48f49cd87025c76ca4d4ed34173633f2

Sharing

Copy URL

Twitter E-mail

General

Target

48f49cd87025c76ca4d4ed34173633f2
Size

606KB
MD5

48f49cd87025c76ca4d4ed34173633f2
SHA1

98b6fc6166191e946929ce880d15783bdd5c1c75
SHA256

20d9e3fd9ab84238ca7d2399bef069530b88bde26c68c828551d72b531666db5
SHA512

757b4b06031ab75e00622e1a315e590958147bf0f28fe941718af07f3283413a953c4a01daa7cfd7b4c986e96eed91983c219010c85f0134ba85a4e9a668638b
SSDEEP

12288:vJm5Pb6ZdEOHiI/GIf4m3u4uLEuC8SLneo6NjMX:Rc6QmGI/3u4VgSzZ6K

Score

1^/10

Malware Config

Signatures

Files

48f49cd87025c76ca4d4ed34173633f2
.exe windows:4 windows x86 arch:x86

476fc2ef6ec925388fce10bb6fc86300

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2015 00:00

Not After

24-05-2016 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

22:e2:c5:da:cb:ea:47:e3:00:5b:31:f9:5c:6b:6a:89:e7:11:73:c5
Signer

Actual PE Digest

22:e2:c5:da:cb:ea:47:e3:00:5b:31:f9:5c:6b:6a:89:e7:11:73:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DragObject
BringWindowToTop
EmptyClipboard
OemToCharA
RegisterDeviceNotificationA
SetClipboardData
WaitMessage
ToUnicode
MoveWindow
GetKeyState
SendMessageCallbackW
GetGuiResources
GetWindowTextLengthW
SetWindowPos
GetClientRect
IsCharUpperW
CreateMDIWindowW
LoadKeyboardLayoutW
GetMenuBarInfo
SetClassLongW
ShowWindowAsync
GetCapture
DrawTextExA
wsprintfW
IsMenu
GetKeyboardLayoutNameW
UnloadKeyboardLayout
LoadCursorFromFileW
AdjustWindowRectEx
SetMenuItemInfoW
DefFrameProcA
GetWindowThreadProcessId
MessageBoxTimeoutA
GetMessageW
EnumDisplaySettingsA
CopyAcceleratorTableW
GetClipboardFormatNameW
SubtractRect
SendMessageTimeoutA
OemToCharBuffA
RegisterClipboardFormatW
DrawIcon
SetMenuInfo
CreateCursor
ShowCaret
LoadStringW
LoadCursorA
SetClassLongA
GetTabbedTextExtentW
GetAncestor
UnhookWindowsHook
GetClassInfoExA
LoadCursorFromFileA
GetListBoxInfo
ShowOwnedPopups
EnumDesktopsA
DefDlgProcA
SystemParametersInfoW
DlgDirListA
SystemParametersInfoA
FindWindowA
MessageBoxTimeoutW
PeekMessageA
HideCaret
MessageBoxIndirectA
GetKeyboardLayoutNameA
CloseDesktop
GetUserObjectInformationA
ActivateKeyboardLayout
OpenInputDesktop
ModifyMenuA
PostThreadMessageA
GetKeyboardState
SetDlgItemTextA
GetMenuItemInfoW
RealGetWindowClassW
GetUpdateRgn
IsDialogMessageW
UnregisterHotKey
GetMonitorInfoA
GetWindowWord
GetCursorPos
FindWindowW
IsWindow
EqualRect
EnumThreadWindows
IsDlgButtonChecked
GetMessagePos
EnumDesktopsW
CreateDialogIndirectParamA
UpdateWindow
GetClipboardFormatNameA
BroadcastSystemMessageExA
InsertMenuW
BroadcastSystemMessageExW
GetSystemMetrics
TranslateMessageEx
GetScrollInfo
GetMessageTime
MessageBoxA
IsCharAlphaNumericA
OpenWindowStationA
SetCaretPos
GetWindowTextA
GetWindowWord

kernel32

SetFileApisToANSI
CreateProcessW
lstrcmpiA
SetErrorMode
ReplaceFile
IsBadStringPtrW
AddAtomA
EnumResourceNamesW
HeapReAlloc
GetCalendarInfoA
FindFirstFileExA
SetFileShortNameW
VerLanguageNameW
SetFileApisToOEM
ClearCommError
CloseProfileUserMapping
CancelIo
GetLargestConsoleWindowSize
SetComputerNameA
CreateDirectoryA
GetPrivateProfileIntA
WinExec
GetThreadContext
GetFileInformationByHandle
ReadConsoleOutputCharacterA
GetModuleHandleExW
GetConsoleCursorInfo
GetPrivateProfileStringA
ClearCommBreak
GetEnvironmentStrings
RemoveDirectoryA
WaitNamedPipeW
GetStringTypeExA
SetEnvironmentVariableA
LZInit
CompareStringA
Heap32First
BuildCommDCBAndTimeoutsW
CreateProcessInternalW
FileTimeToLocalFileTime
WriteConsoleOutputA
ScrollConsoleScreenBufferA
OpenEventW
FindClose
GetDiskFreeSpaceExA
ConnectNamedPipe
EnumSystemLanguageGroupsA
WaitForSingleObject
CreateTimerQueue
MapUserPhysicalPages
GetOEMCP
GetProfileIntA
FlushConsoleInputBuffer
GetNamedPipeHandleStateA
GetThreadSelectorEntry
LocalSize
GetStringTypeA
GetTimeFormatA
CreateFileA
GetProcessTimes
ConvertDefaultLocale
GetConsoleKeyboardLayoutNameA
PulseEvent
FindFirstVolumeMountPointW
lstrcpyn
lstrcpyW
QueryDosDeviceW
ExpandEnvironmentStringsW
WaitForMultipleObjectsEx
GetConsoleFontInfo
GetDriveTypeA
GetTimeZoneInformation
FindFirstChangeNotificationA
GetACP
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextW
PageSetupDlgW
ChooseFontW

