1b57a806910fb4d3d2da66ff401b30aa

Sharing

Copy URL Twitter E-mail

General

Target

1b57a806910fb4d3d2da66ff401b30aa
Size

2.3MB
MD5

1b57a806910fb4d3d2da66ff401b30aa
SHA1

76fde442bb261e311721dc34120ac12f37d43a54
SHA256

1074957b7f5c485c7cad9fa7f024825a4366f866488d0491b8d01e6028b00d4c
SHA512

58fcd4add0ee454e5b24706d4655db030b242ea6052a25b9d7e5540bcdf9357e791c16dbdaba76750ae73d1f8aefa81a0aaeace9d73be76d8fec275745560e71
SSDEEP

49152:XLozAtlGfwn0FxUk9CW1Ce9aL//GZGKV3IRA8nheYfbhBRqLILqtAI5nCQN:XL503tZ1CE6/KGnA8hhfbhBkLqqthzN

Score

1^/10

Malware Config

Signatures

Files

1b57a806910fb4d3d2da66ff401b30aa
.exe windows:5 windows x86 arch:x86

06ad96098ea53d3636103d782e9d544e

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ea:9c:e7:67:28:f5:5e:8f:87:b7:f0:68:37:73:b7
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/06/2014, 00:00

Not After

09/06/2016, 23:59

Subject

CN=Savepath Deals,O=Savepath Deals,POSTALCODE=90069,STREET=8923 W Sunset blvd,L=West Hollywood,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

aa:f9:aa:2f:27:66:1b:5c:8d:d6:ff:0c:c7:c9:4e:bd:9e:46:3f:a1
Signer

Actual PE Digest

aa:f9:aa:2f:27:66:1b:5c:8d:d6:ff:0c:c7:c9:4e:bd:9e:46:3f:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
SizeofResource
MultiByteToWideChar
LockResource
GetEnvironmentVariableW
Sleep
CreateFileW
GetProcAddress
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
GetModuleFileNameW
SetFilePointer
SystemTimeToFileTime
SetFileTime
WriteFile
ReadFile
GetCurrentDirectoryW
LocalFileTimeToFileTime
UnmapViewOfFile
LoadResource
Process32FirstW
GetExitCodeProcess
SuspendThread
WriteConsoleW
SetStdHandle
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExW
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FindResourceW
FindResourceExW
CloseHandle
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32NextW
CreateThread
DecodePointer
HeapSize
RaiseException
TerminateProcess
HeapDestroy
InitializeCriticalSectionAndSpinCount
FindFirstFileW
GetProcessHeap
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
HeapReAlloc
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetLastError
GetFileAttributesW
CreateDirectoryW
CreateMutexW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCommandLineW
GetModuleHandleExW
ExitProcess
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStringTypeW
SetEndOfFile

user32

DefWindowProcW
CreateWindowExW
SetWindowPos
SetWindowLongW
ReleaseDC
GetClassNameW
GetWindowLongW
GetDC
SendMessageW
EqualRect
PostMessageW
LoadStringW
wsprintfW
RegisterClassExW
EndPaint
UpdateLayeredWindow
GetWindowRect
GetWindowDC
GetParent
GetClientRect
BeginPaint

gdi32

DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
BitBlt

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ShellExecuteExW

ole32

OleSetContainedObject
OleDraw
OleCreate

shlwapi

PathRemoveFileSpecW
PathRemoveBackslashW
PathAppendW

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06ad96098ea53d3636103d782e9d544e

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

56:ea:9c:e7:67:28:f5:5e:8f:87:b7:f0:68:37:73:b7Certificate

Extended Key Usages

Key Usages

aa:f9:aa:2f:27:66:1b:5c:8d:d6:ff:0c:c7:c9:4e:bd:9e:46:3f:a1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 10KB - Virtual size: 9KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

56:ea:9c:e7:67:28:f5:5e:8f:87:b7:f0:68:37:73:b7
Certificate

aa:f9:aa:2f:27:66:1b:5c:8d:d6:ff:0c:c7:c9:4e:bd:9e:46:3f:a1
Signer

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 10KB - Virtual size: 9KB