362dc80a22200f759c3e53368657304f

Sharing

Copy URL Twitter E-mail

General

Target

362dc80a22200f759c3e53368657304f
Size

1.5MB
MD5

362dc80a22200f759c3e53368657304f
SHA1

741ac8ea40bb85ee01ca4c4985c8b150cf6564cb
SHA256

5b084492ea27487af7bb24ae6f39973e22afe14d5307a1f9bfedc315bbc75920
SHA512

d77ef24046f9d726d8a457081fac14c3bf76b7512197a20f1c3f70484f96d06492cc3434c319bef50341843d7c5f7d52537a71831307099e252bd8b8b06680f2
SSDEEP

3072:+PefZtn1TLH+oPLKb1Ck8QE3MRl83SyCC0F3gbsTc7PgW6WvQyvoE0fB0euI:S+n1HVexY73kl83Sy383gYYAy6fh

Score

1^/10

Malware Config

Signatures

Files

362dc80a22200f759c3e53368657304f
.dll windows:5 windows x86 arch:x86

452a173374b24404cfc6ce3408ee2f59

Code Sign

2b:13:45:f9:0b:6d:15:a1:4b:21:65:ae:76:5d:b6:bc
Certificate

Issuer

CN=twrtq

Not Before

05/02/2012, 17:04

Not After

31/12/2039, 23:59

Subject

CN=twrtq

Extended Key Usages

ExtKeyUsageCodeSigning

89:4b:4c:86:ea:3d:de:eb:d9:29:d6:9d:e6:e5:d6:00:38:9c:12:c9
Signer

Actual PE Digest

89:4b:4c:86:ea:3d:de:eb:d9:29:d6:9d:e6:e5:d6:00:38:9c:12:c9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
ExitProcess
CreateFileA
GetProcAddress
LoadLibraryA
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetVersion
BackupSeek
CancelIo
CopyFileA
CopyFileW
CreateFileMappingW
CreateIoCompletionPort
CreateSemaphoreW
CreateTapePartition
CreateToolhelp32Snapshot
DeleteFileA
EnumCalendarInfoW
EnumDateFormatsW
EnumResourceTypesA
EnumSystemCodePagesW
EnumSystemLocalesA
EnumTimeFormatsA
EnumUILanguagesA
FatalExit
FileTimeToDosDateTime
FindCloseChangeNotification
FindFirstVolumeMountPointA
FindNextVolumeW
FormatMessageA
GetAtomNameA
GetCompressedFileSizeW
GetComputerNameExW
GetConsoleAliasA
GetConsoleAliasExesLengthA
GetConsoleAliasesW
GetConsoleOutputCP
GetConsoleTitleW
GetDefaultCommConfigW
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetEnvironmentVariableA
GetFileAttributesExA
GetFullPathNameW
GetLocaleInfoA
GetPrivateProfileStringA
GetProcessIoCounters
GetProcessPriorityBoost
GetProcessTimes
GetStdHandle
GetStringTypeExW
GetSystemInfo
GetSystemPowerStatus
GetTempFileNameW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GlobalDeleteAtom
GlobalFix
GlobalSize
Heap32ListNext
IsBadCodePtr
LocalFileTimeToFileTime
LocalReAlloc
LocalUnlock
LockResource
MoveFileA
MoveFileExW
OpenEventW
OpenThread
QueryInformationJobObject
ReadConsoleInputW
ReplaceFile
ReplaceFileA
ReplaceFileW
ResetEvent
ResumeThread
ScrollConsoleScreenBufferA
SetConsoleCursorPosition
SetConsoleTitleA
SetFileAttributesW
SetLastError
SetProcessAffinityMask
SetSystemTimeAdjustment
SetTapeParameters
SetThreadContext
SetThreadExecutionState
SetupComm
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateThread
TransactNamedPipe
UnhandledExceptionFilter
UnlockFileEx
VerSetConditionMask
WriteProfileSectionW
WriteProfileStringA
_llseek
_lopen
lstrcmpiW
lstrcpy

