52a9b443af9162124d026477c055bf68

Sharing

Copy URL

Twitter E-mail

General

Target

52a9b443af9162124d026477c055bf68
Size

23KB
MD5

52a9b443af9162124d026477c055bf68
SHA1

92fc4f9adc393aafae72f6cb5acd7a076ca2757f
SHA256

11a073af298b7be9fa7f9f2f7f99ebdb78bda79b4922c788238083484808da49
SHA512

69087662c4d961bdf5d2aeca281e254123595f223ba84297809f66f5397d06714c7f13aafc20c1bd75d02b93061b23d96c55e0897086f4c8aeea1c5b55ffa61b
SSDEEP

384:OaQ5DssaQ5+LSYcd66US5ifW3FTdU1zhh4WWieZWdClE5i:xQ5DcQ5+LGGSYfsdU1zhhdeRh

Score

1^/10

Malware Config

Signatures

Files

52a9b443af9162124d026477c055bf68
.exe windows:5 windows x86 arch:x86

fa23b285bee807aa7eff1a6ae3b22c08

Code Sign

0e:69:3a:04:80:e7:7a:af:46:7b:4a:c6:7a:96:a5:67
Certificate

Issuer

CN=13612fg346b1234

Not Before

29/02/2012, 10:12

Not After

31/12/2039, 23:59

Subject

CN=13612fg346b1234

Extended Key Usages

ExtKeyUsageCodeSigning

dc:ac:ce:79:1d:be:04:44:f2:3c:20:03:05:e0:bd:5d:1c:dc:c0:81
Signer

Actual PE Digest

dc:ac:ce:79:1d:be:04:44:f2:3c:20:03:05:e0:bd:5d:1c:dc:c0:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitAtomTable
InterlockedIncrement
IsDBCSLeadByte
IsValidCodePage
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalHandle
LockFile
Module32First
Module32Next
MoveFileWithProgressA
ProcessIdToSessionId
PulseEvent
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
RemoveDirectoryA
ReplaceFileW
SetCommBreak
Heap32Next
SetDefaultCommConfigW
SetEndOfFile
SetFilePointer
SetLocaleInfoA
SetSystemTime
SetTapeParameters
SetThreadPriority
SystemTimeToTzSpecificLocalTime
TransactNamedPipe
TransmitCommChar
VerLanguageNameA
VirtualFreeEx
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputAttribute
WriteConsoleOutputW
WriteConsoleW
WriteProfileSectionW
lstrcpyn
GlobalFree
GlobalFindAtomA
GetVolumeInformationW
GetVersion
GetUserDefaultLangID
GetUserDefaultLCID
GetThreadContext
GetTempPathW
GetTapePosition
GetSystemInfo
GetSystemDefaultLCID
GetQueuedCompletionStatus
GetProfileSectionW
GetProfileSectionA
GetProfileIntW
GetProcessTimes
GetPrivateProfileSectionNamesW
GetPrivateProfileIntA
GetModuleFileNameW
GetLongPathNameA
GetLogicalDrives
GetLocaleInfoA
GetFileAttributesExA
GetDevicePowerState
GetCurrentThreadId
GetConsoleWindow
GetModuleHandleA
GetConsoleFontSize
GetConsoleDisplayMode
GetConsoleAliasA
GetAtomNameA
FreeResource
FlushFileBuffers
FindVolumeMountPointClose
FindResourceA
FindFirstFileExW
ExitProcess
EscapeCommFunction
EnumSystemLanguageGroupsW
EnumSystemCodePagesA
EnumResourceNamesW
EnumDateFormatsW
EnumCalendarInfoW
DisableThreadLibraryCalls
DeleteFileA
CreateJobObjectW
CreateDirectoryW
CreateDirectoryExA
CreateDirectoryA
CopyFileW
ConvertThreadToFiber
CancelWaitableTimer
BuildCommDCBAndTimeoutsW
AreFileApisANSI
AllocateUserPhysicalPages
GetProcAddress
SetComputerNameExW

msvcrt

memset

advapi32

RegOpenKeyExA

oleaut32

VarDecFromStr
VarDecFromUI4
VarDecInt
VarFix
VarFormatCurrency
VarI1FromUI2
VarI2FromDate
VarI2FromDec
VarI4FromCy
VarI4FromR4
VarImp
VarOr
VarR4FromDate
VarR4FromI4
VarR4FromR8
VarR4FromUI2
VarR8FromBool
VarR8FromCy
VarR8FromDec
VarR8FromR4
VarUI1FromI2
VarUI2FromCy
VarUI2FromDate
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI4
VarUI2FromR4
VarUI2FromStr
VarUI2FromUI1
VarUI4FromBool
VarUI4FromDec
VarUI4FromI2
VarUI4FromUI1
VarUdateFromDate
VariantClear
VariantCopy
VectorFromBstr
VarDateFromUdateEx
VarDateFromUdate
VarDateFromUI2
VarDateFromStr
VarDateFromDisp
VarDateFromBool
VarCyRound
VarCyMulI4
VarCyFromUI4
VarCyFromI2
VarCyFromBool
VarCyFix
VarCyAdd
VarCmp
VarBstrFromUI1
VarBstrFromR8
VarBstrFromI4
VarBstrFromI1
VarBstrFromDisp
VarBstrCmp
VarBoolFromUI1
VarBoolFromR8
VarBoolFromDisp
VarAnd
VARIANT_UserSize
SystemTimeToVariantTime
SysStringLen
SysFreeString
SysAllocStringLen
SafeArrayUnlock
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCopyData
SafeArrayCopy
SafeArrayAllocDescriptorEx
RevokeActiveObject
RegisterTypeLi
OleLoadPictureFileEx
OleLoadPictureEx
OleIconToCursor
OleCreatePropertyFrameIndirect
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_Size
LPSAFEARRAY_Marshal
GetErrorInfo
DosDateTimeToVariantTime
DispInvoke
DispGetParam
CreateStdDispatch
BSTR_UserUnmarshal
BSTR_UserSize
SafeArrayGetLBound

imm32

ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmGenerateMessage
ImmGetCandidateListCountA
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmConfigureIMEW
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetVirtualKey
ImmInstallIMEA
ImmInstallIMEW
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmReSizeIMCC
ImmRegisterWordA
ImmRegisterWordW
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmUnlockIMCC
ImmGetOpenStatus
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa23b285bee807aa7eff1a6ae3b22c08

Code Sign

0e:69:3a:04:80:e7:7a:af:46:7b:4a:c6:7a:96:a5:67Certificate

Extended Key Usages

dc:ac:ce:79:1d:be:04:44:f2:3c:20:03:05:e0:bd:5d:1c:dc:c0:81Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 7KB - Virtual size: 6KB

.text2 Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 180B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

0e:69:3a:04:80:e7:7a:af:46:7b:4a:c6:7a:96:a5:67
Certificate

dc:ac:ce:79:1d:be:04:44:f2:3c:20:03:05:e0:bd:5d:1c:dc:c0:81
Signer

.text
Size: 7KB - Virtual size: 6KB

.text2
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 180B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB