6059970cc69528f33d3d7a17e6ab8d2b

Sharing

Copy URL Twitter E-mail

General

Target

6059970cc69528f33d3d7a17e6ab8d2b
Size

23KB
MD5

6059970cc69528f33d3d7a17e6ab8d2b
SHA1

7a8ec5a178d86860752a6be723bb7a32fff7b96d
SHA256

6a65ebdb76b4d7371f95065fae2bbbe8bea7b686fa4dd8f94b2a1657726de0b1
SHA512

6bd1e0c0dc9591e6f882a2926ea1e3619e624d2cf31f43abefa62b570067bcbdc9ae7ce19593dd73579d05ec33dd69cb7978df7da5bad1952ece673c1d0c00fb
SSDEEP

384:Zil2WwilubktuZqi3DO1z5h8URIY126H1dFBuhh4WWieZWY7:Ze2xeubeuZQddbdHuhhdex

Score

1^/10

Malware Config

Signatures

Files

6059970cc69528f33d3d7a17e6ab8d2b
.exe windows:5 windows x86 arch:x86

3f46addb99687c5054aec319d14b576a

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

Issuer

CN=eryf2w4v6y2w

Not Before

25/02/2012, 10:44

Not After

31/12/2039, 23:59

Subject

CN=eryf2w4v6y2w

Extended Key Usages

ExtKeyUsageCodeSigning

62:be:b8:af:f1:f5:53:ed:4f:ea:98:b3:06:2e:09:0f:32:dc:44:65
Signer

Actual PE Digest

62:be:b8:af:f1:f5:53:ed:4f:ea:98:b3:06:2e:09:0f:32:dc:44:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalMemoryStatus
Heap32ListNext
InitAtomTable
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LocalHandle
LocalShrink
LocalUnlock
Module32Next
OpenEventW
OpenSemaphoreA
OutputDebugStringA
PeekConsoleInputA
Process32FirstW
ReadConsoleInputA
ReadConsoleOutputAttribute
RemoveDirectoryW
RtlUnwind
GlobalCompact
SetCommState
SetComputerNameA
SetConsoleCursorInfo
SetConsoleMode
SetConsoleScreenBufferSize
SetConsoleTitleA
SetEnvironmentVariableW
SetFileAttributesW
SetFileTime
SetProcessWorkingSetSize
SetThreadExecutionState
TerminateJobObject
Thread32First
WaitForMultipleObjectsEx
WaitNamedPipeW
WriteConsoleOutputW
_llseek
lstrcpynW
lstrlenA
GetWindowsDirectoryW
GetVolumeInformationW
GetVolumeInformationA
GetTimeFormatA
GetThreadLocale
GetTempFileNameW
GetStringTypeExA
GetStartupInfoW
GetProcessWorkingSetSize
GetProcessPriorityBoost
GetProcessIoCounters
GetProcessHeap
GetModuleHandleW
GetLocalTime
GetHandleInformation
GetFileAttributesExA
GetEnvironmentVariableA
GetEnvironmentStrings
GetDefaultCommConfigW
GetCurrencyFormatW
GetConsoleOutputCP
GetConsoleAliasesLengthA
GetConsoleAliasesA
GetCommProperties
GetModuleHandleA
GetCalendarInfoA
GetACP
FreeUserPhysicalPages
FreeEnvironmentStringsW
FindVolumeMountPointClose
FindResourceA
FindNextVolumeW
FindNextChangeNotification
ExitThread
EraseTape
EnumUILanguagesA
EnumTimeFormatsA
EnumSystemLanguageGroupsW
EnumResourceLanguagesA
EnumDateFormatsA
EnumCalendarInfoA
CreateWaitableTimerA
CreateSemaphoreA
CreateMutexA
CreateMailslotW
CreateJobObjectW
CreateHardLinkW
CreateEventW
CreateDirectoryExA
CopyFileW
CopyFileExW
ConvertThreadToFiber
CancelDeviceWakeupRequest
CallNamedPipeW
BuildCommDCBW
BuildCommDCBAndTimeoutsW
BindIoCompletionCallback
BeginUpdateResourceW
GetProcAddress
SearchPathW

msvcrt

memset

advapi32

RegOpenKeyExW

oleaut32

VarI2FromDec
VarI4FromBool
VarI4FromDec
VarI4FromDisp
VarI4FromR4
VarI4FromR8
VarI4FromUI1
VarMonthName
VarNumFromParseNum
VarR4FromCy
VarR4FromDate
VarR4FromR8
VarR4FromUI4
VarR8FromI1
VarR8FromUI2
VarR8FromUI4
VarUI1FromBool
VarUI1FromCy
VarUI2FromBool
VarUI2FromDisp
VarUI2FromR4
VarUI2FromStr
VarUI4FromCy
VarUI4FromI1
VarUI4FromStr
VarWeekdayName
VarXor
VariantChangeType
VariantCopy
VariantInit
VectorFromBstr
VarI1FromUI4
VarFix
VarDecMul
VarDecFromUI2
VarDecFromStr
VarDecFromR8
VarDecFromI4
VarDecFromCy
VarDecFromBool
VarDecCmp
VarDecAdd
VarDateFromUI1
VarDateFromStr
VarDateFromR4
VarDateFromI2
VarDateFromDec
VarDateFromCy
VarCyRound
VarCyNeg
VarCyMulI4
VarCyFromR8
VarCyFromI2
VarBstrFromUI4
VarBstrFromUI2
VarBstrFromUI1
VarBstrFromI4
VarBstrFromI1
VarBstrFromCy
VarBoolFromR8
VarAnd
SysAllocStringLen
SysAllocString
SetErrorInfo
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayCreateVectorEx
SafeArrayCreateVector
SafeArrayCopyData
SafeArrayAllocData
QueryPathOfRegTypeLi
OleTranslateColor
OleIconToCursor
LoadRegTypeLi
LPSAFEARRAY_UserUnmarshal
LHashValOfNameSysA
LHashValOfNameSys
GetRecordInfoFromGuids
GetAltMonthNames
DosDateTimeToVariantTime
DispInvoke
DispGetIDsOfNames
CreateDispTypeInfo
BstrFromVector
BSTR_UserSize
BSTR_UserMarshal
SafeArrayGetElement

imm32

ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeW
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMEFileNameA
ImmCreateIMCC
ImmGetImeMenuItemsA
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmGetIMEFileNameW
ImmUnlockIMCC
ImmUnregisterWordA
ImmConfigureIMEW

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f46addb99687c5054aec319d14b576a

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2bCertificate

Extended Key Usages

62:be:b8:af:f1:f5:53:ed:4f:ea:98:b3:06:2e:09:0f:32:dc:44:65Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 7KB - Virtual size: 6KB

.text1 Size: 1KB - Virtual size: 1KB

.text2 Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 128B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

62:be:b8:af:f1:f5:53:ed:4f:ea:98:b3:06:2e:09:0f:32:dc:44:65
Signer

.text
Size: 7KB - Virtual size: 6KB

.text1
Size: 1KB - Virtual size: 1KB

.text2
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 128B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB