6068441c484780f4b89b7c643c988811

Sharing

Copy URL

Twitter E-mail

General

Target

6068441c484780f4b89b7c643c988811
Size

133KB
MD5

6068441c484780f4b89b7c643c988811
SHA1

0f56827166e11a8ee2394f4e1b393ce9e57fe6fc
SHA256

242ac59c1441400b822d56753f47563f40ec63d54aee89167d4bad5cfb47f6da
SHA512

27d0ad28576d2f18cd14fa3bb7c4230de4970c1e9a6a4f331295baf150ea2f880da1667bf12e12a898c77db31398947c10e103b9061510ee7c756aec796b2709
SSDEEP

3072:Sf2KXOpaE260E+nCF93efTHZDbFfmzm8QCRRxTtUp7:SfJeJ0pC2VpeQsRRC7

Score

1^/10

Malware Config

Signatures

Files

6068441c484780f4b89b7c643c988811
.exe windows:4 windows x86 arch:x86

436fedf501c610e4a973bf1c1cf48b6c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:e6:63:9b:86:49:17:0a:d5:50:30:1a:be:bb:e0:6f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17-03-2014 00:00

Not After

16-03-2016 23:59

Subject

CN=Bit Wise Publishing\, LLC,O=Bit Wise Publishing\, LLC,POSTALCODE=30028,STREET=PO Box 29,L=Cumming,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f2:12:7e:30:31:5e:68:5b:72:e3:8b:6d:1d:e5:a0:ed:de:83:88:03
Signer

Actual PE Digest

f2:12:7e:30:31:5e:68:5b:72:e3:8b:6d:1d:e5:a0:ed:de:83:88:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
FreeResource
GlobalFree
GetCommandLineA
GlobalAlloc
GlobalUnlock
GlobalLock
WideCharToMultiByte
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetModuleHandleA
FindResourceA
LoadResource
GetStartupInfoA
SizeofResource
LockResource
GetCurrentThreadId
MultiByteToWideChar
OutputDebugStringA
DebugBreak
lstrlenA
InterlockedIncrement
CloseHandle
CreateProcessA
WaitForSingleObject
CreateDirectoryA
RemoveDirectoryA
GetTempFileNameA
DeleteFileA
GlobalHandle
InterlockedDecrement

user32

SetWindowPos
GetDesktopWindow
PostThreadMessageA
GetMessageA
PeekMessageA
DestroyWindow
BeginPaint
EndPaint
SetForegroundWindow
MoveWindow
GetClientRect
DestroyIcon
LoadIconA
SetCapture
IsDialogMessageA
CreateDialogIndirectParamA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
GetWindow
SetWindowLongA
GetWindowLongA
GetWindowRect
PostMessageA
MessageBoxA
CharLowerA
CharNextA
wvsprintfA
LoadStringA
SetWindowTextA
GetDlgItem
GetWindowTextA
GetWindowTextLengthA
ShowWindow
SendMessageA
ReleaseDC
GetDC
ReleaseCapture
GetCursorPos
PostQuitMessage
LoadImageA
GetSystemMetrics
DefWindowProcA
DispatchMessageA
CreateWindowExA
wsprintfA
InvalidateRgn
InvalidateRect
CreateAcceleratorTableA
GetParent
GetClassNameA
RedrawWindow
IsWindow
FillRect
CallWindowProcA
IsChild
GetFocus
SetFocus
GetSysColor
CharUpperA
TranslateMessage

gdi32

CreateFontA
BitBlt
CreateCompatibleDC
DeleteObject
CreateSolidBrush
GetObjectA
DeleteDC
GetStockObject
SetBkMode
SelectObject
TextOutA
CreateCompatibleBitmap
GetDeviceCaps

advapi32

RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
SHAppBarMessage
ord680

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoCreateInstance

oleaut32

OleCreateFontIndirect
SysFreeString
DispCallFunc
SysStringLen
LoadRegTypeLi
VariantClear
SysAllocString
SysAllocStringLen

comctl32

InitCommonControlsEx

msvcp60

??1Init@ios_base@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?good@ios_base@std@@QBE_NXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

msvcrt

_ftol
ceil
realloc
calloc
free
_beginthreadex
fwrite
fseek
ftell
_mbscmp
atoi
_ismbcdigit
_mbsrchr
_mbsstr
wcslen
memmove
memcpy
fopen
fread
fclose
strtoul
memset
_CxxThrowException
strcpy
strcat
_controlfp
__set_app_type
__p__fmode
strlen
strstr
strncpy
??2@YAPAXI@Z
__CxxFrameHandler
_purecall
_snprintf
strcmp
fprintf
isalpha
isalnum
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
isspace
strncmp
strchr
tolower
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
memcmp

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

436fedf501c610e4a973bf1c1cf48b6c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:e6:63:9b:86:49:17:0a:d5:50:30:1a:be:bb:e0:6fCertificate

Extended Key Usages

Key Usages

f2:12:7e:30:31:5e:68:5b:72:e3:8b:6d:1d:e5:a0:ed:de:83:88:03Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msvcp60

wininet

msvcrt

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 31KB - Virtual size: 31KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:e6:63:9b:86:49:17:0a:d5:50:30:1a:be:bb:e0:6f
Certificate

f2:12:7e:30:31:5e:68:5b:72:e3:8b:6d:1d:e5:a0:ed:de:83:88:03
Signer

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 31KB - Virtual size: 31KB