5b75707a1fc9ca2fbac4abb0ece9c539

Sharing

Copy URL

Twitter E-mail

General

Target

5b75707a1fc9ca2fbac4abb0ece9c539
Size

173KB
MD5

5b75707a1fc9ca2fbac4abb0ece9c539
SHA1

ba4f7654628d8d5e1dbc233c85952b11be831707
SHA256

2319122d6375c716e66447760e6962c8f8ec63a8a031e280dbac75eec1b3635b
SHA512

52b22c123dd3f94496a36d8851b72a5888c8c856af30a2a2cdec64b8ad7b69c14896743d73fa80de80e0ca813ccbbb275fcf5a5b34a329650a036d2f9ab13966
SSDEEP

3072:dbCvo4v/mPk6Q2tLrfFW9XLDaCQRhl8Ydu896OjrYIkAEW:Ko4XckgLrfFQ6Cahl8YM8kqrYM

Score

1^/10

Malware Config

Signatures

Files

5b75707a1fc9ca2fbac4abb0ece9c539
.dll windows:5 windows x86 arch:x86

4ca5c7dd41992a4db63f53487134b6af

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:c7:15:a0:e1:cd:be:0a:83:38:df:4c:17:6f:25:4d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

27/03/2015, 00:00

Not After

26/03/2016, 23:59

Subject

CN=\"SISTEMA LTD\",O=\"SISTEMA LTD\",L=Cherepovec,ST=Cherepovec,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:1f:b8:8a:dd:61:3c:cd:e4:12:96:40:f9:c8:54:23:75:f1:d2:69
Signer

Actual PE Digest

e9:1f:b8:8a:dd:61:3c:cd:e4:12:96:40:f9:c8:54:23:75:f1:d2:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
Sleep
MultiByteToWideChar
lstrlenA
GetLastError
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
lstrlenW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
RaiseException
GetFileSize
ReadFile
CloseHandle
GetFullPathNameW
WriteConsoleW
CreateFileW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
SetStdHandle
GetFileType
GetCurrentThreadId
GetCommandLineA
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoW
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEndOfFile

ole32

CoCreateInstance
CreateStreamOnHGlobal

oleaut32

LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen

Exports

Exports

DllGetClassObject

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ca5c7dd41992a4db63f53487134b6af

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

45:c7:15:a0:e1:cd:be:0a:83:38:df:4c:17:6f:25:4dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

e9:1f:b8:8a:dd:61:3c:cd:e4:12:96:40:f9:c8:54:23:75:f1:d2:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 17KB - Virtual size: 25KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:c7:15:a0:e1:cd:be:0a:83:38:df:4c:17:6f:25:4d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

e9:1f:b8:8a:dd:61:3c:cd:e4:12:96:40:f9:c8:54:23:75:f1:d2:69
Signer

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 17KB - Virtual size: 25KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 12KB - Virtual size: 11KB