5f63ef6e9b26d07b5b994a86995db3da

Sharing

Copy URL

Twitter E-mail

General

Target

5f63ef6e9b26d07b5b994a86995db3da
Size

23KB
MD5

5f63ef6e9b26d07b5b994a86995db3da
SHA1

eaec91ea887a4c3f14f6a9b9e564ce23801c2d5f
SHA256

4fb12cdc4d3fa7a373d39b73e4fdff54f932718973d4eadbd81dcc34d2d4d4e8
SHA512

481cef1ed453783edead096524d0ea2631c6f7984e3f7544fbc021a3247b69d6ecb3681ea77411872ac729bdbd9558dcac00dcf3ef48399f044ef0f750669ec7
SSDEEP

384:aFSm2org/YYaNjvLF1igphqBPO3khh4WWieZW9T2tZHw:aFS9org/YYa9vLFLOkkhhdeVHQ

Score

1^/10

Malware Config

Signatures

Files

5f63ef6e9b26d07b5b994a86995db3da
.exe windows:5 windows x86 arch:x86

e217cc1d1aa22b05dbf81b6f244b72d4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

Issuer

CN=wqefggq235123

Not Before

01-03-2012 11:19

Not After

31-12-2039 23:59

Subject

CN=wqefggq235123

Extended Key Usages

ExtKeyUsageCodeSigning

a4:db:16:ac:69:e7:7f:a2:33:f4:92:d7:ef:94:e1:79:67:73:eb:64
Signer

Actual PE Digest

a4:db:16:ac:69:e7:7f:a2:33:f4:92:d7:ef:94:e1:79:67:73:eb:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenSemaphoreA
PeekConsoleInputA
PeekNamedPipe
Process32Next
QueryDosDeviceW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
ReadFileScatter
ReleaseSemaphore
RtlZeroMemory
SetCommMask
SetComputerNameW
SetConsoleDisplayMode
SetEndOfFile
OpenJobObjectW
SetFileApisToANSI
SetFileTime
SetLastError
SetSystemPowerState
SetThreadContext
SetThreadPriority
TerminateJobObject
TransmitCommChar
TryEnterCriticalSection
VerLanguageNameW
VirtualLock
VirtualProtect
WideCharToMultiByte
WinExec
WritePrivateProfileStringA
lstrcpyA
LocalUnlock
LocalHandle
LocalFree
IsValidLanguageGroup
IsValidCodePage
InitializeCriticalSectionAndSpinCount
HeapSize
HeapDestroy
HeapCompact
Heap32Next
Heap32First
GlobalWire
GlobalCompact
GetVolumeNameForVolumeMountPointW
GetUserDefaultLCID
GetTempFileNameW
GetSystemDefaultUILanguage
GetSystemDefaultLangID
GetPrivateProfileStringA
GetOverlappedResult
GetModuleHandleW
GetLargestConsoleWindowSize
GetFileSizeEx
GetEnvironmentVariableW
GetEnvironmentVariableA
GetEnvironmentStringsA
GetDiskFreeSpaceExW
GetCurrentThreadId
GetConsoleTitleA
GetModuleHandleA
GetConsoleCP
GetComputerNameExA
FreeLibraryAndExitThread
FreeEnvironmentStringsW
FoldStringA
FlushFileBuffers
FindVolumeMountPointClose
FindNextVolumeW
FindNextVolumeMountPointW
FindNextChangeNotification
FindAtomW
FillConsoleOutputCharacterW
FileTimeToLocalFileTime
EnumResourceTypesA
EnumDateFormatsExA
EndUpdateResourceA
DuplicateHandle
DeleteVolumeMountPointW
DeleteTimerQueue
DebugBreak
CreateRemoteThread
CreateMailslotW
CreateMailslotA
CreateIoCompletionPort
CreateHardLinkA
CreateDirectoryW
CompareStringA
CompareFileTime
CancelIo
BeginUpdateResourceW
GetWindowsDirectoryW
GetProcAddress
SetEnvironmentVariableA

msvcrt

memset

advapi32

RegOpenKeyA

oleaut32

VarDecMul
VarDecSu
VarFix
VarI1FromDate
VarI1FromI4
VarI1FromR8
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromR4
VarI4FromI2
VarI4FromUI1
VarOr
VarPow
VarR4FromCy
VarR4FromI1
VarR4FromI4
VarR4FromStr
VarR4FromUI2
VarR8FromDate
VarR8FromDisp
VarR8FromI4
VarR8FromR4
VarR8FromStr
VarUI1FromUI4
VarUI2FromBool
VarUI4FromDate
VarUI4FromI1
VarUI4FromI4
VarUdateFromDate
VarWeekdayName
VariantTimeToSystemTime
VarDecFromR4
VarDecFromI1
VarDecFromDisp
VarDecFromCy
VarDecCmp
VarDecAdd
VarDateFromUdate
VarDateFromR8
VarDateFromR4
VarDateFromI1
VarDateFromDisp
VarDateFromDec
VarDateFromCy
VarCySu
VarCyRound
VarCyMul
VarCyFromUI2
VarCyFromStr
VarCyFromR4
VarCyFromI4
VarCyFix
VarCyCmpR8
VarCyCmp
VarCyAbs
VarBstrFromUI4
VarBstrFromUI1
VarBstrFromI4
VarBstrFromDec
VarBstrFromDate
VarBstrFromBool
VarBstrCmp
VarBstrCat
VarBoolFromR4
VarAdd
VARIANT_UserSize
UnRegisterTypeLi
SystemTimeToVariantTime
SysStringLen
SysReAllocString
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayDestroy
SafeArrayCopyData
SafeArrayAllocDescriptorEx
OleLoadPictureFileEx
OleIconToCursor
OleCreatePictureIndirect
LoadTypeLibEx
LoadTypeLi
LoadRegTypeLi
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_Size
LPSAFEARRAY_Marshal
GetErrorInfo
DispGetParam
BSTR_UserSize
VarBoolFromI4

imm32

ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDisableIME
ImmEnumInputContext
ImmEscapeA
ImmEscapeW
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDescriptionA
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmAssociateContextEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetRegisterWordStyleA
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEA
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmRegisterWordA
ImmReleaseContext
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmUnlockIMCC
ImmGetIMEFileNameW
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e217cc1d1aa22b05dbf81b6f244b72d4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50Certificate

Extended Key Usages

a4:db:16:ac:69:e7:7f:a2:33:f4:92:d7:ef:94:e1:79:67:73:eb:64Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 124B

.text3 Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

a4:db:16:ac:69:e7:7f:a2:33:f4:92:d7:ef:94:e1:79:67:73:eb:64
Signer

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 124B

.text3
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB