2e6fa14800079e0f2924b9780181222e

Sharing

Copy URL Twitter E-mail

General

Target

2e6fa14800079e0f2924b9780181222e
Size

659KB
MD5

2e6fa14800079e0f2924b9780181222e
SHA1

0116b17e381714fbd94cb7254bf782ff0902365b
SHA256

20ffd16ca618c1dd5b9dcc869cae888538983601ac2a02438cfe41aef0d7e8be
SHA512

ea37ebd7c6e9f6e868dd5c01b257128ef6fde5c339bf6dc1a3f0758708d22bf3ff36ff354c26c6a40e4464cc78e895721aeb2f6bd6045d87dbfe59c0e71002e2
SSDEEP

12288:IOe95DniCRthGaTSo19c6BGBjJaKCp2LR8J0u+0Mm:IOQDniCn8aTfGBjgKCp218mz6

Score

1^/10

Malware Config

Signatures

Files

2e6fa14800079e0f2924b9780181222e
.exe windows:4 windows x86 arch:x86

7e75a840e0be1f1563208bcaaa37ef84

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/04/2015, 00:00

Not After

12/04/2016, 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:72:d5:06:cb:b3:76:b9:3b:84:fd:af:27:35:cc:d5:87:6d:2c:65
Signer

Actual PE Digest

08:72:d5:06:cb:b3:76:b9:3b:84:fd:af:27:35:cc:d5:87:6d:2c:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateFileMappingW
FindResourceExW
GetStringTypeW
GetPrivateProfileSectionW
LocalCompact
DelayLoadFailureHook
SetVolumeMountPointA
GetConsoleTitleA
IsWow64Process
CopyFileExW
lstrcatA
WriteConsoleOutputW
GetFileAttributesExA
GetDiskFreeSpaceExA
EndUpdateResourceW
UpdateResourceA
SetComputerNameW
SetTapeParameters
UnmapViewOfFile
MoveFileExA
GetTapeParameters
GetFileSizeEx
WriteProfileSectionW
HeapSetInformation
LCMapStringA
TlsFree
LZCloseFile
AttachConsole
EnumLanguageGroupLocalesW
GetCommandLineW
ChangeTimerQueueTimer
CancelWaitableTimer
CreateSocketHandle
IsValidLocale
CreateMailslotW
Sleep
FreeLibrary
EnumDateFormatsA
InterlockedExchange
WritePrivateProfileSectionA
SetFilePointerEx
SetTapePosition
CommConfigDialogA
GetTimeZoneInformation
FindResourceW
GetSystemInfo
IsValidLanguageGroup
LZInit
ReleaseSemaphore
AddConsoleAliasW
ReadConsoleA
OutputDebugStringW
SetFileTime
EnumDateFormatsExW
GetPrivateProfileSectionNamesW
LZCreateFileW
GetVolumeInformationA
GetThreadPriorityBoost
ExitProcess
FindAtomA
DefineDosDeviceA
EnumCalendarInfoExW
HeapQueryInformation
FileTimeToLocalFileTime
GetBinaryTypeA
GlobalUnfix
DeleteVolumeMountPointW
TryEnterCriticalSection
ReadConsoleInputW
TerminateProcess
WriteConsoleOutputCharacterA
CompareFileTime
CreateDirectoryA
GetVersion
ReadConsoleW
UpdateResourceW
LockFileEx
RtlUnwind
SetThreadPriorityBoost
CreateMemoryResourceNotification
GetOverlappedResult
IsProcessorFeaturePresent
SetVolumeLabelA
CancelTimerQueueTimer
GetLongPathNameW
RtlCaptureContext
lstrcmpiA
FindFirstFileW
OpenEventW
SetInformationJobObject
GetCurrentThreadId
TerminateThread
VerifyVersionInfoA
GetPrivateProfileStructW
GetCalendarInfoW
SetCommBreak
HeapValidate
GetPrivateProfileIntA
GetCommMask
GetBinaryTypeW
SwitchToThread
GetModuleFileNameW
GetNumberFormatW
DosDateTimeToFileTime
