6acfb8adf862f8b02e4854b535ea5e1e

Sharing

Copy URL

Twitter E-mail

General

Target

6acfb8adf862f8b02e4854b535ea5e1e
Size

133KB
MD5

6acfb8adf862f8b02e4854b535ea5e1e
SHA1

d3ed69011eeaa2ca0fe102a0a4b6de9c7afbc8e7
SHA256

050fa1909895e5cbd0b372f19bfd2e3c9026fe06469655a9bb78cb935675274b
SHA512

b25a9cb4d919b4215239a8e4b8c7924577b8603195cd5f8cc9a0490c5c54c33b1c79ac470da147b1f027c4c26d42bf749cda05607bbe0acaddf215ed85fd0844
SSDEEP

3072:Nf2KXOpaE260E+nCF93efTHZDbFfmzm8QCRXxTtUp9:NfJeJ0pC2VpeQsXRC9

Score

1^/10

Malware Config

Signatures

Files

6acfb8adf862f8b02e4854b535ea5e1e
.exe windows:4 windows x86 arch:x86

436fedf501c610e4a973bf1c1cf48b6c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:e6:63:9b:86:49:17:0a:d5:50:30:1a:be:bb:e0:6f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/03/2014, 00:00

Not After

16/03/2016, 23:59

Subject

CN=Bit Wise Publishing\, LLC,O=Bit Wise Publishing\, LLC,POSTALCODE=30028,STREET=PO Box 29,L=Cumming,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:69:03:cc:ee:4f:fe:43:fd:d6:1c:90:a2:81:7b:55:45:1d:93:32
Signer

Actual PE Digest

d6:69:03:cc:ee:4f:fe:43:fd:d6:1c:90:a2:81:7b:55:45:1d:93:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
FreeResource
GlobalFree
GetCommandLineA
GlobalAlloc
GlobalUnlock
GlobalLock
WideCharToMultiByte
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetModuleHandleA
FindResourceA
LoadResource
GetStartupInfoA
SizeofResource
LockResource
GetCurrentThreadId
MultiByteToWideChar
OutputDebugStringA
DebugBreak
lstrlenA
InterlockedIncrement
CloseHandle
CreateProcessA
WaitForSingleObject
CreateDirectoryA
RemoveDirectoryA
GetTempFileNameA
DeleteFileA
GlobalHandle
InterlockedDecrement

user32

SetWindowPos
GetDesktopWindow
PostThreadMessageA
GetMessageA
PeekMessageA
DestroyWindow
BeginPaint
EndPaint
SetForegroundWindow
MoveWindow
GetClientRect
DestroyIcon
LoadIconA
SetCapture
IsDialogMessageA
CreateDialogIndirectParamA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
GetWindow
SetWindowLongA
GetWindowLongA
GetWindowRect
PostMessageA
MessageBoxA
CharLowerA
CharNextA
wvsprintfA
LoadStringA
SetWindowTextA
GetDlgItem
GetWindowTextA
GetWindowTextLengthA
ShowWindow
SendMessageA
ReleaseDC
GetDC
ReleaseCapture
GetCursorPos
PostQuitMessage
LoadImageA
GetSystemMetrics
DefWindowProcA
DispatchMessageA
CreateWindowExA
wsprintfA
InvalidateRgn
InvalidateRect
CreateAcceleratorTableA
GetParent
GetClassNameA
RedrawWindow
IsWindow
FillRect
CallWindowProcA
IsChild
GetFocus
SetFocus
GetSysColor
CharUpperA
TranslateMessage

gdi32

CreateFontA
BitBlt
CreateCompatibleDC
DeleteObject
CreateSolidBrush
GetObjectA
DeleteDC
GetStockObject
SetBkMode
SelectObject
TextOutA
CreateCompatibleBitmap
GetDeviceCaps

advapi32

RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
SHAppBarMessage
ord680

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoCreateInstance

oleaut32

OleCreateFontIndirect
SysFreeString
DispCallFunc
SysStringLen
LoadRegTypeLi
VariantClear
SysAllocString
SysAllocStringLen

comctl32

InitCommonControlsEx

msvcp60

??1Init@ios_base@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?good@ios_base@std@@QBE_NXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

msvcrt

_ftol
ceil
realloc
calloc
free
_beginthreadex
fwrite
fseek
ftell
_mbscmp
atoi
_ismbcdigit
_mbsrchr
_mbsstr
wcslen
memmove
memcpy
fopen
fread
fclose
strtoul
memset
_CxxThrowException
strcpy
strcat
_controlfp
__set_app_type
__p__fmode
strlen
strstr
strncpy
??2@YAPAXI@Z
__CxxFrameHandler
_purecall
_snprintf
strcmp
fprintf
isalpha
isalnum
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
isspace
strncmp
strchr
tolower
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
memcmp

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

436fedf501c610e4a973bf1c1cf48b6c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:e6:63:9b:86:49:17:0a:d5:50:30:1a:be:bb:e0:6fCertificate

Extended Key Usages

Key Usages

d6:69:03:cc:ee:4f:fe:43:fd:d6:1c:90:a2:81:7b:55:45:1d:93:32Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msvcp60

wininet

msvcrt

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 31KB - Virtual size: 31KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:e6:63:9b:86:49:17:0a:d5:50:30:1a:be:bb:e0:6f
Certificate

d6:69:03:cc:ee:4f:fe:43:fd:d6:1c:90:a2:81:7b:55:45:1d:93:32
Signer

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 31KB - Virtual size: 31KB