321046233a122ba81b32948a8afb2a83

Sharing

Copy URL Twitter E-mail

General

Target

321046233a122ba81b32948a8afb2a83
Size

352KB
MD5

321046233a122ba81b32948a8afb2a83
SHA1

bb4bdbbf4b4a59b2d9d8cdf90d95d5ac31737409
SHA256

15f80dcd28c5193724c7418b5e2f02ca4173f773ae1acd19ef39d336dc13b22a
SHA512

04eed7c38755334e6826e708b3cec077921f7b6500ed00bec4b2e8bc9aff2b2172ddfbf24ac3742e1c6c40d0a5dc6b275955d3b9814af82ee3dbd2d157839eee
SSDEEP

6144:yyErq0yLAFck9JZeYxUXBHpZte8bk4M/TIOj+c7zWjoMWlYhKYue4cJdM+9uBD:cG0ahk1eYUBJZt/6xj+4zH4RR4sdMGeD

Score

1^/10

Malware Config

Signatures

Files

321046233a122ba81b32948a8afb2a83
.exe windows:4 windows x86 arch:x86

3cbfbb833cc5050971164899134121e3

Code Sign

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24/10/2007, 22:01

Not After

24/10/2017, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bb
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/11/2014, 00:09

Not After

31/10/2016, 17:47

Subject

CN=ООО ”БАНДЛ” - Bundle LLC,O=ООО ”БАНДЛ” - Bundle LLC,L=Saint-Petersburg,ST=Saint Petersburg City,C=RU,1.2.840.113549.1.9.1=#0c16696e666f40696e7374616c6c62756e646c652e636f6d,2.5.4.13=#1310345173635459644f79754e45624e586d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:95:74:e0:19:14:50:28:ae:22:e1:e0:da:3e:4e:a0:e6:5d:55:37
Signer

Actual PE Digest

b4:95:74:e0:19:14:50:28:ae:22:e1:e0:da:3e:4e:a0:e6:5d:55:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ScrollWindow
SetWindowTextA
ShowWindow
EnableWindow
LoadStringA
CloseWindow
GetMenuItemCount
SetThreadDesktop
GetClassNameA
GetActiveWindow
GetUpdateRect
GetSystemMenu
IsWindow
GetPropA
GetKeyboardLayoutNameA
SetClassLongA
SetParent
GetKeyboardType
GetDesktopWindow
GetTopWindow
SwitchDesktop
GetWindowLongA
SetWindowPos
GetWindowRect
GetDC
GetClassWord
LoadCursorA
GetScrollRange
RegisterClassA
PostMessageA
MoveWindow
CreateWindowExA
GetWindowRgn
GetMessageA
TranslateMessage
IsWindowEnabled
GetParent
DispatchMessageA
GetClassLongA
GetWindowThreadProcessId
SetPropA
GetMenuItemID
SetFocus
PostQuitMessage
GetMenu
DestroyWindow
RemovePropA
GetWindowTextLengthA
SetClassWord
GetUpdateRgn
BeginPaint
DrawTextA
GetClientRect
GetClassInfoA
FindWindowA
EndPaint
IsWindowUnicode
SetActiveWindow
LoadIconA
SetWindowLongA
DefWindowProcA

gdi32

SetTextColor
SetBkMode
GetStockObject

kernel32

MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
VirtualAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetStartupInfoA
HeapAlloc
GetSystemPowerStatus
GetCurrentProcessId
ReleaseSemaphore
LCMapStringA
GetCommandLineA
CopyFileA
DeleteFileA
GetLocalTime
GetProcAddress
ConnectNamedPipe
GetFileType
GetVersion
CreateEventA
OpenFileMappingA
CreateFileA
GetComputerNameA
CreateNamedPipeA
CreateFileMappingA
GetModuleHandleA
FindResourceA
WinExec
SetFilePointer
InitializeCriticalSection
SetFileTime
DisconnectNamedPipe
LockFile
GetTempFileNameA
GetDiskFreeSpaceA
GetEnvironmentStrings
PeekNamedPipe
GetTempPathA
WaitForSingleObject
WriteFile
LCMapStringW
GetStringTypeA
FileTimeToSystemTime
OpenSemaphoreA
LoadLibraryA
GetCurrentProcess
GetLogicalDriveStringsA
GetStringTypeW
ReleaseMutex
UnlockFile
SetCurrentDirectoryA
CreateDirectoryA
CreateMutexA
OpenMutexA
ReadFile

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cbfbb833cc5050971164899134121e3

Code Sign

24Certificate

Key Usages

10:bbCertificate

Extended Key Usages

Key Usages

b4:95:74:e0:19:14:50:28:ae:22:e1:e0:da:3e:4e:a0:e6:5d:55:37Signer

Headers

File Characteristics

Imports

user32

gdi32

kernel32

Sections

.text Size: 304KB - Virtual size: 302KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 6KB

24
Certificate

10:bb
Certificate

b4:95:74:e0:19:14:50:28:ae:22:e1:e0:da:3e:4e:a0:e6:5d:55:37
Signer

.text
Size: 304KB - Virtual size: 302KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 6KB