562cf4392c5835d1409aed0d9a958cfe

Sharing

Copy URL Twitter E-mail

General

Target

562cf4392c5835d1409aed0d9a958cfe
Size

1.3MB
MD5

562cf4392c5835d1409aed0d9a958cfe
SHA1

1f19abcc42a5a7bc1a45315eecbb06a3d067fc5e
SHA256

140d38935722723f8cdf29423aeb922fa2ec42574bc2073f1c24e9231b158d0d
SHA512

53970a06ca4b81fe67d21a37bd23f3fc6cc30e57530f53680ad28a01c98c98d155a4aee1c103747a2c30865bfcccc9404df50dba3bd0d7eb4aab045f701cc429
SSDEEP

24576:Dt8FtRpwy4vHnC6ktZ40n4gXG/HC3GuhEmhzOO1N5CjaMq223c8k:BsbgHpkY0n4gXG/i3GujhKgkPCc5

Score

1^/10

Malware Config

Signatures

Files

562cf4392c5835d1409aed0d9a958cfe
.exe windows:5 windows x86 arch:x86

50ca5a017febec6b1efb8d1c89d745b1

Code Sign

0e:9b:38:a9:d8:76:77:5c:b5:9a:7c:0b:54:7c:48:d1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/10/2014, 00:00

Not After

04/01/2016, 12:00

Subject

CN=Goulabs LLC,O=Goulabs LLC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:cd:03:c3:0a:c6:ee:e8:de:b3:41:3e:10:21:84:61:b4:64:2f:36
Signer

Actual PE Digest

81:cd:03:c3:0a:c6:ee:e8:de:b3:41:3e:10:21:84:61:b4:64:2f:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObjectEx
SetVolumeMountPointA
GetModuleHandleW
GetFileType
GetDiskFreeSpaceExA
GetConsoleCP
GlobalHandle
GetNumberOfConsoleInputEvents
GetProcAddress
DuplicateHandle
WritePrivateProfileStringW
GetStdHandle
ConvertDefaultLocale
FlushInstructionCache
GetFileTime
BindIoCompletionCallback
GetCurrencyFormatW
GetConsoleOutputCP
GetLongPathNameW
lstrcmpA
MulDiv
UnregisterWaitEx
GetCalendarInfoW
GetTempPathW
ContinueDebugEvent
HeapSize
GetUserDefaultLangID
WaitForMultipleObjectsEx
SetWaitableTimer
IsDBCSLeadByteEx
FindResourceExW
LocalReAlloc
GetUserDefaultLCID
VerifyVersionInfoW
FindFirstFileW
GetProcessPriorityBoost
GetSystemWindowsDirectoryA
FindAtomW
IsBadWritePtr
OpenProcess
OpenWaitableTimerA
GetEnvironmentVariableW
ResetEvent
GetConsoleAliasExesA
lstrcmpiA
SetFileTime
CopyFileA
SetCurrentDirectoryA
GetStartupInfoW
GetSystemDefaultLCID
GetStringTypeW
SetPriorityClass
GetFileSizeEx
GetShortPathNameA
SetConsoleOutputCP
PrepareTape
CreateMailslotA
GetThreadLocale
ReleaseMutex
CancelIo
GetLogicalDriveStringsW
GetNamedPipeHandleStateW
GetDiskFreeSpaceExW
FindFirstFileA
GetFileAttributesA
SetStdHandle
GetUserDefaultUILanguage
CreateProcessA
MapViewOfFileEx
CreateEventW
DnsHostnameToComputerNameA
GetSystemDirectoryW
FindFirstFileExA
CreateHardLinkA
FreeEnvironmentStringsA
GetCurrentDirectoryA
SetConsoleTextAttribute
CompareStringA
FileTimeToSystemTime
GetSystemWindowsDirectoryW
ReleaseSemaphore
CreateMutexW
GetVolumePathNameA
MoveFileA
GetProfileStringW
CreateTimerQueue
DeleteTimerQueueEx
ExpandEnvironmentStringsW
DnsHostnameToComputerNameW
GetProcessIoCounters
GetACP
GetAtomNameA
GetProcessVersion
OpenEventA
GetPrivateProfileSectionNamesW
GetDevicePowerState
lstrcpynA
SetHandleInformation
ExpandEnvironmentStringsA
GetStringTypeExA
AreFileApisANSI
SetConsoleMode
FormatMessageA
lstrcpyA
PostQueuedCompletionStatus
VerSetConditionMask
MapViewOfFile
EraseTape
CreateFileMappingA
IsValidCodePage
FindNextChangeNotification
GetAtomNameW
ReadDirectoryChangesW
GetEnvironmentStrings
CreateJobObjectW
lstrcatW
PeekNamedPipe
GetProfileIntW
GetDateFormatW
GetModuleHandleA
GetTempFileNameW
MoveFileExW
CopyFileW
GlobalSize
GetLocaleInfoW
SetErrorMode
GetComputerNameW
FindNextFileW
OpenFileMappingA
FindResourceA
GetCommandLineW
GetProcessWorkingSetSize
GetWindowsDirectoryW
SetTapeParameters
CreateWaitableTimerW
GetDiskFreeSpaceA
GetThreadContext
GetSystemDefaultLangID
GetFileInformationByHandle
GetStartupInfoA
GetCalendarInfoA
SetEndOfFile
GetLocaleInfoA
GetFileSize
GetSystemDefaultUILanguage
CreateTapePartition
LCMapStringW
DisconnectNamedPipe
VirtualAlloc
SetFileAttributesW
GetVolumeNameForVolumeMountPointA
GetNumberFormatA
SetComputerNameExW
GetLogicalDrives
SetLocaleInfoA
SetProcessWorkingSetSize
GetPrivateProfileIntA
SetConsoleActiveScreenBuffer
GetPrivateProfileStringW
EnumCalendarInfoExW
CreateMutexA
GetTimeFormatW
GetPrivateProfileStringA
AddAtomA

