b6:07:35:47:48:17:67:61:29
Signer

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 296B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 2KB