2108d1ca6a87274c8dca26b771b21e36

Sharing

Copy URL

Twitter E-mail

General

Target

2108d1ca6a87274c8dca26b771b21e36
Size

618KB
MD5

2108d1ca6a87274c8dca26b771b21e36
SHA1

60c1d78b2c648b877b9b7f604db0cd843220545b
SHA256

208e42b1956a361506d3d88fecc0c36210972fdee363b0901d056f907809b888
SHA512

ddc609961505ee92867ec04ff0d735df4987fa29f6825dcd824ae126ba479b0d9589dab0d680712656f363b3b429ef86cfcd665f3995c977189e7ab004a5f0cf
SSDEEP

12288:FGUcwDN5ZVLZxaRQkOGimvM3u4uqb5Jv0G4n7ENhMQ:YUcwR5zaRpHhk3u4D5doEz

Score

1^/10

Malware Config

Signatures

Files

2108d1ca6a87274c8dca26b771b21e36
.exe windows:4 windows x86 arch:x86

b0f230906037e2ab7d5e05af29dd9b1d

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2015 00:00

Not After

24-05-2016 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:93:40:08:28:b2:f2:fd:39:b1:ac:a3:9c:86:6f:e7:01:e9:0b:d9
Signer

Actual PE Digest

16:93:40:08:28:b2:f2:fd:39:b1:ac:a3:9c:86:6f:e7:01:e9:0b:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DragObject
BringWindowToTop
EmptyClipboard
OemToCharW
RegisterDeviceNotificationW
SetClipboardData
WaitMessage
ToUnicode
MoveWindow
GetKeyState
SendMessageCallbackA
GetGuiResources
GetWindowTextLengthA
SetWindowPos
GetClientRect
IsCharUpperA
CreateMDIWindowA
LoadKeyboardLayoutA
GetMenuBarInfo
SetClassLongA
ShowWindowAsync
GetCapture
DrawTextExW
wsprintfA
IsMenu
GetKeyboardLayoutNameA
UnloadKeyboardLayout
LoadCursorFromFileA
AdjustWindowRectEx
SetMenuItemInfoA
DefFrameProcW
GetWindowThreadProcessId
MessageBoxTimeoutW
GetMessageA
EnumDisplaySettingsW
CopyAcceleratorTableA
GetClipboardFormatNameA
SubtractRect
SendMessageTimeoutW
OemToCharBuffW
RegisterClipboardFormatA
DrawIcon
SetMenuInfo
CreateCursor
ShowCaret
LoadStringA
LoadCursorW
SetClassLongW
GetTabbedTextExtentA
GetAncestor
UnhookWindowsHook
GetClassInfoExW
LoadCursorFromFileW
GetListBoxInfo
ShowOwnedPopups
EnumDesktopsW
DefDlgProcW
SystemParametersInfoA
DlgDirListW
SystemParametersInfoW
FindWindowW
MessageBoxTimeoutA
PeekMessageW
HideCaret
MessageBoxIndirectW
GetKeyboardLayoutNameW
CloseDesktop
GetUserObjectInformationW
ActivateKeyboardLayout
OpenInputDesktop
ModifyMenuW
PostThreadMessageW
GetKeyboardState
SetDlgItemTextW
GetMenuItemInfoA
RealGetWindowClassA
GetUpdateRgn
IsDialogMessageA
UnregisterHotKey
GetMonitorInfoW
GetWindowWord
GetCursorPos
FindWindowA
IsWindow
EqualRect
EnumThreadWindows
IsDlgButtonChecked
GetMessagePos
EnumDesktopsA
CreateDialogIndirectParamW
UpdateWindow
GetClipboardFormatNameW
BroadcastSystemMessageExW
InsertMenuA
BroadcastSystemMessageExA
GetSystemMetrics
TranslateMessageEx
GetScrollInfo
GetMessageTime
MessageBoxW
IsCharAlphaNumericW
OpenWindowStationW
SetCaretPos
GetWindowTextW
GetWindowWord