user32

MsgWaitForMultipleObjects
ReleaseCapture
ScreenToClient
SendMessageW
GetMenuStringW
DestroyIcon
LoadMenuW
SystemParametersInfoW
SendMessageTimeoutW
MsgWaitForMultipleObjectsEx
DrawIconEx
EnumDisplayMonitors
RemovePropA
CallWindowProcW
BeginPaint
GetActiveWindow
GetWindowTextW
CopyImage
GetDC
SetTimer
GetWindowLongA
CreateDialogParamA
LoadCursorW
EmptyClipboard
LoadAcceleratorsW
GetKeyboardState
SetWindowsHookExA
EnableWindow
PeekMessageW
SendDlgItemMessageW
wvsprintfW
GetDoubleClickTime
LoadImageA
InflateRect
InvalidateRgn
CheckMenuItem
MapVirtualKeyW
ShowWindow
GetDlgItemTextW
MapWindowPoints
GetParent
CreateMenu
GetUpdateRect
DrawIcon
SetClipboardData
CreateDialogParamW
SetActiveWindow
CharPrevW
AllowSetForegroundWindow
DrawMenuBar
SetParent
GetClassNameW
AdjustWindowRect
DrawFocusRect
wvsprintfA
TranslateAcceleratorW
GetMonitorInfoW
FrameRect
MapDialogRect
GetWindow
SetRect
SetForegroundWindow

comctl32

FlatSB_SetScrollPos
ImageList_GetDragImage
ImageList_EndDrag
ImageList_AddMasked
FlatSB_GetScrollPos
PropertySheetW
ImageList_DrawEx
ImageList_Create
PropertySheetA
ImageList_GetImageCount
ImageList_Draw
_TrackMouseEvent
ImageList_DragShowNolock
CreateToolbarEx
InitializeFlatSB
ImageList_LoadImageA
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_Read
ImageList_Remove
ImageList_Copy
ImageList_Destroy
ImageList_Replace
ImageList_Add
CreatePropertySheetPageA
ImageList_LoadImageW
ImageList_Write
CreateStatusWindowW
ImageList_SetOverlayImage
ImageList_DragMove
ImageList_GetBkColor
FlatSB_SetScrollInfo
FlatSB_GetScrollInfo
ImageList_GetIcon
ImageList_DrawIndirect
ord17
FlatSB_SetScrollProp
ImageList_ReplaceIcon
CreatePropertySheetPageW
ImageList_BeginDrag
DestroyPropertySheetPage
ImageList_DragLeave

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteW
SHChangeNotify
ShellExecuteExW
SHBindToParent
SHGetDesktopFolder
CommandLineToArgvW

ole32

HPALETTE_UserUnmarshal
CoGetStandardMarshal
CoQueryProxyBlanket
OleDestroyMenuDescriptor
StringFromGUID2
CoTreatAsClass
CoGetTreatAsClass
CoFreeAllLibraries
CreateStreamOnHGlobal
CoGetStdMarshalEx
GetClassFile
CreateBindCtx
CoDisconnectObject
CoRegisterClassObject
StgIsStorageFile
OleLoadFromStream
CoGetMarshalSizeMax
GetConvertStg
HWND_UserSize
ReadClassStg
ReleaseStgMedium
CreateFileMoniker
CoMarshalHresult
OleInitialize
OleRegEnumFormatEtc
HGLOBAL_UserUnmarshal
CoFreeUnusedLibrariesEx
StringFromIID
OleConvertIStorageToOLESTREAM
CoDosDateTimeToFileTime
CoIsOle1Class
OleIsRunning
OleFlushClipboard
CoFileTimeNow
GetHGlobalFromStream
CreateGenericComposite
HMENU_UserSize
CoReleaseServerProcess
CreateItemMoniker
CoMarshalInterThreadInterfaceInStream
CoFreeUnusedLibraries
CoInitialize
OleLockRunning
OleRun
CoCreateInstance
HBITMAP_UserFree
BindMoniker
OleUninitialize
OleConvertOLESTREAMToIStorageEx
CoRevokeClassObject
StgSetTimes
CoGetMalloc
OleTranslateAccelerator
CoLockObjectExternal
OleCreateStaticFromData
CreateILockBytesOnHGlobal
HMENU_UserUnmarshal
HGLOBAL_UserMarshal
CoInitializeEx

oleaut32

CreateErrorInfo
SetErrorInfo

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_except_handler3

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 559KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50ca5a017febec6b1efb8d1c89d745b1

Code Sign

0e:9b:38:a9:d8:76:77:5c:b5:9a:7c:0b:54:7c:48:d1Certificate

Extended Key Usages

Key Usages

81:cd:03:c3:0a:c6:ee:e8:de:b3:41:3e:10:21:84:61:b4:64:2f:36Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 708KB - Virtual size: 707KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 559KB - Virtual size: 1.5MB

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 9KB - Virtual size: 9KB

0e:9b:38:a9:d8:76:77:5c:b5:9a:7c:0b:54:7c:48:d1
Certificate

81:cd:03:c3:0a:c6:ee:e8:de:b3:41:3e:10:21:84:61:b4:64:2f:36
Signer

.text
Size: 708KB - Virtual size: 707KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 559KB - Virtual size: 1.5MB

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 9KB - Virtual size: 9KB