3208a450c9648ccf7789ab2d4f3098da

Sharing

Copy URL Twitter E-mail

General

Target

3208a450c9648ccf7789ab2d4f3098da
Size

246KB
MD5

3208a450c9648ccf7789ab2d4f3098da
SHA1

86006ee6c16014633350e4e9c7722bef8b01905e
SHA256

2226714f82319746ebbbf243e02d300dcd596767ced3dff46e8288bbd2a081fc
SHA512

302da1d19703bad16c2498c96fc58e528e96be914f3ed580f6cb032d69be94a8155dd531833b02611caf15de2d4a69bb6419d0a35ce394464c11e65d36a7310d
SSDEEP

6144:RAbGLRhOe91rnNWJ6AwEuPp3G2ZmsqWMrM8L2pNE9ivfXSNe:RAb4hr91k6PmsqPrFWza4

Score

1^/10

Malware Config

Signatures

Files

3208a450c9648ccf7789ab2d4f3098da
.exe windows:5 windows x86 arch:x86

06e15fa7539824bdfe6301ec0c76c81a

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/04/2015, 00:00

Not After

12/04/2016, 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

60:a8:6c:c6:df:30:fc:eb:3a:55:1f:9b:ab:0a:d1:a5:f4:b0:52:f5
Signer

Actual PE Digest

60:a8:6c:c6:df:30:fc:eb:3a:55:1f:9b:ab:0a:d1:a5:f4:b0:52:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsW
lstrlenW
QueryDosDeviceW
GetFullPathNameW
GetLongPathNameW
OpenProcess
GetModuleFileNameW
GetFileAttributesW
InterlockedDecrement
GetLastError
HeapSetInformation
GetCommandLineW
DecodePointer
EncodePointer
LocalFree
GetStringTypeW
ExpandEnvironmentStringsW
LCMapStringW
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
CloseHandle
CreateProcessW
ExitProcess
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
DeleteFileW
GetProcAddress
GlobalFree
GlobalUnlock
GlobalLock
MultiByteToWideChar
GlobalAlloc
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
WriteFile
HeapSize
Sleep
IsProcessorFeaturePresent
HeapFree
HeapAlloc
IsDebuggerPresent
GetStartupInfoW

user32

GetSystemMetrics
LoadIconW
BeginPaint
EndPaint
MessageBoxW
DestroyWindow
GetDC
ReleaseDC
LoadCursorW
GetWindowThreadProcessId
EnumWindows
IsWindowVisible
CharLowerW
RegisterClassExW
AdjustWindowRectEx
CreateWindowExW
SetCursor
ShowWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DefWindowProcW
PostQuitMessage
SendMessageW
SetWindowLongW
DispatchMessageW

gdi32

GetStockObject
BitBlt
SelectObject
CreateBitmap
CreateCompatibleDC

advapi32

RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
GetHGlobalFromStream
CreateStreamOnHGlobal

oleaut32

VariantClear
SysFreeString
SysAllocString

psapi

GetProcessImageFileNameW

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipDrawImageRectI
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdiplusShutdown

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06e15fa7539824bdfe6301ec0c76c81a

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

60:a8:6c:c6:df:30:fc:eb:3a:55:1f:9b:ab:0a:d1:a5:f4:b0:52:f5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

psapi

gdiplus

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 143KB - Virtual size: 142KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

60:a8:6c:c6:df:30:fc:eb:3a:55:1f:9b:ab:0a:d1:a5:f4:b0:52:f5
Signer

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 143KB - Virtual size: 142KB