kernel32

SetFileApisToANSI
CreateProcessA
lstrcmpiW
SetErrorMode
ReplaceFile
IsBadStringPtrA
AddAtomW
EnumResourceNamesA
HeapReAlloc
GetCalendarInfoW
FindFirstFileExW
SetFileShortNameA
VerLanguageNameA
SetFileApisToOEM
ClearCommError
CloseProfileUserMapping
CancelIo
GetLargestConsoleWindowSize
SetComputerNameW
CreateDirectoryW
GetPrivateProfileIntW
WinExec
GetThreadContext
GetFileInformationByHandle
ReadConsoleOutputCharacterW
GetModuleHandleExA
GetConsoleCursorInfo
GetPrivateProfileStringW
ClearCommBreak
GetEnvironmentStrings
RemoveDirectoryW
WaitNamedPipeA
GetStringTypeExW
SetEnvironmentVariableW
LZInit
CompareStringW
Heap32First
BuildCommDCBAndTimeoutsA
CreateProcessInternalA
FileTimeToLocalFileTime
WriteConsoleOutputW
ScrollConsoleScreenBufferW
OpenEventA
FindClose
GetDiskFreeSpaceExW
ConnectNamedPipe
EnumSystemLanguageGroupsW
WaitForSingleObject
CreateTimerQueue
MapUserPhysicalPages
GetOEMCP
GetProfileIntW
FlushConsoleInputBuffer
GetNamedPipeHandleStateW
GetThreadSelectorEntry
LocalSize
GetStringTypeW
GetTimeFormatW
CreateFileW
GetProcessTimes
ConvertDefaultLocale
GetConsoleKeyboardLayoutNameW
PulseEvent
FindFirstVolumeMountPointA
lstrcpyn
lstrcpyA
QueryDosDeviceA
ExpandEnvironmentStringsA
WaitForMultipleObjectsEx
GetConsoleFontInfo
GetDriveTypeW
GetTimeZoneInformation
FindFirstChangeNotificationW
GetACP
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextA
PageSetupDlgA
ChooseFontA

shell32

ShellExec_RunDLL
InternalExtractIconListW

Exports

Exports

'ht-�q�r�~��뇢��v�(�{�0ayA a��a�*j��@2'�.?"��}��ݒ��,Ч�o�W��!��M�C�M��枖�0ǍL�!!�w�ź�š��DjDl�=rmF�F�B��{�؛��!��y�Fn ��w )7DZ�+�42��x�?�&��`C�78do�p�yF��wx��T��J�x�[��X=��>�-#�)"�W��?gcx��hk�p�1]�O�]�;�ϏϚ,q��v~�v��,��۲��D{䜨NN�P�)W>X�B�3y��O@�\�y��x�Ʉ7mju;�� 2�]R��t��n��6�`e��_|�Z�U��d��Ï��ؓ%�pY�� sqP��?�`��M��Ct9�N�x��u��.](Sw�4@S��.��h;�+�X�c췫��l��m1��'��8�34��Ԍ)��q��*��ˁ�?��d�B��Fe�fr��rt�kY��~�-��Ԟ��[�C��q��-~ &�l��mxj�`<�?� �lpH�< y�G�*�g��d�9�[��&�m��z9�%��!��~a��p%�:��w��Y�U��δ��o�,��EZў�huw^5p�魟��Y�n��>��~�TФ Ԯ民7?s��֫�4�� uLcH�44��[��%�F-ث� ~M9�{�o��8��z��4?�^��Fnko�Ҍ�}Q ��S@��Д\��hERI��U��DMeT�l�؟��pZh�v�K��JN��Nkǻ��<W��$��r��kQ@�ØF 15G�5m��i�Φ� ��4�kBOnZ9��9��=�8MD��&LN0�\ɶ d�d�cD ��-��t�s�`7�R�_�� ɛ��wؿܹ!�z~4ky/իQ��h��j�\1��5Y�ʰE2�g�צ��f�9�JH��V��O׋��h�֣�l�|�@��h0G�0��m��]�?W@<�s�-՞��6� ��_PG��Ή��3y��!��u!�My��,[�D�>H��0�S��ўfp��v�nLH�NZ�n.�/�i3*��d��R�b_��=I�uU�e�x�c�M�#�17��ӆ��p��T�X>(�\ Cg7F'io�II�Ç��b��_�:観x/g>� `6�~h��h��2��L�0��f� C"�`�`�/[��SIR3�ЇiZ�.��F�_w�s�)Y�=�Ho�)��G'��=��f��@��MP7 ��=��[H�$�^��t��5�ň@�.��r��հ<��e��mS�,��4d4ǂ��A�v��R�hm�}�$�.�P��s�V��P�ڃ��Ä��O�V].f�!�SY=eˎԯ�7��K�?H�ޚ��9j��}�]�'H$M�~��*{��:�$s�r|Umf�.Q�Opy�Л`V��`��1m��N[#'�m�G�cKi��E��P�?��檈2�͙c6`��:�W�+�P��>�QO Ԅ ��gx�� j�W��Cn�J��@n��5�� d��9�(&�3^�+�G��Hz��x'52�A��f�c�3KuCB7=��J�|`��eА��꠵�� k:k��b%�u��O�Pz??�}��2��R�j�.�(u�԰��bNgr~RӣmeW��ڕӿ�m��=��rn�VI�� v��@C�a�L(�s�2T~��#�,59�س[ ��K��EK�^b�T�zx�߁��w#�Ɛ%��5��g��&��&��\�#��s��)�l]��W�SJ1��FaÈ�Ђ��ʙ�bG��T�k��Ál�5��!��mog�.-j^��<@/��H�(��0�I�u�Hj��r��o��P�G2�Y8&��bWO77�d��18о��E��ܫ%d��R3p��`��B.��(V �r0:r�d�,��i,<I[��J��T�i��]� ^*�n'�:榾J��3�_��P�T��e��V �e 4��5�� A&�_'��Qߪ�p0)'Iϫ��/8��9��<(�gth�ՙ�Ɍ�S[��KS9(��X��ٵ ��Ǳ�ƈ�B_��ao�J��1n�wЊ�6�U��8�pK)��,��/� �Pi�G�� z�{��I'T�˭�p4��zM6'��r�\� �%��.��/A��'G�B#��>�a) �/��Z��a�\��#X�~~�zx4��!��!��;�-�ܘ�.��IjiU��_uv|��_�Lu#��]�5��4�R,y��iZ�D�Ά��좂��N��D/�%R%�[��C��mF|o� ��W�_��!'��٣� ⷙ�2R� IE>/4��:|r�k!d�3��^�ȃ�J�$��(�ЕAe��+��~D��o=//?H��rƑT\��?kd��5�}9 � ]�#��>"�Z{�� ~ X�p��-$�_��x?F_��HW��ӊ!c�]�;�L��oѩ��ħb��$�&�oG�蘫j�ep��L6�z��@�~�j��a�|z��7 �T��# ��Ef��-�G�� ;uM0&��&��6i�@��\Bmet��-�H� ��S}�P'��3��{嫒C��/�S`j��KHc�*p��ߖ�PG�]`q m[Uޱ��è��ߗ��@W�\|!�tS��[�p� ��7ѝx��\݆�@2�zq&?6�q��K��<�^�E� �%��|?T�%@�}�8�PD>`��cp��4�JS�y݆ߕ1��t \3(s��7��+f��{M��}��a�)�p��%�b� �!��j��

Sections

CODE
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 821B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0f230906037e2ab7d5e05af29dd9b1d

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

16:93:40:08:28:b2:f2:fd:39:b1:ac:a3:9c:86:6f:e7:01:e9:0b:d9Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

shell32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 440KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 821B

.idata Size: 5KB - Virtual size: 4KB

.text0 Size: 19KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 71KB - Virtual size: 70KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

16:93:40:08:28:b2:f2:fd:39:b1:ac:a3:9c:86:6f:e7:01:e9:0b:d9
Signer

CODE
Size: 441KB - Virtual size: 440KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 821B

.idata
Size: 5KB - Virtual size: 4KB

.text0
Size: 19KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 71KB - Virtual size: 70KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB