38bf84b90ac595bef69dd1f65738552c

Sharing

Copy URL

Twitter E-mail

General

Target

38bf84b90ac595bef69dd1f65738552c
Size

618KB
MD5

38bf84b90ac595bef69dd1f65738552c
SHA1

25350a7e185b8334ab2cea631c19f45a7db2b023
SHA256

1430db15a80a29772035a60227be41b1776b2f42d4bf99a3cc002cbb4f797b89
SHA512

707f0809de07c1155517d60c1f31837336a74a370ff74e4c321ea32c2850b84fc519e6ddea46af4ec8b523939407da202a3a19882f2023d89e4f740cb727a5f0
SSDEEP

12288:Fi3WLfGepVs8GRrymnfWuYXf3u4unv5Jv0G4n7ENhMr:Ze+VgR+mnuuYv3u485doEY

Score

1^/10

Malware Config

Signatures

Files

38bf84b90ac595bef69dd1f65738552c
.exe windows:4 windows x86 arch:x86

b0f230906037e2ab7d5e05af29dd9b1d

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2015 00:00

Not After

24-05-2016 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:f6:16:bf:84:f5:f7:56:e1:72:97:7e:a4:3c:ff:55:b8:8d:51:be
Signer

Actual PE Digest

fe:f6:16:bf:84:f5:f7:56:e1:72:97:7e:a4:3c:ff:55:b8:8d:51:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DragObject
BringWindowToTop
EmptyClipboard
OemToCharW
RegisterDeviceNotificationW
SetClipboardData
WaitMessage
ToUnicode
MoveWindow
GetKeyState
SendMessageCallbackA
GetGuiResources
GetWindowTextLengthA
SetWindowPos
GetClientRect
IsCharUpperA
CreateMDIWindowA
LoadKeyboardLayoutA
GetMenuBarInfo
SetClassLongA
ShowWindowAsync
GetCapture
DrawTextExW
wsprintfA
IsMenu
GetKeyboardLayoutNameA
UnloadKeyboardLayout
LoadCursorFromFileA
AdjustWindowRectEx
SetMenuItemInfoA
DefFrameProcW
GetWindowThreadProcessId
MessageBoxTimeoutW
GetMessageA
EnumDisplaySettingsW
CopyAcceleratorTableA
GetClipboardFormatNameA
SubtractRect
SendMessageTimeoutW
OemToCharBuffW
RegisterClipboardFormatA
DrawIcon
SetMenuInfo
CreateCursor
ShowCaret
LoadStringA
LoadCursorW
SetClassLongW
GetTabbedTextExtentA
GetAncestor
UnhookWindowsHook
GetClassInfoExW
LoadCursorFromFileW
GetListBoxInfo
ShowOwnedPopups
EnumDesktopsW
DefDlgProcW
SystemParametersInfoA
DlgDirListW
SystemParametersInfoW
FindWindowW
MessageBoxTimeoutA
PeekMessageW
HideCaret
MessageBoxIndirectW
GetKeyboardLayoutNameW
CloseDesktop
GetUserObjectInformationW
ActivateKeyboardLayout
OpenInputDesktop
ModifyMenuW
PostThreadMessageW
GetKeyboardState
SetDlgItemTextW
GetMenuItemInfoA
RealGetWindowClassA
GetUpdateRgn
IsDialogMessageA
UnregisterHotKey
GetMonitorInfoW
GetWindowWord
GetCursorPos
FindWindowA
IsWindow
EqualRect
EnumThreadWindows
IsDlgButtonChecked
GetMessagePos
EnumDesktopsA
CreateDialogIndirectParamW
UpdateWindow
GetClipboardFormatNameW
BroadcastSystemMessageExW
InsertMenuA
BroadcastSystemMessageExA
GetSystemMetrics
TranslateMessageEx
GetScrollInfo
GetMessageTime
MessageBoxW
IsCharAlphaNumericW
OpenWindowStationW
SetCaretPos
GetWindowTextW
GetWindowWord

kernel32

SetFileApisToANSI
CreateProcessA
lstrcmpiW
SetErrorMode
ReplaceFile
IsBadStringPtrA
AddAtomW
EnumResourceNamesA
HeapReAlloc
GetCalendarInfoW
FindFirstFileExW
SetFileShortNameA
VerLanguageNameA
SetFileApisToOEM
ClearCommError
CloseProfileUserMapping
CancelIo
GetLargestConsoleWindowSize
SetComputerNameW
CreateDirectoryW
GetPrivateProfileIntW
WinExec
GetThreadContext
GetFileInformationByHandle
ReadConsoleOutputCharacterW
GetModuleHandleExA
GetConsoleCursorInfo
GetPrivateProfileStringW
ClearCommBreak
GetEnvironmentStrings
RemoveDirectoryW
WaitNamedPipeA
GetStringTypeExW
SetEnvironmentVariableW
LZInit
CompareStringW
Heap32First
BuildCommDCBAndTimeoutsA
CreateProcessInternalA
FileTimeToLocalFileTime
WriteConsoleOutputW
ScrollConsoleScreenBufferW
OpenEventA
FindClose
GetDiskFreeSpaceExW
ConnectNamedPipe
EnumSystemLanguageGroupsW
WaitForSingleObject
CreateTimerQueue
MapUserPhysicalPages
GetOEMCP
GetProfileIntW
FlushConsoleInputBuffer
GetNamedPipeHandleStateW
GetThreadSelectorEntry
LocalSize
GetStringTypeW
GetTimeFormatW
CreateFileW
GetProcessTimes
ConvertDefaultLocale
GetConsoleKeyboardLayoutNameW
PulseEvent
FindFirstVolumeMountPointA
lstrcpyn
lstrcpyA
QueryDosDeviceA
ExpandEnvironmentStringsA
WaitForMultipleObjectsEx
GetConsoleFontInfo
GetDriveTypeW
GetTimeZoneInformation
FindFirstChangeNotificationW
GetACP
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextA
PageSetupDlgA
ChooseFontA