user32

ArrangeIconicWindows
AttachThreadInput
BeginDeferWindowPos
BeginPaint
CallMsgFilterA
ChangeDisplaySettingsA
CharLowerA
CharToOemA
CheckDlgButton
ChildWindowFromPoint
ClientToScreen
CloseWindowStation
CopyAcceleratorTableW
CountClipboardFormats
CreateIconIndirect
CreateWindowStationW
DdeEnableCallback
DdeFreeStringHandle
DdeQueryNextServer
DefDlgProcA
DefFrameProcW
DialogBoxParamW
DlgDirListA
DrawEdge
DrawTextExA
DrawTextExW
EnumDisplayDevicesA
EnumDisplaySettingsExW
EnumWindowStationsA
FindWindowExW
GetAsyncKeyState
GetClassInfoExW
GetClassInfoW
GetClassLongA
GetClassLongW
GetClassNameA
GetClipboardOwner
GetDlgItemTextA
GetGUIThreadInfo
GetKeyNameTextW
GetKeyboardLayout
GetKeyboardType
GetLastInputInfo
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuInfo
GetParent
GetScrollRange
GetTopWindow
GetWindowLongW
IMPGetIMEW
IMPQueryIMEW
ImpersonateDdeClientWindow
IntersectRect
IsClipboardFormatAvailable
IsDialogMessageW
LoadAcceleratorsW
LoadCursorFromFileA
LoadCursorW
LoadKeyboardLayoutW
MessageBoxIndirectA
MonitorFromWindow
OemToCharA
PackDDElParam
PeekMessageA
RealGetWindowClass
RegisterHotKey
RegisterWindowMessageA
RemoveMenu
ScrollDC
ScrollWindowEx
SendInput
SendMessageA
SetActiveWindow
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMessageExtraInfo
SetParent
SetWinEventHook
SetWindowContextHelpId
SetWindowPos
SetWindowTextW
ShowCaret
ShowOwnedPopups
SubtractRect
SwitchToThisWindow
SystemParametersInfoA
ToUnicode
UnregisterDeviceNotification
UnregisterHotKey
ValidateRgn
WINNLSEnableIME
wvsprintfA

ole32

CLSIDFromString
CoAddRefServerProcess
CoBuildVersion
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoFreeUnusedLibraries
CoGetApartmentID
CoGetCallContext
CoGetClassVersion
CoGetInterfaceAndReleaseStream
CoGetMarshalSizeMax
CoInitializeEx
CoIsOle1Class
CoMarshalInterThreadInterfaceInStream
CoQueryReleaseObject
CoRegisterMessageFilter
CoRegisterSurrogateEx
CoRevertToSelf
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemRealloc
CoTestCancel
CoUnloadingWOW
CoUnmarshalInterface
CreateAntiMoniker
CreateBindCtx
CreateDataCache
CreateFileMoniker
CreateItemMoniker
CreateObjrefMoniker
CreatePointerMoniker
CreateStreamOnHGlobal
DoDragDrop
FmtIdToPropStgName
HACCEL_UserFree
HACCEL_UserMarshal
HACCEL_UserSize
HBITMAP_UserFree
HBRUSH_UserMarshal
HDC_UserMarshal
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserSize
HGLOBAL_UserMarshal
HICON_UserUnmarshal
HMENU_UserMarshal
HMENU_UserSize
HMENU_UserUnmarshal
HMETAFILEPICT_UserMarshal
HPALETTE_UserUnmarshal
HWND_UserSize
HkOleRegisterObject
IsAccelerator
MkParseDisplayName
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
OleCreate
OleCreateFromData
OleCreateFromFileEx
OleCreateLinkToFile
OleCreateLinkToFileEx
OleGetClipboard
OleInitialize
OleLoad
OleLoadFromStream
OleNoteObjectVisible
OleQueryLinkFromData
OleRegEnumFormatEtc
OleRegEnumVerbs
OleRegGetUserType
OpenOrCreateStream
ReadClassStm
ReadStringStream
RevokeDragDrop
SNB_UserFree
SNB_UserMarshal
SNB_UserSize
STGMEDIUM_UserSize
STGMEDIUM_UserUnmarshal
StgConvertPropertyToVariant
StgOpenStorageEx
StringFromGUID2
UpdateDCOMSettings
UtConvertDvtd16toDvtd32
UtConvertDvtd32toDvtd16
WriteOleStg

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tex2t2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

452a173374b24404cfc6ce3408ee2f59

Code Sign

2b:13:45:f9:0b:6d:15:a1:4b:21:65:ae:76:5d:b6:bcCertificate

Extended Key Usages

89:4b:4c:86:ea:3d:de:eb:d9:29:d6:9d:e6:e5:d6:00:38:9c:12:c9Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

Sections

.text Size: 9KB - Virtual size: 9KB

.tex2t2 Size: 1KB - Virtual size: 1KB

.text2 Size: 237KB - Virtual size: 236KB

.data Size: 512B - Virtual size: 144B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

2b:13:45:f9:0b:6d:15:a1:4b:21:65:ae:76:5d:b6:bc
Certificate

89:4b:4c:86:ea:3d:de:eb:d9:29:d6:9d:e6:e5:d6:00:38:9c:12:c9
Signer

.text
Size: 9KB - Virtual size: 9KB

.tex2t2
Size: 1KB - Virtual size: 1KB

.text2
Size: 237KB - Virtual size: 236KB

.data
Size: 512B - Virtual size: 144B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB