4f11deacd5655e9e3c294a0693b2e413

Sharing

Copy URL Twitter E-mail

General

Target

4f11deacd5655e9e3c294a0693b2e413
Size

300KB
MD5

4f11deacd5655e9e3c294a0693b2e413
SHA1

2bfde524ab8ff38f81e2ac64f0936a80535a5935
SHA256

687418d597a5d833e3606eefe651180c1c32bf123224049393481ad01ecbe6d5
SHA512

d3e7c9efec9a00750ef35593181a18927967cc87388633a6ac200d3b62e26acf722997a60b167b6925b778c95073d80344fa9bda0a0963e34fab4578491432b4
SSDEEP

6144:ypb809Dqp24+G3HxUlMjC0v8uJp+O0Qox7tGqjBcHUVO:K/deAyRUz0pJp+O0Q07tGqjBS

Score

1^/10

Malware Config

Signatures

Files

4f11deacd5655e9e3c294a0693b2e413
.exe windows:5 windows x86 arch:x86

2299a3e6c5ee96e3c5c14ddb97e1508b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:2d:2a:13:f8:af:95:fe:10:35:fc:98
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

31/05/2019, 07:24

Not After

10/09/2021, 08:23

Subject

SERIALNUMBER=1125476195459,CN=Atom Security LLC,O=Atom Security LLC,STREET=Akademika Koptyuga Avenue\, 4\, office 158,L=Novosibirsk,ST=Novosibirskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13154e6f766f7369626972736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:f6:01:ba:95:2d:ae:45:18:85:84:cb:59:5b:cf:c8:9a:98:dc:d2
Signer

Actual PE Digest

9e:f6:01:ba:95:2d:ae:45:18:85:84:cb:59:5b:cf:c8:9a:98:dc:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
WSAStartup
WSCEnumProtocols
WSCDeinstallProvider
WSCInstallProvider
WSCGetProviderPath
WSACleanup
inet_addr
gethostbyname
inet_ntoa
socket
htons
WSACreateEvent
WSAEventSelect
connect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket

rpcrt4

UuidCreate

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
MultiByteToWideChar
InterlockedDecrement
LoadLibraryW
ExpandEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
GetLocalTime
DeleteCriticalSection
MoveFileExW
MoveFileW
CopyFileA
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
MoveFileExA
MoveFileA
CreateFileW
GetTempPathW
GetTempPathA
ExpandEnvironmentStringsA
GetVersionExA
CloseHandle
GetCurrentProcess
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
WideCharToMultiByte
GetSystemTime
lstrlenA
FindFirstFileA
DeleteFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
WriteConsoleW
FlushFileBuffers
CreateFileA
HeapReAlloc
GetStringTypeW
LCMapStringW
SetEndOfFile
GetProcessHeap
LocalFree
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
SetStdHandle
GetSystemTimeAsFileTime
IsValidCodePage
GetOEMCP
GetACP
RtlUnwind
RaiseException
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
WriteFile
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
Sleep
HeapSize
ExitProcess
GetCPInfo
QueryPerformanceCounter

user32

wvsprintfA

advapi32

OpenProcessToken
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegCreateKeyExA
RegRestoreKeyA
RegSaveKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceW
CloseServiceHandle
QueryServiceConfigW

ole32

StringFromGUID2

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2299a3e6c5ee96e3c5c14ddb97e1508b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

74:2d:2a:13:f8:af:95:fe:10:35:fc:98Certificate

Extended Key Usages

Key Usages

9e:f6:01:ba:95:2d:ae:45:18:85:84:cb:59:5b:cf:c8:9a:98:dc:d2Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 10KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

74:2d:2a:13:f8:af:95:fe:10:35:fc:98
Certificate

9e:f6:01:ba:95:2d:ae:45:18:85:84:cb:59:5b:cf:c8:9a:98:dc:d2
Signer

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 10KB - Virtual size: 9KB