3039ddf380462dd5e84cc8e954f49b9d

Sharing

Copy URL Twitter E-mail

General

Target

3039ddf380462dd5e84cc8e954f49b9d
Size

115KB
MD5

3039ddf380462dd5e84cc8e954f49b9d
SHA1

9cab6156a34a9b15009d0ca9e755bc5852b87eb2
SHA256

24e74eb64d083238eb5246fd94218a98ba3038fc89f80ec18d62aecd9e89aead
SHA512

5b2a92bd7c404a02e27151f38d87a72fe71b7a47b3637e9ff703ddcd17cacffb1135d4a7a90d4144c2044e765d82184bd85d35277e22826246b5a427a4460020
SSDEEP

3072:h2QXWJoHcVp9I8pNbkfTBJXo0mBR3Cz50N+WMS/:oj6u0mBEl0//

Score

1^/10

Malware Config

Signatures

Files

3039ddf380462dd5e84cc8e954f49b9d
.exe windows:4 windows x86 arch:x86

61fdcd0a69e1e4cea037d6088e9cd360

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:26:10:ca:66:0b:da:5b:05:75:3b:55:69:9d:f1:10
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/02/2014, 00:00

Not After

19/02/2015, 23:59

Subject

CN=GRADIENT COMPANY,O=GRADIENT COMPANY,POSTALCODE=117630,STREET=akademika Chelomeya\, 4,L=Moscow,ST=Mockovskaya oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:ed:fd:55:e9:af:95:7e:3e:2b:36:04:6e:0e:f3:73:e7:22:ad:79
Signer

Actual PE Digest

74:ed:fd:55:e9:af:95:7e:3e:2b:36:04:6e:0e:f3:73:e7:22:ad:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
HeapSize
TlsGetValue
UnhandledExceptionFilter
CreateFileW
GetProcAddress
RaiseException
DeleteCriticalSection
GetModuleHandleA
VirtualAlloc
LeaveCriticalSection
GetSystemTimeAsFileTime
GetSystemInfo
GetModuleFileNameA
ResetEvent
CreateEventW
GlobalAlloc
InitializeCriticalSection
LoadResource
CreateThread
GetACP
FreeEnvironmentStringsW
GetModuleHandleW
LoadLibraryExW
SetEvent
ReleaseMutex
LoadLibraryA
DeleteFileW
Sleep
GetOEMCP
GetStringTypeExA
GetProcessHeap
GetUserDefaultLCID
GetNumberOfConsoleMouseButtons
HeapFree
ExitProcess
VirtualFree
GetStartupInfoA

user32

IsDlgButtonChecked
TranslateMessage
MessageBoxW
GetDesktopWindow
GetFocus
PostMessageW
PostQuitMessage
LoadIconW
EndDialog
CreateWindowExA
EnableWindow
MessageBeep
GetSubMenu
DefWindowProcW
PeekMessageW
SetForegroundWindow
SetDlgItemTextW
DialogBoxParamW
LoadImageW
GetWindowTextW
CopyRect

gdi32

SetTextColor
GetCurrentObject
GetBkColor
SetWindowOrgEx
CreateFontA
StretchDIBits
SetBrushOrgEx
GetTextAlign
EnumFontFamiliesExW

advapi32

CopySid
RegEnumValueW
GetAce
CryptGetProvParam
CryptEncrypt
GetUserNameW
CryptDestroyHash
FreeSid
GetUserNameA
CryptGenKey
QueryTraceA
CryptAcquireContextA
GetCurrentHwProfileW
RegDeleteKeyW
CryptGenRandom
RegCreateKeyA
RegEnumKeyExW

ole32

OleInitialize
CoRevokeClassObject
CoGetClassObject
GetRunningObjectTable
OleGetClipboard
OleSetClipboard
HBITMAP_UserUnmarshal
StringFromCLSID
OleLoadFromStream
CoTreatAsClass
CoCreateInstanceEx
CreateFileMoniker
CoWaitForMultipleHandles
CoGetStandardMarshal
HWND_UserMarshal
DoDragDrop

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit

rpcrt4

CStdStubBuffer_IsIIDSupported
RpcServerUseProtseqEpW
NdrOleFree
IUnknown_Release_Proxy
RpcBindingFromStringBindingW
IUnknown_AddRef_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
NdrServerCall2
RpcStringBindingParseW
RpcStringFreeA

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61fdcd0a69e1e4cea037d6088e9cd360

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

55:26:10:ca:66:0b:da:5b:05:75:3b:55:69:9d:f1:10Certificate

Extended Key Usages

Key Usages

74:ed:fd:55:e9:af:95:7e:3e:2b:36:04:6e:0e:f3:73:e7:22:ad:79Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

msvcrt

rpcrt4

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 17KB - Virtual size: 16KB

bss Size: 7KB - Virtual size: 4KB

.rsrc Size: 18KB - Virtual size: 18KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

55:26:10:ca:66:0b:da:5b:05:75:3b:55:69:9d:f1:10
Certificate

74:ed:fd:55:e9:af:95:7e:3e:2b:36:04:6e:0e:f3:73:e7:22:ad:79
Signer

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 17KB - Virtual size: 16KB

bss
Size: 7KB - Virtual size: 4KB

.rsrc
Size: 18KB - Virtual size: 18KB