shell32

ShellExec_RunDLL
InternalExtractIconListW

Exports

Exports

'ht-�q�r�~��뇢��v�(�{�0ayA a��a�*j��@2'�.?"��}��ݒ��,Ч�o�W��!��M�C�M��枖�0ǍL�!!�w�ź�š��DjDl�=rmF�F�B��{�؛��!��y�Fn ��w )7DZ�+�42��x�?�&��`C�78do�p�yF��wx��T��J�x�[��X=��>�-#�)"�W��?gcx��hk�p�1]�O�]�;�ϏϚ,q��v~�v��,��۲��D{䜨NN�P�)W>X�B�3y��O@�\�y��x�Ʉ7mju;�� 2�]R��t��n��6�`e��_|�Z�U��d��Ï��ؓ%�pY�� sqP��?�`��M��Ct9�N�x��u��.](Sw�4@S��.��h;�+�X�c췫��l��m1��'��8�34��Ԍ)��q��*��ˁ�?��d�B��Fe�fr��rt�kY��~�-��Ԟ��[�C��q��-~ &�l��mxj�`<�?� �lpH�< y�G�*�g��d�9�[��&�m��z9�%��!��~a��p%�:��w��Y�U��δ��o�,��EZў�huw^5p�魟��Y�n��>��~�TФ Ԯ民7?s��֫�4�� uLcH�44��[��%�F-ث� ~M9�{�o��8��z��4?�^��Fnko�Ҍ�}Q ��S@��Д\��hERI��U��DMeT�l�؟��pZh�v�K��JN��Nkǻ��<W��$��r��kQ@�ØF 15G�5m��i�Φ� ��4�kBOnZ9��9��=�8MD��&LN0�\ɶ d�d�cD ��-��t�s�`7�R�_�� ɛ��wؿܹ!�z~4ky/իQ��h��j�\1��5Y�ʰE2�g�צ��f�9�JH��V��O׋��h�֣�l�|�@��h0G�0��m��]�?W@<�s�-՞��6� ��_PG��Ή��3y��!��u!�My��,[�D�>H��0�S��ўfp��v�nLH�NZ�n.�/�i3*��d��R�b_��=I�uU�e�x�c�M�#�17��ӆ��p��T�X>(�\ Cg7F'io�II�Ç��b��_�:観x/g>� `6�~h��h��2��L�0��f� C"�`�`�/[��SIR3�ЇiZ�.��F�_w�s�)Y�=�Ho�)��G'��=��f��@��MP7 ��=��[H�$�^��t��5�ň@�.��r��հ<��e��mS�,��4d4ǂ��A�v��R�hm�}�$�.�P��s�V��P�ڃ��Ä��O�V].f�!�SY=eˎԯ�7��K�?H�ޚ��9j��}�]�'H$M�~��*{��:�$s�r|Umf�.Q�Opy�Л`V��`��1m��N[#'�m�G�cKi��E��P�?��檈2�͙c6`��:�W�+�P��>�QO Ԅ ��gx�� j�W��Cn�J��@n��5�� d��9�(&�3^�+�G��Hz��x'52�A��f�c�3KuCB7=��J�|`��eА��꠵�� k:k��b%�u��O�Pz??�}��2��R�j�.�(u�԰��bNgr~RӣmeW��ڕӿ�m��=��rn�VI�� v��@C�a�L(�s�2T~��#�,59�س[ ��K��EK�^b�T�zx�߁��w#�Ɛ%��5��g��&��&��\�#��s��)�l]��W�SJ1��FaÈ�Ђ��ʙ�bG��T�k��Ál�5��!��mog�.-j^��<@/��H�(��0�I�u�Hj��r��o��P�G2�Y8&��bWO77�d��18о��E��ܫ%d��R3p��`��B.��(V �r0:r�d�,��i,<I[��J��T�i��]� ^*�n'�:榾J��3�_��P�T��e��V �e 4��5�� A&�_'��Qߪ�p0)'Iϫ��/8��9��<(�gth�ՙ�Ɍ�S[��KS9(��X��ٵ ��Ǳ�ƈ�B_��ao�J��1n�wЊ�6�U��8�pK)��,��/� �Pi�G�� z�{��I'T�˭�p4��zM6'��r�\� �%��.��/A��'G�B#��>�a) �/��Z��a�\��#X�~~�zx4��!��!��;�-�ܘ�.��IjiU��_uv|��_�Lu#��]�5��4�R,y��iZ�D�Ά��좂��N��D/�%R%�[��C��mF|o� ��W�_��!'��٣� ⷙ�2R� IE>/4��:|r�k!d�3��^�ȃ�J�$��(�ЕAe��+��~D��o=//?H��rƑT\��?kd��5�}9 � ]�#��>"�Z{�� ~ X�p��-$�_��x?F_��HW��ӊ!c�]�;�L��oѩ��ħb��$�&�oG�蘫j�ep��L6�z��@�~�j��a�|z��7 �T��# ��Ef��-�G�� ;uM0&��&��6i�@��\Bmet��-�H� ��S}�P'��3��{嫒C��/�S`j��KHc�*p��ߖ�PG�]`q m[Uޱ��è��ߗ��@W�\|!�tS��[�p� ��7ѝx��\݆�@2�zq&?6�q��K��<�^�E� �%��|?T�%@�}�8�PD>`��cp��4�JS�y݆ߕ1��t \3(s��7��+f��{M��}��a�)�p��%�b� �!��j��

Sections

CODE
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 821B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0f230906037e2ab7d5e05af29dd9b1d

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

fe:f6:16:bf:84:f5:f7:56:e1:72:97:7e:a4:3c:ff:55:b8:8d:51:beSigner

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

shell32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 440KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 821B

.idata Size: 5KB - Virtual size: 4KB

.text0 Size: 19KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 71KB - Virtual size: 70KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

fe:f6:16:bf:84:f5:f7:56:e1:72:97:7e:a4:3c:ff:55:b8:8d:51:be
Signer

CODE
Size: 441KB - Virtual size: 440KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 821B

.idata
Size: 5KB - Virtual size: 4KB

.text0
Size: 19KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 71KB - Virtual size: 70KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB