6a72d3f25cc98d5c3c7f347e657701ad

Sharing

Copy URL Twitter E-mail

General

Target

6a72d3f25cc98d5c3c7f347e657701ad
Size

634KB
MD5

6a72d3f25cc98d5c3c7f347e657701ad
SHA1

3aed58971b982c36ee8d490545097da3b4663415
SHA256

1284b0c7a18061ee83b537cd8e4eff5f6369887d2baeef90ee692deb0a850b4c
SHA512

1fd0402512cb02eb610427dca88f55ceb99799c3d286b4ccde30e97cae54053866b22275dc49ae8e22ca6bf0b9c8875373e574077c62a4672ed7181fe8bdc181
SSDEEP

12288:kw1arJr6yf3OmAQk0mcEszfVxB5mP3r6Cdc2XKjEqnGu:J1vyGmb/z9xB5mz6CC2YDGu

Score

1^/10

Malware Config

Signatures

Files

6a72d3f25cc98d5c3c7f347e657701ad
.exe windows:4 windows x86 arch:x86

5af36489281923684f55593c68f58d7e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:13:0a:c5:a3:4c:11:40:7b:15:51:47:f0:e2:a1:7e
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/05/2015, 00:00

Not After

12/05/2016, 23:59

Subject

CN=ASKAD,O=ASKAD,POSTALCODE=644045,STREET=pr-t Koroleva\, 16/1\, 68,L=Omsk,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1c:1e:58:7b:a3:66:01:ee:65:14:25:ca:55:9a:eb:59:15:46:94:bb
Signer

Actual PE Digest

1c:1e:58:7b:a3:66:01:ee:65:14:25:ca:55:9a:eb:59:15:46:94:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

