f706b7f8e00244ee908cfa71d6ff4e89

Sharing

Copy URL

Twitter E-mail

General

Target

f706b7f8e00244ee908cfa71d6ff4e89
Size

874KB
MD5

f706b7f8e00244ee908cfa71d6ff4e89
SHA1

a37c5cb12d1f92ff02f1e8c7542f274eb419f634
SHA256

132fd79642f57a79e412e7c7b8827eb272357ca1803754a5cbee18eadd0047d2
SHA512

ed0d0a9b3ed315dcde1c5a112aca8fdb24ad88740c438df97918bb0a22482be30dd3257cd2711c9c34a8183c61d7b1eb19880aa26b7c8eacb3154c8ad5021eb9
SSDEEP

24576:4CMLKmtvPyHu7Dh/jIoy9pNg4W7HMX8G3bOAHCv+:JiKmHyOnNISp7sXjv

Score

1^/10

Malware Config

Signatures

Files

f706b7f8e00244ee908cfa71d6ff4e89
.exe windows:5 windows x86 arch:x86

08d7047241dfcc82fcedf1ffa830b75a

Code Sign

74:fe:08:33:a1:58:7e:49:ed:3d:d9:71:f1:c8:c3:b2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23-06-2015 00:00

Not After

22-06-2016 23:59

Subject

CN=City Tone,O=City Tone,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageA
TranslateMessage
PostMessageA
RegisterClassA
PeekMessageA
BeginPaint
EndPaint
MessageBoxA
MoveWindow
SendMessageA
GetMessageA
CreateWindowExA
GetWindowLongA
ShowWindow
DrawTextA
LoadImageA
GetDC

gdi32

CreateFontIndirectA
CreateBitmap
CreateBitmapIndirect
SelectObject
EnumObjects
DeleteObject
CreateFontA

kernel32

SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
UnhandledExceptionFilter
GetProcAddress
MultiByteToWideChar
GetVersionExA
SetErrorMode
GetLastError
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
FormatMessageA
GetSystemTimeAsFileTime
GetVersion
OutputDebugStringA
lstrcpynA
ExitProcess
GetModuleFileNameA
FreeLibrary
DeleteFileA
MapViewOfFile
CloseHandle
SetEnvironmentVariableA
DuplicateHandle
GetCurrentProcess
GetCurrentProcessId
CreateFileMappingA
GetEnvironmentVariableA
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
ResumeThread
CreateProcessA
GetCommandLineA
CreateFileA
LoadLibraryA
FlushFileBuffers
WriteFile
GetModuleHandleA
SetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetFullPathNameA
lstrcmpiA
LocalFree

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationA

msvcrt

_snprintf
__argc
__argv
memmove
_ismbblead
__getmainargs
_cexit
_exit
_XcptFilter
exit
_acmdln
srand
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
memcpy
free
malloc
_time64
rand
realloc
_initterm
atoi
memset

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bindat
Size: 573KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.script
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08d7047241dfcc82fcedf1ffa830b75a

Code Sign

74:fe:08:33:a1:58:7e:49:ed:3d:d9:71:f1:c8:c3:b2Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

kernel32

comdlg32

ole32

shell32

msvcrt

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 15KB

.bindat Size: 573KB - Virtual size: 572KB

.script Size: 209KB - Virtual size: 209KB

.rsrc Size: 11KB - Virtual size: 10KB

74:fe:08:33:a1:58:7e:49:ed:3d:d9:71:f1:c8:c3:b2
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 15KB

.bindat
Size: 573KB - Virtual size: 572KB

.script
Size: 209KB - Virtual size: 209KB

.rsrc
Size: 11KB - Virtual size: 10KB