5e4df1fd6fcf1a9e6fd0b348fa679a7f

Sharing

Copy URL Twitter E-mail

General

Target

5e4df1fd6fcf1a9e6fd0b348fa679a7f
Size

611KB
MD5

5e4df1fd6fcf1a9e6fd0b348fa679a7f
SHA1

d1c7576cbd7634172f0b438fa735b5e4b309d73a
SHA256

237eee2b166c1b34b07b034a79f5b968d39d63965d0107b6c368108dbc02e409
SHA512

dbbad96066f862bace0f2cf39a6b07754bb3f869d78de65e3607cb8c43fd224f603a2dee5ddc78052e6c53cccb5d5bbfc47a9a8c555ff5447e950efa5fd56113
SSDEEP

12288:3uDzf3vSBxiR43LpbqCoVdnGlfmIMHhXCa409Z7R2ISJGDw3yiMZ:3unPvSNYVxGlfmt4PS7U5Ji5f

Score

1^/10

Malware Config

Signatures

Files

5e4df1fd6fcf1a9e6fd0b348fa679a7f
.exe windows:4 windows x86 arch:x86

08a7084306fc5f6d60b0dc95de1c0474

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/04/2015, 00:00

Not After

23/04/2016, 23:59

Subject

CN=IMTER,O=IMTER,POSTALCODE=390000,STREET=d.27 ul.Lenina,L=Ryazan,ST=Ryazan region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

15:87:d1:df:9c:be:c2:74:5d:15:b9:fd:f6:75:48:b0:5f:b8:a9:08
Signer

Actual PE Digest

15:87:d1:df:9c:be:c2:74:5d:15:b9:fd:f6:75:48:b0:5f:b8:a9:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetSysColorBrush
GetMenuInfo
RealChildWindowFromPoint
GetMenuItemInfoA
SetSystemMenu
CharLowerBuffA
EndDialog
SendDlgItemMessageW
SetMenuContextHelpId
SetForegroundWindow
GetMouseMovePointsEx
DrawAnimatedRects
GetProcessWindowStation
OemToCharA
DrawStateA
RealGetWindowClassW
GetPropW
GetScrollInfo
DefWindowProcW
LoadKeyboardLayoutEx
GetKeyState
BroadcastSystemMessageExW
GetAltTabInfoW
CreateDialogIndirectParamW
GetWindowTextLengthA
ShowWindowAsync
GetClassNameW
PaintDesktop
CheckMenuItem
IsDlgButtonChecked
GetWindowInfo
LoadAcceleratorsW
CreateMDIWindowA
GetScrollRange
IsWindowUnicode
wvsprintfW
GetClassInfoW
SetThreadDesktop
SetSystemCursor
GetClassLongW
ChangeDisplaySettingsW
CharUpperW
TrackPopupMenu
DefDlgProcA
OemKeyScan
IsDialogMessage
SendMessageTimeoutA
SetParent
CharToOemW
DrawFrameControl
AppendMenuW
PrivateExtractIconsA
ChangeDisplaySettingsA
CreateIconIndirect
LoadStringA
MonitorFromRect
SetPropA
CloseDesktop
SetUserObjectInformationA
CharToOemBuffW
UnionRect
GetUserObjectSecurity
ScreenToClient
GetIconInfo
OffsetRect
AppendMenuA
ModifyMenuW
DrawTextA
CreateDialogParamW
wvsprintfA
SendInput
EnumClipboardFormats
RedrawWindow
RemovePropA
SetWindowPlacement
FlashWindow
GetUpdateRect
DefDlgProcW
IsCharAlphaNumericW
OpenDesktopW
SetClassWord
BlockInput
RegisterClassExA
GetWindowTextW
GetCaretPos
AnyPopup