BackupSeek
SetEndOfFile
OpenWaitableTimerA
GetFileSizeEx
lstrcatW
CompareStringA
LocalLock
CreateDirectoryA
GetProcessShutdownParameters
SetThreadAffinityMask
lstrcatW
GetPrivateProfileStructW
CopyLZFile
AddVectoredExceptionHandler
GetFileInformationByHandle
SetCommTimeouts
WriteConsoleW
FindFirstVolumeMountPointA
GetTickCount
GetLastError
FreeResource
GetUserDefaultLangID
GetVersion
VirtualFreeEx
ResetWriteWatch
CreateNamedPipeW
DelayLoadFailureHook
InterlockedExchange
GetPrivateProfileIntA
GlobalDeleteAtom
MoveFileWithProgressA
GetVolumePathNameA
IsProcessInJob
GetCalendarInfoW
GlobalFindAtomA
GlobalAddAtomA
GetCompressedFileSizeA
LocalReAlloc
OpenEventA
ReadFileScatter
EnumCalendarInfoExA
EnumSystemCodePagesW
SetCalendarInfoA
LocalUnlock
LZCreateFileW
GetCommMask
CreateMailslotA
GetEnvironmentStringsA
UpdateResourceA
SetCommTimeouts
CreateHardLinkW
GetVolumePathNamesForVolumeNameA
EnumLanguageGroupLocalesW
SetTapePosition
DeleteFileA
SetFilePointerEx
GetTapeParameters
GlobalUnfix
GetComputerNameA
SetThreadContext
SetLocaleInfoW
HeapReAlloc
ReadConsoleInputExA
WritePrivateProfileSectionW
ReadFileEx
GetSystemDefaultLangID
lstrlenW
IsDBCSLeadByte
UnlockFile
SetLocaleInfoA
RtlCaptureStackBackTrace
CreateDirectoryExW
GlobalFindAtomW
SetNamedPipeHandleState
RemoveDirectoryW
UpdateResourceW
SetComputerNameExW
GetUserGeoID
GetNumberOfConsoleInputEvents
GetFileAttributesA
GetDateFormatW
LocalFileTimeToFileTime
EnumResourceTypesA
SetFileValidData
EnumTimeFormatsW
RestoreLastError
LZCloseFile
WriteFileEx
PeekConsoleInputA
SystemTimeToTzSpecificLocalTime
GetConsoleSelectionInfo
GetLongPathNameA
ReadConsoleA
GetACP
GlobalMemoryStatusEx
GetTapeStatus
InterlockedCompareExchange
FindFirstFileExW
LCMapStringW
SetLastError
DisableThreadLibraryCalls
CreateNamedPipeA
PrivMoveFileIdentityW
OpenWaitableTimerW
ShowConsoleCursor
MoveFileWithProgressW
GetOverlappedResult
ConvertDefaultLocale
TerminateProcess
HeapDestroy
lstrcpynA
SetComputerNameA
WriteConsoleOutputCharacterW
FormatMessageW
FindCloseChangeNotification
GetCurrencyFormatW
RegisterWaitForInputIdle
GetExitCodeThread
GetSystemPowerStatus
GetCurrentConsoleFont
CreateWaitableTimerA
CancelDeviceWakeupRequest
GetPrivateProfileIntW
CreateSemaphoreW
LZCopy
SetMailslotInfo
PrepareTape
GetCompressedFileSizeW
GetNumberOfConsoleMouseButtons
SetFilePointer
GetVersionExA
FindNextFileW
AllocConsole
SetTapeParameters
CancelIo
GetUserDefaultUILanguage
DeleteVolumeMountPointW
IsBadHugeWritePtr
FindVolumeClose
OpenFileMappingA
CloseProfileUserMapping
ActivateActCtx
GetDiskFreeSpaceExA
GetConsoleCursorInfo
CreateConsoleScreenBuffer
GetCurrencyFormatA
SetThreadPriority
WriteTapemark
ReadConsoleOutputW
GetProcessHeap
lstrcpynW
GetGeoInfoA
DeleteAtom
RtlMoveMemory
GetProcessTimes
SetVolumeLabelW
EnumSystemLocalesA
TerminateJobObject
GetDriveTypeA
GetConsoleInputExeNameA
CancelWaitableTimer
VerifyConsoleIoHandle
ExitThread
FileTimeToSystemTime
DosPathToSessionPathA
IsValidLanguageGroup
SetCurrentDirectoryW
Heap32Next
IsBadCodePtr
GetTimeZoneInformation
WideCharToMultiByte
ChangeTimerQueueTimer
lstrcmpA
SetWaitableTimer
TzSpecificLocalTimeToSystemTime
SizeofResource
SwitchToThread
GetNamedPipeInfo
Heap32ListFirst
DeleteFileW
LockResource
GetNativeSystemInfo
FlushInstructionCache
lstrcatW
GetConsoleTitleA
IsWow64Process
CreateFileA
DnsHostnameToComputerNameW
GetConsoleHardwareState
SetFileAttributesA
lstrcmpiA
CommConfigDialogA
FoldStringW
FindAtomW
GetDateFormatA
EnumResourceLanguagesA
CopyFileA
GetCommProperties
LZClose
GlobalFree
LoadLibraryExA
GetModuleHandleW
GetModuleHandleA
GetTickCount
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

SHRegOpenUSKeyA
StrCmpNW
StrSpnW
PathGetCharTypeA
StrCatBuffA
SHQueryValueExA
SHRegEnumUSKeyW

ole32

OleUninitialize
OleCreateFromDataEx
HENHMETAFILE_UserUnmarshal
HPALETTE_UserMarshal
HMENU_UserMarshal
CoGetStdMarshalEx
CoFileTimeToDosDateTime
GetConvertStg
CreateObjrefMoniker
GetRunningObjectTable
CoFileTimeNow
CoGetClassObject
PropVariantClear
OleRun
StgConvertPropertyToVariant
CoCreateInstanceEx
CoUnloadingWOW

comdlg32

GetFileTitleA
GetOpenFileNameA
ChooseFontA
ChooseColorA
CommDlgExtendedError
ReplaceTextA
LoadAlterBitmap
GetSaveFileNameA
PrintDlgA
PageSetupDlgW
PrintDlgW
GetFileTitleW
FindTextA
WantArrows

shell32

SHChangeNotify
SHFileOperationA
DoEnvironmentSubstW
FindExecutableW
StrChrIA
SHQueryRecycleBinA
SHGetFolderPathAndSubDirA
StrStrIW
SHGetDataFromIDListA
StrCmpNW
SHAppBarMessage

