2bfbe181bb536b3cd86a23f7e5473933

Sharing

Copy URL Twitter E-mail

General

Target

2bfbe181bb536b3cd86a23f7e5473933
Size

123KB
MD5

2bfbe181bb536b3cd86a23f7e5473933
SHA1

35fa62b6cd99febbca6208cc081760aa2ed5c0a7
SHA256

232f968d961cf23b69fdb7535386df6c9dfdf3112b1dc55662e6d0ea60c90a2d
SHA512

8fa531e8e94743e37c26ab90840036c2206a34e749a08503ecb3c0f830eb37d5bf47bb2541c2be9cd0155101683b7dee989535a3b0e5d22ad4d926d5dea7bb28
SSDEEP

3072:Ka+RmQarZGPj2fMNlRFAiq+uvfXPQll79AEM1wl:Ka+RmQSffMNlEikXIHPww

Score

1^/10

Malware Config

Signatures

Files

2bfbe181bb536b3cd86a23f7e5473933
.exe windows:4 windows x86 arch:x86

aa0006e072d5c510dc82a165e13198ff

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:0a:6b:46:96:ec:03:6d:d0:8c:89:db:3b:a0:6c:c3:af:5b:bc:fd
Signer

Actual PE Digest

c0:0a:6b:46:96:ec:03:6d:d0:8c:89:db:3b:a0:6c:c3:af:5b:bc:fd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
MultiByteToWideChar
GetTempFileNameA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalDeleteAtom
GlobalAddAtomA
GlobalFree
GlobalAlloc
GetStartupInfoA
GetCurrentDirectoryA
SetCurrentDirectoryA
Sleep
WinExec
GlobalHandle
GlobalSize
GetVersionExA
CreateProcessA
CreateProcessW
OutputDebugStringA
ReadFile
CreateFileA
FindClose
FindFirstFileA
lstrlenA
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryA
LocalAlloc
FreeLibrary
InterlockedExchange
RaiseException
GetFileAttributesW
GetProcAddress
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
FormatMessageA
LocalFree
MulDiv
GetVersion
InterlockedIncrement
IsDBCSLeadByte
GetModuleHandleW
GetTickCount
CloseHandle
GetModuleHandleA

user32

RegisterClassA
GetWindowThreadProcessId
EnableWindow
GetActiveWindow
GetSystemMenu
GetMenuItemCount
DeleteMenu
DrawMenuBar
PackDDElParam
FreeDDElParam
DestroyWindow
ReleaseDC
SendMessageA
DefWindowProcA
UnpackDDElParam
ReuseDDElParam
PostMessageA
EnumWindows
SetFocus
SetActiveWindow
CreateWindowExA
RegisterClassExA
GetDC
GetSystemMetrics
GetWindow
DdeConnect
DdeQueryConvInfo
IsIconic
ShowWindow
SetForegroundWindow
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
WaitForInputIdle
DdeClientTransaction
DdeInitializeW
DdeInitializeA
DdeCreateStringHandleW
DdeCreateStringHandleA
SystemParametersInfoA
GetDesktopWindow
MessageBeep
MessageBoxA
PostQuitMessage
UnregisterClassA
GetParent
GetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
GetClassNameA

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA

gdi32

DeleteObject
SelectObject
CreateFontIndirectA
GetTextExtentPointW
GetDeviceCaps
SelectPalette
RealizePalette
GetStockObject
GetCharWidth32A

ole32

CoInitialize
CoUninitialize
OleInitialize
StgCreateDocfile
CreateFileMoniker
GetRunningObjectTable
CoRegisterClassObject
RegisterDragDrop
RevokeDragDrop
CoRevokeClassObject
OleUninitialize

msvcrt

_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_except_handler3
_controlfp

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa0006e072d5c510dc82a165e13198ff

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

c0:0a:6b:46:96:ec:03:6d:d0:8c:89:db:3b:a0:6c:c3:af:5b:bc:fdSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 96KB - Virtual size: 96KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

c0:0a:6b:46:96:ec:03:6d:d0:8c:89:db:3b:a0:6c:c3:af:5b:bc:fd
Signer

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 96KB - Virtual size: 96KB