kernel32

ReadConsoleInputExW
CreateFileMappingA
GetSystemDefaultUILanguage
FindFirstFileExA
GetFileAttributesExA
SetTapeParameters
CreateTapePartition
GetCurrencyFormatW
VerifyVersionInfoA
SystemTimeToTzSpecificLocalTime
ReadConsoleOutputAttribute
GetTimeZoneInformation
GetMailslotInfo
GetACP
WaitForMultipleObjects
HeapCompact
FindNextVolumeMountPointA
BuildCommDCBA
EnumSystemCodePagesA
SetLocalTime
VirtualQueryEx
GlobalCompact
DeleteTimerQueueEx
GetSystemTimeAsFileTime
GetTapeParameters
SearchPathA
TerminateProcess
WideCharToMultiByte
OpenFileMappingA
BeginUpdateResourceW
GetEnvironmentStringsA
GetTickCount
SetFileValidData
GetLongPathNameW
GetProcessShutdownParameters
GetVolumePathNameW
EnumLanguageGroupLocalesW
OpenSemaphoreW
FindNextChangeNotification
RtlFillMemory
FindResourceExA
GetSystemPowerStatus
VerifyConsoleIoHandle
GetLocalTime
AttachConsole
EnumResourceLanguagesW
SetLocaleInfoA
IsValidLocale
FindFirstVolumeMountPointW
ReadConsoleW
FindNextVolumeA
GetVolumeInformationW
ConvertDefaultLocale
GetProcessHeap
GetLastError
FreeEnvironmentStringsW
VirtualQuery
LoadLibraryA
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