shell32

ShellExec_RunDLL
InternalExtractIconListA

Exports

Exports

�B��$��~��'�=�#`wٝ@�U��WC0MX�b�sda�0��K�w��ϴ�݋�aӉ5��@�)c|1Q�Ģ�W�q1bȪ�T0>%��#Z��f4�[��"��Ι��[��PE�*��=y��GF��[u�z � ��a�x��vʙ�q��P�1A�=��I�.�1i��f�q67Մ�u�� I#�m��}N��g�tu�Ļ��5�@�w] ](��8�{��D� ��wg ��u] �͑;��y�'�iG�} ��QB��t�}�ާG�lݫ��*Eʩ�Y�Ҋ��+�b��-r��_��)h H��=&��)��S�<�$��s�v��bs��E��X��&��U��s��A�W��[Gʔ^.;�M-J�<�ج��Z6��ȕ&g��J�:��sY��D 6�)d6�n-U9��L��@_D��e|��C�]��n�y H3FҠ�b��L��kL�˨��:s��"�p�%�o[��]��1G��,��ܒ��zn��'�-A򎤽~�O�p�kp�Ʌ�xp��+XA'x)��C��~��*D�J�2aCi��s�~�� X�R�`TTs��9o�C�u�= *�i�;�)r5�%��Lܺ�S�F�8. ��'�s&DN�*RR��fN��KԳ�sk눢Bbw`��;�3hNW�Gn_n��=N�$�# �>�x�,��g^�'q��\QQ��z�nEх�M��/�-K�O��}3?��8��4w��/�\t-�[n�{��$�T�$ @I�D��#( ��܏��깰?�� ڢ�bl�!�1�'�,�P&`G��^��D�w[ú4V�j��ꮢ��!��*t�$� Kו��H}�?�<i��YTv(`��=y=B�� 1�z x��p)��Srh��q�X�3�E$��"��Fr��J%V��'O ��_>h�s�qE��+��/�`��"C��T�)��y�q!nc>�4�oc(�= �Fn� �ᩬhw>��/?� ��<|�*�H�,;��_W�o�hqx�t�NW��C��ըp��S�ǭWo�a[ �"�Y�Q�"��R�i�c�,�b��ل��j��a;A e�%�W$�y��إ��Ū�~\��nc"�2�D��CLeP \e�ݤB�� J_uE��n��F.LB��̓�k:�U�0?��aƭͣ�yE��ܜ��V0�zO�`0�U ��U��)��ݾc^��<k�L�{��b��ڹ�'�;�{0(��U��k�p`$��]�M�ѕ�.sg㋇�p�$�ʔ��_!3�^CQg׬�2�3�3�wB��)7;�6K n��X�:s=��`�*�(@��X�1ӷ��8��m��ۏ��A-�z��`GS��rp�WU=C�d�m��ύe*�"�7X��E0��ʰ�g61=;��:F䁱��`Y��`[sl�ļT�#��a�Z3�\ׁ��nQ�-�G��&�AI!w��w!�j�_��DcW@�9�??�s� �Չt�,��o;��>��[��1��I�-R��%�ƟY�?3].�e�䌗n۝B�+��&��_��kt��Kq�7TQM��g��싵(��P��`��lzьy�j��St��9wif|o��[�Vl��Ƴ�V�-�g��l��n>(��sΟ\�T�aǪͮ?��W��m=�7,�/A8�]>(Zzg��bQ��U��aR�Q�N��i��*(�� Pw�u��`�� `c�s��x�BL�#ض��|� NQ��x(��a��V��O �7i��I�j�T��p0r#�# U�u:��Qi'\y��Sڢ��> z|�w��n� ��"�,|�w�3�L:;@V�O�IR'K�.�h��'@��3 8n8��veEZ��n��gUdq�1�12�~t��y��&��u�%��Z��=e ��qU_�s�iL��2�3J:��Q�:�t��a�<��[��I,6@A�?��XҞ؁D�S�e��>��Bl��Gb�9�Y�|ˮ"��.��%u��o�Z�&�@�w�+�k��!�λL��%ޣ�p�qv&��˵��R�rs��?m*Fﷸd��*��[DC��)�=��){��U��zxz�8��P V�{'�"��<'��O�D�F�i��L��Y�us��v��sk��κ�G��V)9��G4q9�wG1�o�M�Y�:� ��q��*�u=��j�`ΐ`�n��%��x~h'��P(�~uJ�>�I!+h��DAkU��K�S��,��_�4��?�Dhy~gv�J/��V辳4��i0ٵ�%��c��Ғ/@B6e"e5-��)M��Jq��]��`��0�$ή�\��6�0��|�9ѯ�C|�M0��8ߛ�E��$vɁf�m5��kbr�|S/u1��F5��S��0:��_U��(��Z��+��f��9�z�R[n�'�$��,K.�|=>?1��F�M��Fg��u�T��kt� -)�$�c�Z�V�,��->�O�%�Մ��OB�c|+�� X�8��A��n[�4䔏�]�ɄOEg��^�^Q��"��1/ZvLS��ٰ�6��,�l΁�w@�E �'��Z�ia�$t�ҕb0��bĳĞ�*�pU��sG�}>8��ٚhrvQ4��k��0�<��w�Aq-�9�%5=��mgz��ᆟ��C�S[J�Ύ�P;M�$h��l�\��]�� 'BY�I m<&قsi^�ЫK�Vb�NTW�N��Fzh�k��X��o�_�6)��y��ue/��R;t�ز s��09?�W��NЏl��{�FVE��=�Y�f~��LP��%Y;$��j˽3.��3��

Sections

CODE
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 821B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

476fc2ef6ec925388fce10bb6fc86300

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

22:e2:c5:da:cb:ea:47:e3:00:5b:31:f9:5c:6b:6a:89:e7:11:73:c5Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

shell32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 440KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 821B

.idata Size: 5KB - Virtual size: 4KB

.text0 Size: 18KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 60KB - Virtual size: 60KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

22:e2:c5:da:cb:ea:47:e3:00:5b:31:f9:5c:6b:6a:89:e7:11:73:c5
Signer

CODE
Size: 441KB - Virtual size: 440KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 821B

.idata
Size: 5KB - Virtual size: 4KB

.text0
Size: 18KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 60KB - Virtual size: 60KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB