1a1521e39e52dc849653d7747a70dbf4

Sharing

Copy URL

Twitter E-mail

General

Target

1a1521e39e52dc849653d7747a70dbf4
Size

23KB
MD5

1a1521e39e52dc849653d7747a70dbf4
SHA1

adea462e0e0a69786148ffd885f9fdf4cd25215e
SHA256

5326ccea2a4a0603a05722a4e3e9bf9e5b96cb1e638a240016fc0b99a1858295
SHA512

b3da647fab9f67d202e61f3e944bc3d85386d27ecaaee1a5a39f1742490cb4713931fe2982bd45f138bd2aed61f6d554c8bb11b08a8f5624ad4e8522c136d299
SSDEEP

384:/il2WAilubktuZqi3DO1zwsDh2UTBN7FPkDvjachh4WWieZWc7:/e2heubeuZQdBokBpCDvuchhdep

Score

1^/10

Malware Config

Signatures

Files

1a1521e39e52dc849653d7747a70dbf4
.exe windows:5 windows x86 arch:x86

3f46addb99687c5054aec319d14b576a

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

Issuer

CN=eryf2w4v6y2w

Not Before

25/02/2012, 10:44

Not After

31/12/2039, 23:59

Subject

CN=eryf2w4v6y2w

Extended Key Usages

ExtKeyUsageCodeSigning

93:a5:39:df:e9:e0:65:14:2b:ec:56:6a:57:6f:9a:5e:c1:61:6b:c6
Signer

Actual PE Digest

93:a5:39:df:e9:e0:65:14:2b:ec:56:6a:57:6f:9a:5e:c1:61:6b:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalMemoryStatus
Heap32ListNext
InitAtomTable
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LocalHandle
LocalShrink
LocalUnlock
Module32Next
OpenEventW
OpenSemaphoreA
OutputDebugStringA
PeekConsoleInputA
Process32FirstW
ReadConsoleInputA
ReadConsoleOutputAttribute
RemoveDirectoryW
RtlUnwind
GlobalCompact
SetCommState
SetComputerNameA
SetConsoleCursorInfo
SetConsoleMode
SetConsoleScreenBufferSize
SetConsoleTitleA
SetEnvironmentVariableW
SetFileAttributesW
SetFileTime
SetProcessWorkingSetSize
SetThreadExecutionState
TerminateJobObject
Thread32First
WaitForMultipleObjectsEx
WaitNamedPipeW
WriteConsoleOutputW
_llseek
lstrcpynW
lstrlenA
GetWindowsDirectoryW
GetVolumeInformationW
GetVolumeInformationA
GetTimeFormatA
GetThreadLocale
GetTempFileNameW
GetStringTypeExA
GetStartupInfoW
GetProcessWorkingSetSize
GetProcessPriorityBoost
GetProcessIoCounters
GetProcessHeap
GetModuleHandleW
GetLocalTime
GetHandleInformation
GetFileAttributesExA
GetEnvironmentVariableA
GetEnvironmentStrings
GetDefaultCommConfigW
GetCurrencyFormatW
GetConsoleOutputCP
GetConsoleAliasesLengthA
GetConsoleAliasesA
GetCommProperties
GetModuleHandleA
GetCalendarInfoA
GetACP
FreeUserPhysicalPages
FreeEnvironmentStringsW
FindVolumeMountPointClose
FindResourceA
FindNextVolumeW
FindNextChangeNotification
ExitThread
EraseTape
EnumUILanguagesA
EnumTimeFormatsA
EnumSystemLanguageGroupsW
EnumResourceLanguagesA
EnumDateFormatsA
EnumCalendarInfoA
CreateWaitableTimerA
CreateSemaphoreA
CreateMutexA
CreateMailslotW
CreateJobObjectW
CreateHardLinkW
CreateEventW
CreateDirectoryExA
CopyFileW
CopyFileExW
ConvertThreadToFiber
CancelDeviceWakeupRequest
CallNamedPipeW
BuildCommDCBW
BuildCommDCBAndTimeoutsW
BindIoCompletionCallback
BeginUpdateResourceW
GetProcAddress
SearchPathW

msvcrt

memset

advapi32

RegOpenKeyExW

oleaut32

VarI2FromDec
VarI4FromBool
VarI4FromDec
VarI4FromDisp
VarI4FromR4
VarI4FromR8
VarI4FromUI1
VarMonthName
VarNumFromParseNum
VarR4FromCy
VarR4FromDate
VarR4FromR8
VarR4FromUI4
VarR8FromI1
VarR8FromUI2
VarR8FromUI4
VarUI1FromBool
VarUI1FromCy
VarUI2FromBool
VarUI2FromDisp
VarUI2FromR4
VarUI2FromStr
VarUI4FromCy
VarUI4FromI1
VarUI4FromStr
VarWeekdayName
VarXor
VariantChangeType
VariantCopy
VariantInit
VectorFromBstr
VarI1FromUI4
VarFix
VarDecMul
VarDecFromUI2
VarDecFromStr
VarDecFromR8
VarDecFromI4
VarDecFromCy
VarDecFromBool
VarDecCmp
VarDecAdd
VarDateFromUI1
VarDateFromStr
VarDateFromR4
VarDateFromI2
VarDateFromDec
VarDateFromCy
VarCyRound
VarCyNeg
VarCyMulI4
VarCyFromR8
VarCyFromI2
VarBstrFromUI4
VarBstrFromUI2
VarBstrFromUI1
VarBstrFromI4
VarBstrFromI1
VarBstrFromCy
VarBoolFromR8
VarAnd
SysAllocStringLen
SysAllocString
SetErrorInfo
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayCreateVectorEx
SafeArrayCreateVector
SafeArrayCopyData
SafeArrayAllocData
QueryPathOfRegTypeLi
OleTranslateColor
OleIconToCursor
LoadRegTypeLi
LPSAFEARRAY_UserUnmarshal
LHashValOfNameSysA
LHashValOfNameSys
GetRecordInfoFromGuids
GetAltMonthNames
DosDateTimeToVariantTime
DispInvoke
DispGetIDsOfNames
CreateDispTypeInfo
BstrFromVector
BSTR_UserSize
BSTR_UserMarshal
SafeArrayGetElement

imm32

ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeW
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMEFileNameA
ImmCreateIMCC
ImmGetImeMenuItemsA
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmGetIMEFileNameW
ImmUnlockIMCC
ImmUnregisterWordA
ImmConfigureIMEW

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f46addb99687c5054aec319d14b576a

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2bCertificate

Extended Key Usages

93:a5:39:df:e9:e0:65:14:2b:ec:56:6a:57:6f:9a:5e:c1:61:6b:c6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 7KB - Virtual size: 6KB

.text1 Size: 1KB - Virtual size: 1KB

.text2 Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 128B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

93:a5:39:df:e9:e0:65:14:2b:ec:56:6a:57:6f:9a:5e:c1:61:6b:c6
Signer

.text
Size: 7KB - Virtual size: 6KB

.text1
Size: 1KB - Virtual size: 1KB

.text2
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 128B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB