7c6a64a1af7a2df72d1966c1ea74bc1e

Sharing

Copy URL

Twitter E-mail

General

Target

7c6a64a1af7a2df72d1966c1ea74bc1e
Size

249KB
MD5

7c6a64a1af7a2df72d1966c1ea74bc1e
SHA1

cb276ae1b485a2e03e09d9b6ab8c180ffa7e2a17
SHA256

13228c7b5436bf8bc4f5243531d2fe5f2db608c4bd5187956b00fac6135b0ced
SHA512

902224e59b386248f00ca027ea2064213adc2581b657f491e38df30c0a20e6d9c780d71ba68169142943780055bd9079f67616c26eecd211112a0e5e8afe4e3c
SSDEEP

3072:3PUXfUDKoooooog904w+5NtFYwDMjqiZXIOpi/h3lZGvwPDvWO1aS+C5UKraXBjV:3AfUDO4waHslxHARVrAtpX

Score

1^/10

Malware Config

Signatures

Files

7c6a64a1af7a2df72d1966c1ea74bc1e
.exe windows:5 windows x86 arch:x86

01e1b3bf28f5225e2223c7beed0d5c43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Cewrowfeg Uqizc,O=Eecuugj Dokjauzs Lua,L=Tupbuv,ST=Basaj,C=US

Not Before

08-07-2015 04:08

Not After

07-07-2016 04:08

Subject

CN=Yidawpem Jucmoh,O=Eecuugj Dokjauzs Lua,L=Tupbuv,ST=Basaj,C=US

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cd:d9:81:a8:76:d4:1e:c8:f0:de:ed:d9:93:e6:66:1e:34:7e:38:29
Signer

Actual PE Digest

cd:d9:81:a8:76:d4:1e:c8:f0:de:ed:d9:93:e6:66:1e:34:7e:38:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
HeapDestroy
HeapSize
HeapReAlloc
WideCharToMultiByte
FindResourceExW
CreateFileA
WaitNamedPipeA
SetNamedPipeHandleState
CreateEventW
CreateThread
SetEvent
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
ReleaseMutex
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
DeviceIoControl
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
RaiseException
ReadFile
InitializeCriticalSectionAndSpinCount
DecodePointer
UnhandledExceptionFilter
lstrlenA
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
GetFileType
GetOEMCP
GetACP
GetFileSize
FlushFileBuffers
WriteFile
CreateFileW
LockResource
GetCPInfo
LoadResource
SizeofResource
FindResourceW
HeapFree
GetProcessHeap
HeapAlloc
MultiByteToWideChar
GetCurrentProcess
IsWow64Process
Sleep
WaitForSingleObject
CloseHandle
TerminateProcess
GetLastError
GetLongPathNameW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
TlsAlloc
IsValidCodePage
GetStdHandle
LCMapStringW
GetStartupInfoW
TlsFree
RtlUnwind
GetCommandLineW
ExitThread
GetModuleHandleExW
ExitProcess
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TlsGetValue
LoadLibraryExW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetStringTypeW
TlsSetValue

user32

RegisterClassExW
CreateWindowExW
LoadCursorW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
SetTimer
DefWindowProcW
KillTimer
PostQuitMessage
ShowWindow
UpdateWindow
LoadIconW

advapi32

CryptReleaseContext
CryptCreateHash
RegDeleteKeyW
StartServiceCtrlDispatcherW
StartServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
ChangeServiceConfigW
DeleteService
ControlService
CloseServiceHandle
ChangeServiceConfig2W
QueryServiceStatus
OpenServiceW
CreateServiceW
OpenSCManagerW
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
LookupAccountSidW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptAcquireContextW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc
OleRun

oleaut32

LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
GetErrorInfo

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01e1b3bf28f5225e2223c7beed0d5c43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

cd:d9:81:a8:76:d4:1e:c8:f0:de:ed:d9:93:e6:66:1e:34:7e:38:29Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 856B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

cd:d9:81:a8:76:d4:1e:c8:f0:de:ed:d9:93:e6:66:1e:34:7e:38:29
Signer

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 856B