1afa3903982c3a67c54a1b12c1d1624f

Sharing

Copy URL

Twitter E-mail

General

Target

1afa3903982c3a67c54a1b12c1d1624f
Size

118KB
MD5

1afa3903982c3a67c54a1b12c1d1624f
SHA1

9c30658d1bb58f0d9168da2dcc35b07652e9c7c2
SHA256

22df07592a6d255eae0dca33148db3ec77bbb426fead91681d10bd3bdaeebd41
SHA512

c471ed6603dbfa73e876552e4353e8e494e1b6e10794c06924cb185e9d22b4e574430d9872c1f279005e669b04426e55b5457e924a1a88d0a4840698fa1633d6
SSDEEP

3072:YQEH1mFTPDry1iODndzG5DpC62y54YB0BzmX49H:YXH1CTb+1iODdUDpChW4DY49

Score

1^/10

Malware Config

Signatures

Files

1afa3903982c3a67c54a1b12c1d1624f
.exe windows:5 windows x64 arch:x64

78632100afb95834cd798eda3ea310c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:51:71:cb:c3:f1:06:f6:f4:1e:03:eb:77:cf:4f:e9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

10/11/2011, 00:00

Not After

09/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

eb:d9:1f:91:b8:c0:9f:30:b6:ff:3b:46:43:66:22:93:cb:cf:18:13
Signer

Actual PE Digest

eb:d9:1f:91:b8:c0:9f:30:b6:ff:3b:46:43:66:22:93:cb:cf:18:13

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegOverridePredefKey
RegOpenKeyExW

kernel32

GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
RtlPcToFileHeader
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetCommandLineW
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
HeapCreate
GetLastError
GetModuleHandleW
CloseHandle
GetCurrentProcess
LocalFree
SetLastError
GetTickCount
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
lstrcmpiW
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
Sleep
CreateFileW
WriteFile
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
GetSystemTimeAsFileTime
FlushFileBuffers
HeapSetInformation
TerminateProcess
IsDebuggerPresent
ExitProcess
GetStdHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineA
GetStartupInfoW
DecodePointer
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetVersion

shlwapi

PathStripPathW
PathAppendW
PathRemoveExtensionW
PathRemoveFileSpecW

shell32

CommandLineToArgvW

user32

CharLowerBuffW
wsprintfW
MessageBoxW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

v
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78632100afb95834cd798eda3ea310c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2Certificate

Extended Key Usages

Key Usages

25:51:71:cb:c3:f1:06:f6:f4:1e:03:eb:77:cf:4f:e9Certificate

Extended Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

eb:d9:1f:91:b8:c0:9f:30:b6:ff:3b:46:43:66:22:93:cb:cf:18:13Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

shlwapi

shell32

user32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 21KB

.pdata Size: 4KB - Virtual size: 4KB

v Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2
Certificate

25:51:71:cb:c3:f1:06:f6:f4:1e:03:eb:77:cf:4f:e9
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

eb:d9:1f:91:b8:c0:9f:30:b6:ff:3b:46:43:66:22:93:cb:cf:18:13
Signer

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 21KB

.pdata
Size: 4KB - Virtual size: 4KB

v
Size: 2KB - Virtual size: 2KB