676f9c9e72848082925d322276db517e

Sharing

Copy URL Twitter E-mail

General

Target

676f9c9e72848082925d322276db517e
Size

452KB
MD5

676f9c9e72848082925d322276db517e
SHA1

9364ba96ba2a4e0fadd860ef906343b0474c3898
SHA256

6c55df08f3e00004a2c59543551179abaf35c83e1263743c20e122c015518246
SHA512

74ce0194a91c9783146a4617c1d08f9d061e60e44d64c25e466bce1b131acbb4305db7992607bc03d85c76f744bf63ded850a7dbfc2a43e6e7d129bd7194d0bb
SSDEEP

6144:nRpseCukRu1PxNAk5nLFhGOgkiOpC+dkE7+J1ZbE/DCBqrU8dEpacp9q4obHW6z9:nRpsrvRsNAWhIYIwWQrUssapNZ

Score

1^/10

Malware Config

Signatures

Files

676f9c9e72848082925d322276db517e
.exe windows:6 windows x86 arch:x86

481bc9bc11e7346289476a9d6b3cae79

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7b:b8:de:ea:d8:16:71:a2:36:54:57:4f:fa:39:f3:29:84:99:86:eb
Signer

Actual PE Digest

7b:b8:de:ea:d8:16:71:a2:36:54:57:4f:fa:39:f3:29:84:99:86:eb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCloseKey
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryInfoKeyW
RegEnumKeyExW
TraceEvent
RegEnumValueW
RegQueryValueExW

kernel32

SetDllDirectoryW
lstrcmpiW
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CreateThread
InterlockedIncrement
GetCommandLineW
DeleteCriticalSection
GetModuleHandleW
InterlockedDecrement
GetCurrentThreadId
ExitProcess
GetCurrentProcessId
LoadLibraryA
GetSystemTime
SystemTimeToFileTime
MultiByteToWideChar
GetLastError
LeaveCriticalSection
lstrlenW
LocalAlloc
CompareFileTime
GetFileAttributesExW
CreateEventW
SetEvent
SizeofResource
RaiseException
LoadResource
FindResourceW
WaitForSingleObject
LoadLibraryExW
InitializeCriticalSection
FreeLibrary
EnterCriticalSection
GetModuleFileNameW
GetExitCodeThread
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetLastError
LockResource
FindResourceExW
FlushInstructionCache
GetProcessWorkingSetSize
SetProcessWorkingSetSize
LocalFree
GetProcAddress
LoadLibraryW
GetSystemPowerStatus
GetVersionExW
GetStartupInfoW
FormatMessageW
CloseHandle
CompareStringW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetModuleHandleA
MulDiv

msvcr80

wcstok_s
__CxxFrameHandler3
memcpy
_crt_debugger_hook
_recalloc
wcsncpy_s
free
memcpy_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
vswprintf_s
_vscwprintf
_vsnwprintf
srand
rand
calloc
swprintf_s
iswspace
wcsspn
wcscspn
_wtoi
_beginthreadex
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_CxxThrowException
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
memmove_s
memset
_time64
memmove
_purecall
malloc

ole32

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CreateBindCtx
PropVariantClear
StringFromGUID2
CoInitialize
CLSIDFromString
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysAllocStringByteLen
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysFreeString

shlwapi

PathAppendW
PathAddBackslashW
SHRegCloseUSKey
SHRegOpenUSKeyW
StrRetToStrW
SHGetThreadRef
StrRetToBufW
PathRemoveFileSpecW
PathRemoveBackslashW
SHRegGetUSValueW
AssocQueryStringW
SHRegEnumUSValueW
PathFindExtensionW
AssocGetPerceivedType

msi

ord90

gdi32

GetTextExtentPoint32W
SetDCBrushColor
SetBkMode
GetObjectW
CreateFontIndirectW
CreateSolidBrush
GetDeviceCaps
DeleteObject
CreateRectRgn
CreateRectRgnIndirect
GetClipBox
GetStockObject
SelectObject
DeleteDC
SetTextColor
SetBkColor

shell32

ord2
SHCreateShellItem
ord644
ord4
SHParseDisplayName
SHBindToParent
ord18
ord23
SHGetDesktopFolder
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ord17
ShellExecuteExW
SHAddToRecentDocs
ord155
ord645

d3d9

Direct3DCreate9

comctl32

InitCommonControlsEx

uxtheme

DrawThemeBackground
OpenThemeData
GetThemeColor
CloseThemeData
GetThemePartSize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

481bc9bc11e7346289476a9d6b3cae79

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

7b:b8:de:ea:d8:16:71:a2:36:54:57:4f:fa:39:f3:29:84:99:86:ebSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcr80

ole32

oleaut32

shlwapi

msi

gdi32

shell32

d3d9

comctl32

uxtheme

version

Sections

.text Size: 168KB - Virtual size: 168KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 98KB - Virtual size: 100KB

.reloc Size: 17KB - Virtual size: 16KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

7b:b8:de:ea:d8:16:71:a2:36:54:57:4f:fa:39:f3:29:84:99:86:eb
Signer

.text
Size: 168KB - Virtual size: 168KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 98KB - Virtual size: 100KB

.reloc
Size: 17KB - Virtual size: 16KB