485b0beb7af6339e64501f31e781e75a

Sharing

Copy URL Twitter E-mail

General

Target

485b0beb7af6339e64501f31e781e75a
Size

340KB
MD5

485b0beb7af6339e64501f31e781e75a
SHA1

86e6f1d4d513e1a01e80c1bdd79a3258acdecd6a
SHA256

15e8f6b61e5927e30b4da9cc031098b18cd706b4ddabb110041983278b55460f
SHA512

fcfbe45f19cc2dea86e46ccf97b81fb1fb34ed546e6c4aed295f7a238ea7a721ed1ddc979df4d73f4ca09b6f7a5712cf539da3d5719d43b52d9bc1ac911857ac
SSDEEP

6144:5JiZMsq9YQLSKAlZXApiI4F//4KdQ7s51HBkG/vRjXsbsvI0LmTDJcuvI:5u82QL0wprQ/4KPZBkG3tXsbsvKBcEI

Score

1^/10

Malware Config

Signatures

Files

485b0beb7af6339e64501f31e781e75a
.exe windows:4 windows x86 arch:x86

59da64cea57f47d7d90793df5b15ee60

Code Sign

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24/10/2007, 22:01

Not After

24/10/2017, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bb
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/11/2014, 00:09

Not After

31/10/2016, 17:47

Subject

CN=ООО ”БАНДЛ” - Bundle LLC,O=ООО ”БАНДЛ” - Bundle LLC,L=Saint-Petersburg,ST=Saint Petersburg City,C=RU,1.2.840.113549.1.9.1=#0c16696e666f40696e7374616c6c62756e646c652e636f6d,2.5.4.13=#1310345173635459644f79754e45624e586d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:2c:23:f5:fd:52:a3:ad:b4:b7:b9:cb:76:72:59:80:4e:3b:fa:6d
Signer

Actual PE Digest

ca:2c:23:f5:fd:52:a3:ad:b4:b7:b9:cb:76:72:59:80:4e:3b:fa:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowTextLengthA
FindWindowA
SetFocus
ScreenToClient
MoveWindow
IsWindowVisible
GetWindowRgn
GetKeyboardLayoutNameA
SetWindowLongA
SwitchDesktop
GetClientRect
BringWindowToTop
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
DestroyWindow
DefWindowProcA

kernel32

ExitProcess
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
SetFilePointer
CreateMutexA
GetModuleHandleA
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59da64cea57f47d7d90793df5b15ee60

Code Sign

24Certificate

Key Usages

10:bbCertificate

Extended Key Usages

Key Usages

ca:2c:23:f5:fd:52:a3:ad:b4:b7:b9:cb:76:72:59:80:4e:3b:fa:6dSigner

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 308KB - Virtual size: 307KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 6KB

24
Certificate

10:bb
Certificate

ca:2c:23:f5:fd:52:a3:ad:b4:b7:b9:cb:76:72:59:80:4e:3b:fa:6d
Signer

.text
Size: 308KB - Virtual size: 307KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 6KB