gdi32

EngTextOut
CancelDC
PathToRegion
CreateDIBPatternBrushPt
EnumEnhMetaFile
UpdateICMRegKeyA

version

VerQueryValueW
VerFindFileA
GetFileVersionInfoSizeA
VerFindFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoA

wtsapi32

WTSEnumerateProcessesW
WTSEnumerateServersW
WTSEnumerateSessionsW
WTSTerminateProcess
WTSDisconnectSession
WTSRegisterSessionNotification
WTSSetSessionInformationW
WTSVirtualChannelWrite
WTSOpenServerW

ws2_32

WSAIsBlocking
WSAStringToAddressA
freeaddrinfo
WSAGetOverlappedResult
send
WSAStartup
recvfrom
WSCEnumProtocols
WSAHtonl
WSAGetQOSByName
getaddrinfo

comctl32

ImageList_Remove
ImageList_GetIcon
PropertySheetA
GetMUILanguage
ImageList_DrawIndirect
InitMUILanguage
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_SetOverlayImage
FlatSB_SetScrollProp
ImageList_SetBkColor
ImageList_Duplicate
ImageList_Add
ImageList_SetFlags
ImageList_GetIconSize
ImageList_GetImageCount
CreatePropertySheetPageA
ImageList_DragShowNolock
InitCommonControls

Exports

Exports

�,�)>��.�(�T�-z:�A�4oߡr��0�q��|֣n�r�G}ܾ��Q��$��9��"��0i��$�p�RX�f�&B��|��p�y)�_9>�D�<e��0�R�]Þ�G@�ZeJ�D ��z�eQ��{P��V�Bh �$Q�#��]}�� 8�T"I��-��d� ^�7 �"$��fhMv��98$�й�Q� ��|_lR�+��욻�I%/\3(_��^�Gs�V�6��!�N��Ĭ$A�v��qd3�ph��7��Q�%s��͹��B[3�%j��۫��ȼf�QFrtn��= �j�*>Ӫ��i☟_��lq��*Q{&�h�֥R�`�d���2��q<�zm��7�� zf��-�,�|L֟�G�ZDh�`�q`��Q��2�4얮�(�qzɶ��ċ�[d��@}��ȣ�X[A��ꯩ�<�wu��.Bȥ��=^�`��e��w\�rcgq =l)�Y֑hfBu�f��)V�+lp�q��7��ó�g��-��n\��kb�p�j�� 4ҁ��%T��JJ��f��e��S�˼�N�� )�E��V��=��Do.�%�FC�ޥ��7��5��)?l6n2�� 4q9��ZxT��]EQ�uPup��,u*��n$bpJ7j3|PԖ0OM�W��"ʵF�DE��f�buV69�D�H'��"8��ŨG}X��Z�~_�jTF&5�?PSن��{��:3tq�8 ��_��)�(P @��f��{�R�@�_�M��_� 3�g�=�7ݔ!�c�i��OХ\c��K�{գ��q�JjV��ޠ��;v_�]��\J�`G후5,/6�>��g,#n��2�fi8\l��_A�oV44�"��kB��r. ��x��W�5�=�n{�$��p)R�V��F�+Z�#+��Ҁ��豯�G�|�@��AF��c��$�%�Ͱ��uy,g��u2ʑ,@�<%� L��Wu'Z�� +k��>��!��a��:��I�x�� _Z2#-��3�;I��/!�T&��H��X� ��SL�0�ۄ��_��@~��)P՟��kC�8�C.�H��h0.�Ҹ!�|л��e��N�!_�"�$W5�A�]��X5��d�� B%;��{4( �8�p{n��Ϯ'G�߄�t��c��S<.Jՙ��1�)B�!%ܣ��;+q9Y��᚝�+.O��4IH�F��қ*�@I��-G��V�KZ� [�e�b�<� F��l��{�k�PC̩C�ݶ兒�b+~��i6��1��DAbo��+|�)��n*x��V�<:��R�5��e��d��<��(�f�,�-{2m��Sf��U�gf?m)��0"r�� oL6��a��r o�ɜq_��{��ьk,��T��C��7��(��!^��sj: �?��i��e��9�5|V� q�+��\&0��渭��l�eVQ��`�w�d��]�5��Yv�w��t��̀�w�a��Uf�[�G|�N"yxq�x@3�/jTО�>U�b�b��}BN��d��B>j-`��d�R]��0��R�Zm��N��ᝳ�|\�J�4��N��+��-)F�g�߳C�� <)Y��%��d��CL&�y!�7!��}�u女��&��cL��5�V8q�#B��Ú��}!��H��d1�ȩ�2��;��t��*ޟ./�7Wé��m�ҽ��j�c#�@��ǫ��)s�2��6��V�%@J��tMY��3��t&��{�iX��&a��ɽ�~Q��}C��>� 4��,i�8�匷P��a�2�b��}n��mP�{�ޛ��MV��o��k�=�c�{�.��2�3Kg ��m֑l�9��& Du�f��i�`?GJ��H4��2bq�7R�f��U��c��(�+��Xχ��S�qR3-UB *g�0��q��`��o!�.\Ň �3z*b��~��$��X�p=�L��1F3��>hiE�Ot��D�2�}�,2�b�2 ��pZ{��_�+3�9��+��2�?)�#��P�e9��G��1��2^�t�:��j��4��1��o5�r��L�a��ʍ{o��9$� �e� 0��hFt��[@{R��3�&w��Yh��U�|;�p�uB��Z��l��-�=��tP�?�r\T�2X2ȑ�D�?�t�m�N��7X�+��2�9�|�f��7��ҵ<�-�JC��f��_�K��: �9h�Ɉ85$L ]R��$��Cz�B��@}"L�6Ǯ�� )��p"x>�<;�R��{%��#B��:m��Ȝ }I��/��"�{�4�3��qr�O��Ӓ�*�<K^hs?e/S`!��-~�.�3�Gű��Y9Ɣ��B�c��|�$WC۬��>Rf�ʂ^Q@L��p��W��tss��^�:T��p�|��{uSZ(�R�e�[�7+��!�I��!\[��dz�t��8�g=&�9�3h�z!��@`~h�ܹE��D��j>ߴ��]+jr[�ݮ/�7+jb�_iV�jf�]y�6j��y4^D�і�>�s𽺥��m��Ra�pα��V�/�D��r�V��VF"�ګ��K��zG�%��߅l��AM��Ͳ�ܜ�� k�t��M��6�?�!��D$�W�%��A��)��Vw5/�fD�}q�=id��m`��b�ӑ"q��)��u�0k�$�{i�X�� ,&�go{h�Q��Y ��[��*qd ӥ"�t��{��w9��`}RR��u�qA*S��!��ce^o��7�c��YNڣ�ܲ�h��,w22'p�ۧV�)��

Sections

CODE
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 750B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5af36489281923684f55593c68f58d7e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

9d:13:0a:c5:a3:4c:11:40:7b:15:51:47:f0:e2:a1:7eCertificate

Extended Key Usages

Key Usages

1c:1e:58:7b:a3:66:01:ee:65:14:25:ca:55:9a:eb:59:15:46:94:bbSigner

Headers

File Characteristics

Imports

kernel32

shlwapi

ole32

comdlg32

shell32

gdi32

version

wtsapi32

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 439KB - Virtual size: 439KB

DATA Size: 22KB - Virtual size: 21KB

BSS Size: - Virtual size: 750B

.idata Size: 8KB - Virtual size: 8KB

.text0 Size: 15KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 77KB - Virtual size: 76KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 58KB - Virtual size: 58KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

9d:13:0a:c5:a3:4c:11:40:7b:15:51:47:f0:e2:a1:7e
Certificate

1c:1e:58:7b:a3:66:01:ee:65:14:25:ca:55:9a:eb:59:15:46:94:bb
Signer

CODE
Size: 439KB - Virtual size: 439KB

DATA
Size: 22KB - Virtual size: 21KB

BSS
Size: - Virtual size: 750B

.idata
Size: 8KB - Virtual size: 8KB

.text0
Size: 15KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 77KB - Virtual size: 76KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 58KB - Virtual size: 58KB