GetThreadTimes
GetCurrentDirectoryW
IsBadHugeReadPtr
OpenJobObjectA
GetFileAttributesA
OpenWaitableTimerA
GetCurrentProcess
SetWaitableTimer
VerLanguageNameW
WriteConsoleInputA
CreateActCtxA
MoveFileWithProgressW
VirtualUnlock
SetProcessWorkingSetSize
GetStdHandle
lstrcat
GetConsoleFontInfo
DeleteAtom
ReadConsoleInputA
GetNativeSystemInfo
GetDriveTypeA
SetLastError
OpenMutexA
DeleteFileA
MoveFileW
WritePrivateProfileStructA
GetDriveTypeW
SetCurrentDirectoryW
GetGeoInfoA
DosPathToSessionPathA
RtlCaptureStackBackTrace
ExitThread
EnumResourceNamesA
GetCalendarInfoA
GetFileSize
GetProfileIntA
GlobalUnlock
GetFileInformationByHandle
MoveFileA
FindNextChangeNotification
DeleteTimerQueueTimer
EnumTimeFormatsA
GetVolumePathNamesForVolumeNameW
SetFileShortNameW
GetProcessAffinityMask
SetSystemTimeAdjustment
IsBadStringPtrA
WriteProfileSectionA
Heap32Next
GlobalAddAtomW
LocalFree
HeapFree
AddConsoleAliasA
SetComPlusPackageInstallStatus
SetFileApisToANSI
LZSeek
GetCurrentActCtx
Heap32First
GlobalSize
GetUserDefaultLangID
WaitForMultipleObjects
ReadFileScatter
GlobalReAlloc
FileTimeToSystemTime
GetStartupInfoW
SetCriticalSectionSpinCount
SetComputerNameExW
CreateFileW
AssignProcessToJobObject
GetSystemDefaultLCID
DeleteVolumeMountPointA
WriteFile
MapUserPhysicalPages
FormatMessageA
UnhandledExceptionFilter
ReadConsoleOutputCharacterA
SetTimerQueueTimer
GetExpandedNameA
GetHandleContext
CreateSemaphoreW
SetThreadExecutionState
GetConsoleMode
WaitForSingleObjectEx
CreateThread
SetSystemPowerState
GetUserGeoID
MoveFileWithProgressA
GetNumberFormatA
GetComputerNameA
SetMailslotInfo
ReleaseMutex
SetStdHandle
ConnectNamedPipe
InitializeCriticalSection
GetThreadContext
ReadConsoleInputExA
QueryPerformanceCounter
GetTempPathA
GlobalAddAtomA
ProcessIdToSessionId
GetSystemTimeAdjustment
lstrlen
GetTapePosition
GetEnvironmentVariableW
GetStartupInfoA
GetAtomNameA
PrivMoveFileIdentityW
GetTapeStatus
WaitCommEvent
RegisterWowExec
GetLogicalDrives
PeekNamedPipe
RequestDeviceWakeup
CreateDirectoryExW
RemoveDirectoryA
EnumResourceNamesW
EnterCriticalSection
FatalAppExitA
FindClose
LocalUnlock
lstrcpyn
ReplaceFile
SetNamedPipeHandleState
BackupWrite
EnumDateFormatsExA
EnumCalendarInfoW
WritePrivateProfileStructW
EnumSystemCodePagesW
ReplaceFileW
PeekConsoleInputA
HeapReAlloc
SetThreadLocale
GetPriorityClass
GlobalFlags
SetCommTimeouts
CreateEventA
FileTimeToDosDateTime
GetDefaultCommConfigW
MapViewOfFile
RaiseException
EnumSystemGeoID
FlushInstructionCache
FindFirstChangeNotificationA
WriteConsoleW
GetConsoleOutputCP
CreateMailslotA
WriteConsoleOutputAttribute
lstrcpyW
GetShortPathNameA
FoldStringW
GetDiskFreeSpaceExW
IsDBCSLeadByteEx
SizeofResource
TerminateJobObject
GetLastError
IsDBCSLeadByte
GetACP
VirtualQuery
LoadLibraryA
TlsFree
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

AnyPopup
LoadIconA

Exports

Exports

�5��ǒ��>ӷa&sT��T��"��q+��0O��-\�|c��=�hEow}7R��W�F��[��;��*^4� ��\Y�Lv�7@��re� ��[��ƽqٕ��|�D�+�,*�#�x-��OL��`�B! �V��a�E�e�,�d4�n44�Xp� ��^�PF^6D��1��H�<��f��{�� !�'T.%��^��-��l��cJ��`��ON��1P��٢l�ɸ� H%�x��$��G�`H�w~�f/�-��d)�z�k㲏�$�1�.�h��磻�Ղʺ�_��bu��6c��4��1�o�}$�=%ҽ��%v��}�DG�k��;�{��7�^�Y<+�w��3�Pu7#�'�f�=�� O�ױ7��0��+�j"�->I��?��B��ȅ��EW�@��O�|sC�윫�w��r]��*ϒ��)r怭*��c��/��j�&�4�`An��W��'@2v�eh8��Qd��O�`i��HƱ%Lr;ލ,(��?��<��\ۛ8��^�7��Av8fG�qn�C�ō��͙ }��%��g9.��_�QKP�#��ZC��\r��8�7��[�@��.�Ӿ��-��S�٪h�;VR�y�c0��$CӫOtM�T ��ʜ'pL�/d�gW|2 �$��p�t�� Ŷ��[��S�wb��A��+T�~�k��rf ��o��@:�E�z��3-��tIq��H}�_��gm_k��p9ӱ;5�"pL�9�ڏ�Ӂ��k�H��#_ꋛ�Mc��އ[E�uԟ��@�׻8�D�l��g�Ĥ��.�0�ό�ǹG�%�lnH��>l-?� )[[6�@��>��ۅ瓧�@��h݆�'�c��>X��o��vX��J.U�7vP�*du?��<��F0��e��K�(|e˃n��X�ܜ��%��5�iv��+ )4�]<�<��ʡ��.�S�/g8i�϶��쓈ȍ�+�-*j��_4��\�|e*<��U�U�3M��w�Ai�x�n�e.�B%B�T�� Oe�û!(+�ndOi��)1�q�M0��!I�=1�vXˎ��l-��rʻ?.��ք�fF� ��0=}'�4_�e^��F��w?��ki&��|��f@��nz�Kz��>��}��_|Ș��Q�`�Ĭ{��W��D�~*P��t��.��0�w��5 6g��y�K%�)r�S+� �L�Gb1�jRJ��%�좴ʴE��ݪ+NJ ��T��.� ��Q룉��l�{�q�q��c2.�9I��욿B �d�¢qx��#�$��]I'j�n��|;�7Q��BÉ|e45�=a*g)�e��d|��{�j�]~(}��s�(��$�gE֩�/j��eC�� 8��Be��5xO��LG��%��r�,�X��c<�� \c6'��]��L.��(ڰ��S��y��Z�:#��Q�d��q�O��5�uJ�x�9y�o��`j��ώe��Sp�,^��7c��Cp��F��+b��!zo,4K�� gF��~Sd�&�3c��6�/�A3�.��W��,��@��ϴ��vj�k��[��é��rcm�)�ВUT�P��X�mb+i��}6��$��fE#/�M��NM��0�X�q��)�<g$��^ �4M�eGt>�; @��Tg=��b�U:mlj6�=��"��cY/�,��e��Y\)R>s��z� A�a��I��KI�<�� 6��e��{>�]��3��k�^�9p�{�U}a�1�5��8��D�u��R�K��HB*��c2RP~Y�}׻oK/+�E��ET��SA��&5#}�g�V%Ʊb��<^;-+3�/#��˔�ӧ6~��*�ٟ�ӄ]7��H�ƾ�K�!��b0�?3(��/"�.v<�&�ǯ��O�`�:r��j׹�(b�}Ξ�q��P6��2��3�G��'}��|��^��i�_.-4nLw�+t�ԗ��=��I��W~3��5pO)˜\=8M·��2�j�O� �/q��#U��}�}XMc��T��n��zT��G�+i�cQ��D�Ago��K��К��H�Y�6�ة{��q��qMt��/`��9��:��`��L �bB`��- L�:3g�\�-�^(��I��E��Va+s{��V�~��2n4'��P:�*?�B-2[�'ѦܬT��5^U=��Ur/6~-��Я��}��%ZzBr�O�EQe˞�VP��d3�<��H�NW&�ҝ-.ܭt�=d�A�2R=�@ǋ��s��S��E��o�Ez��Bx��:7M�{ ``��}g��k_��?��3��iy�KR ? ULz�a0��j��:aW�k�b�/�*t��ݾ]�~'�N�ၦgK�x�Օ�Y+] ��G�b��A�a�<��@�xO��yd^�h��n��]�jo=4��w5P>Œ�)��e�J]��]i��՚~w�0��.^�H�x?��4O�+$�\�@$��.b��g� ��~zq2P/��U��:,��k��EH�ᕘ]s��O��ˀ��j9a��#6��`�Qx �eaixG�^;�J(�Y��,�Px�*��jH�uK��nb�q��%ƭ��^YM�h@*�)df�N�nI^��4 �fs��Z��<�S��f|�6$�Z�\��'u�1��$�x^�H/Nʜ+͸<��+]� gC��k ��ic��8�_)�F�X��Բ�9�3�}K�v��,�t��-�y�_�Ō�BUr/�?s''��9�k��@.�B�f��f+�3~gx

Sections

CODE
Size: 450KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e75a840e0be1f1563208bcaaa37ef84

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

08:72:d5:06:cb:b3:76:b9:3b:84:fd:af:27:35:cc:d5:87:6d:2c:65Signer

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 450KB - Virtual size: 452KB

DATA Size: 12KB - Virtual size: 16KB

.idata Size: 25KB - Virtual size: 28KB

.text0 Size: 14KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 86KB - Virtual size: 88KB

.reloc Size: 10KB - Virtual size: 12KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

08:72:d5:06:cb:b3:76:b9:3b:84:fd:af:27:35:cc:d5:87:6d:2c:65
Signer

CODE
Size: 450KB - Virtual size: 452KB

DATA
Size: 12KB - Virtual size: 16KB

.idata
Size: 25KB - Virtual size: 28KB

.text0
Size: 14KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 86KB - Virtual size: 88KB

.reloc
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 53KB - Virtual size: 53KB