��Q� �{��WcZ��)$��hZ1��7�מ��ϣ��h�a= sm�啊�SI��/��6<�6��cf(bI_;e��mLL�F -g��1�2[=�n��7�Cò�!��n8�� xVΆ�a1��M��_ʎ�L��S�H��B��8ĕ��-�y�x��RA�ɒ�V�>CI{?�u�� }��O<��cn,Uc��_;��3�ؒ0�P�g��&"=�é�!��/��@�ge��DB�G$A�.�go[3��;�a�O~se�G��j-��i��߲�ȎV�bx��'��4�>05�qb>{ �pRR�A1��d�[-�_�B_{��7 �"m!�*S�ԥ�~��~�w�ddR�R�^��.�6��vm�G��(��b��؜S�M��k��7�vZ�M�<1�?ȼ%*a\�m�0�Y��x!Іt� ��C�ƤZ��φ<״��x�`��F��?� )��u_a/&V�˒}W�� l��I�E��BY��<��,$��'��-]�� 02]�Ä֗5u6��"��ƛ��qsY��C 5*��)��vv�U�|=��'��"۞�� _�:.md��H�v��{|��H��8��_�l��(`��ʋm��_f�"^��=� ý��NZ`)|�i�+6r�G_�s]��5B�7�U�KW+��)��p��hZ4-<�v퀹̵ �"zN�0�Z��x?��kW��b��?��k�y�� ;�|2��l1"d��.t��Q}��%�U3<e��`��D@�f��z��Xp-]��r��AdB��&�\�M9��#@tD��&mm)��Pſ�l�b�[�@�kvu)��S�E�F>��v��3�6��5��j+�30�0�g�^\�n{��c��<�8�[9F9�2K��|��]!h�}�)&H�)�ՇY��hu��!G��w��w�\N�,�(��/?��]��Lb��@w1�8��S'.2��:G��J��qA\�~��xVZ;�71�L�Xݾ<�Ot�G��F�y�8F�"�L��e��0iE~�>��`�~��|xs�\u��س�J�_Vc1w��n3��]e��9��ɳ��о+��w��FE6�.G�Y�Ks�n:�1��\^�c��r��o��fr�e~��HK<�xe�=��q��v�yƴ�N��'Gp�K��|��nIБu�|H�5��^��c�+�=�tz}�]��E(i�8=��6Zj*��F�ԯ��2�9&w\]I��ۏu��E�A�֢:��`�P��¥s19��٣h_ӹ��EM��X��i�EuΠM�0�[Gj��ɳ�7 ��}0��e��o�n��l��l�6��6��}��aGU�wI��F��Cw��\��_��к�h��=�Z�S8+�j��#��a��!>�3[�z7��z0��[1��8�Qr=B��7'v|N ��=zj!^K@v��5��J��+�>�}gi�w��uI��\�s[��^��f7ڣj�1�hR��~��h��R,2a��_�\��0|{!�Ov��?�ks/�ݿ"�Y�#b�Ӫ� #/�Nhw��v<��I ڈv� �}.�2��_��x��Z�П/4�z9��o��o!3��kg�s��yAa�ӽo��ц��C`ye��lu��!&LQ*뭷�~7�fxvvK��[��t�uP֝Hd��sX,��3�{��G�:�*��J"�5�C8��[1e`j�7�ozE�)w��4�A�ʰ��+}Yh{�~~37�אa9��T]��Y��&�N�{*'�1��N��_��,u�zmq��6V��kc��1��ۄrr(��P��!��Q��!D:�r�5�nOU��[�f�m1 ��U��>]D;)ގzS��.Ԇ-_�T�퇃G�%��T x��.7�+��c��B��̷S�S�2�;C�76>itnO��0�=�4��4No%i�'��bE��(^Z�9A 9ɀ�M��$� ah�[��]�>��Oҕ"z�H�W��Ŝ�L�yws��&\�j��Q��b��S��v�0�_<�8�Î^��U}M*��"&UN��!��%��0�"O�M��b�I��/��۷M�10��:2o¼��v��慽3Z&˿��]Nᔜ��h�H��N�2�De}��T��h?��NC��tp1&I� �e�s<��Y��X�Z#p�_�$$]{��S�hfF{X�PI�(f��V{h?�l.|��~��J={_��3��{@��w��P��w��/וa;>g��),]^Y@�+v� a�ԭ#�3��G��O�Y4+�.9@~~ �m��ͨ��DA=�䥅�҃wg�/��o:%!�M��P�]��F��;��G�,�V��(j̺�j��A-��F<el��V!��0D�׉��t�M��ũ6觥?�4�wo��p�ͧ�tqP��#i��ف�Oe��Q��x㋨�j��9E�g��i�&�6��:��1+��nOƵ�Z��ϲ�(a�͙$�\L��lD�Z�{��ً$�� 3/_� Q�ZU�߿��ˬ��.��>��v��1��!h�L��!��Լ�-��;�k<��C��l��"��a��ǅ�TB߾�d��F��ݧ�a�\-��E��ә4qѷY�|��C��?��e�OI[��:S2�߸�O�e��*�$��2�7= YYc+�;��t�/�?ھ W�sYꖖk�!k�l��\ ��u`��]w�IpRغ)�c��-ǹ��D��<F�)��(b�J��(>p��g�G2`ı ��3�Vj�ۃ[�U��XS��s�c� �.��'��S0�c�2��4��M��h��On�α��F�uk:D�6�

Sections

CODE
Size: 437KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08a7084306fc5f6d60b0dc95de1c0474

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62Certificate

Extended Key Usages

Key Usages

15:87:d1:df:9c:be:c2:74:5d:15:b9:fd:f6:75:48:b0:5f:b8:a9:08Signer

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

CODE Size: 437KB - Virtual size: 440KB

DATA Size: 20KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 8KB

.text1 Size: 18KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 4KB

.text0 Size: 65KB - Virtual size: 68KB

.reloc Size: 5KB - Virtual size: 8KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

08:fb:73:cc:96:73:b5:cb:9d:11:27:c5:ae:55:86:62
Certificate

15:87:d1:df:9c:be:c2:74:5d:15:b9:fd:f6:75:48:b0:5f:b8:a9:08
Signer

CODE
Size: 437KB - Virtual size: 440KB

DATA
Size: 20KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 8KB

.text1
Size: 18KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 4KB

.text0
Size: 65KB - Virtual size: 68KB

.reloc
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 53KB - Virtual size: 53KB