20198458e409284dc3a3c80dbf3230ec

Sharing

Copy URL Twitter E-mail

General

Target

20198458e409284dc3a3c80dbf3230ec
Size

1.3MB
MD5

20198458e409284dc3a3c80dbf3230ec
SHA1

ba53cfb9557a27b23fe4ce9683c6db675426f36d
SHA256

3b2879397c445e0617ac98e8eb4347072c1fd333909fc068dd95c00fe443fe70
SHA512

99d16ff3b4980f403c2909c4d40e146641907ad66abd7884d0a85767b1098d1f74e0a46ee5b08bafa4fc164d6376443ea4a4752455639556f0b240b35e169bad
SSDEEP

24576:12JY7d7ipLUUcwNvCdAYKDXuLF82GFo6tQ91zfrkuQVj2COdGmVKea00i:liaSN6dAYAXw8VnQ3zhQVj2rBUeavi

Score

1^/10

Malware Config

Signatures

Files

20198458e409284dc3a3c80dbf3230ec
.exe windows:5 windows x86 arch:x86

9ceef8e4e0e81eeeff775a5de3dfb3ad

Code Sign

4e:e3:08:63:6e:9a:f0
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

07/09/2012, 07:18

Not After

29/08/2013, 18:31

Subject

CN=GPV Entertainment\, LLC,O=GPV Entertainment\, LLC,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

29/06/2004, 17:06

Not After

29/06/2034, 17:06

Subject

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:75:52:d0:42:2b:c4:34:11:e2:ec:5d:76:11:40:87:89:2f:08:06
Signer

Actual PE Digest

51:75:52:d0:42:2b:c4:34:11:e2:ec:5d:76:11:40:87:89:2f:08:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
lstrlenA
lstrcmpiA
CreateThread
IsDBCSLeadByte
FlushInstructionCache
lstrcmpA
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
MoveFileExA
DeleteFileA
LocalFree
WaitForSingleObject
TerminateThread
SetCurrentDirectoryA
Process32Next
OpenProcess
TerminateProcess
Process32First
CreateToolhelp32Snapshot
SleepEx
ExitProcess
InterlockedExchange
FreeResource
LockResource
HeapAlloc
CreateMutexA
VerifyVersionInfoA
VerSetConditionMask
GetVersionExA
IsProcessorFeaturePresent
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
Sleep
GetConsoleMode
GetConsoleCP
lstrlenW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
HeapReAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
RtlUnwind
InterlockedCompareExchange
GetExitCodeProcess
WriteFile
SetFileTime
GetCurrentDirectoryA
CreateDirectoryA
DosDateTimeToFileTime
LocalAlloc
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
GetProcessHeap
HeapFree
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalFree
EnterCriticalSection
LeaveCriticalSection
lstrcatA
GetTempPathA
GetLocaleInfoW
CreateProcessA
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
GetVolumeInformationA
GetComputerNameA

user32

LoadCursorA
SetCursor
SetWindowPos
BringWindowToTop
IsWindow
GetForegroundWindow
GetWindowThreadProcessId
SystemParametersInfoA
AttachThreadInput
AllowSetForegroundWindow
SetForegroundWindow
ShowWindow
IsWindowVisible
UnregisterClassA
IsWindowEnabled
LoadIconA
TranslateMessage
IsDialogMessageA
DispatchMessageA
GetWindowRect
GetMessageA
SendMessageA
EnableWindow
CreateWindowExA
ReleaseDC
EndPaint
MessageBoxA
CopyRect
PostQuitMessage
UpdateWindow
FindWindowA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
RegisterClassExA
GetClassInfoExA
GetDesktopWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
CallWindowProcA
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetSysColor
DefWindowProcA
CharNextA
GetWindowLongA
SetWindowLongA
GetDlgCtrlID
BeginPaint

gdi32

StretchBlt
GetDIBColorTable
SetDIBColorTable
GetDeviceCaps
CreateCompatibleBitmap
SetBkMode
GetStockObject
SetBkColor
SetTextColor
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC
CreateSolidBrush
DeleteObject
CreateDIBSection

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
RegDeleteValueA

shell32

ShellExecuteExA
SHGetFolderPathA
ord680
ShellExecuteA

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen

shlwapi

wnsprintfA
PathFileExistsA
StrStrIA
AssocQueryStringA
StrToIntA
SHDeleteKeyA
ord176

msimg32

AlphaBlend
TransparentBlt

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

wintrust

WinVerifyTrust

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 984KB - Virtual size: 984KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ceef8e4e0e81eeeff775a5de3dfb3ad

Code Sign

4e:e3:08:63:6e:9a:f0Certificate

Extended Key Usages

Key Usages

Certificate

03:01Certificate

Key Usages

51:75:52:d0:42:2b:c4:34:11:e2:ec:5d:76:11:40:87:89:2f:08:06Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

wtsapi32

wintrust

Sections

.text Size: 210KB - Virtual size: 210KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 984KB - Virtual size: 984KB

.reloc Size: 19KB - Virtual size: 19KB

4e:e3:08:63:6e:9a:f0
Certificate

03:01
Certificate

51:75:52:d0:42:2b:c4:34:11:e2:ec:5d:76:11:40:87:89:2f:08:06
Signer

.text
Size: 210KB - Virtual size: 210KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 984KB - Virtual size: 984KB

.reloc
Size: 19KB - Virtual size: 19KB