7005ed24eac9c62220f35a9d21dfa30e[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

7005ed24eac9c62220f35a9d21dfa30e.bin
Size

3.6MB
MD5

7005ed24eac9c62220f35a9d21dfa30e
SHA1

a678738651d85824781353f2032afd1a880b3591
SHA256

1839dc4bdb153f02522408439f1cab7562d7bb9a25421851053247c2febd8314
SHA512

fac88d137a10c63e0848c7929372eac961c778fff0ae834bf5a758edcc785207899c5ea5e556d4a092ff3c9682504175a58d68961a6602b93b0cd8b7c18174e8
SSDEEP

49152:0+rUR2A+8vp68ekmNBWTYPK4hU67Sy5Bp8TVksIhuv:0+rK+8vp6hDNBg

Score

1^/10

Malware Config

Signatures

Files

7005ed24eac9c62220f35a9d21dfa30e.bin
.exe windows:5 windows x86 arch:x86

96ed5030638b98a063a4c6938db6ebe4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c3:ed:45:66:16:3e:27:9d:27:84:c9:9f:ff:d7:87
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/11/2015, 00:00

Not After

28/10/2017, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=AAM 256,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:da:0d:35:48:be:cc:0a:fe:53:ff:f8:a4:e2:00:2a:4e:8b:62:ba
Signer

Actual PE Digest

5a:da:0d:35:48:be:cc:0a:fe:53:ff:f8:a4:e2:00:2a:4e:8b:62:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

CommandLineToArgvW
ord680
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc
ShellExecuteExW
ShellExecuteW
SHGetFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

shlwapi

PathAppendW
PathIsFileSpecW
PathAddExtensionW
PathRemoveExtensionW
PathIsNetworkPathW
PathRenameExtensionW
PathIsRootW
PathAddBackslashW
PathFindFileNameW
PathStripToRootW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW
UrlIsW

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpCrackUrl
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpAddRequestHeaders

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW

comctl32

InitCommonControlsEx

kernel32

GetFileType
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetStdHandle
LoadLibraryExA
GetACP
FindFirstFileW
FindNextFileW
GetCurrentProcess
TerminateProcess
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
FindClose
WaitForSingleObject
SetFileAttributesW
MultiByteToWideChar
Sleep
GetLastError
DeleteFileW
CloseHandle
LoadLibraryW
GetProcAddress
CreateProcessW
FreeLibrary
CopyFileW
WideCharToMultiByte
ReadFile
SetLastError
LocalAlloc
CreateFileW
GetFileAttributesW
FormatMessageW
GetDiskFreeSpaceExW
LocalFree
MoveFileExW
GetFileSize
lstrcpyW
lstrcmpW
GetDriveTypeW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
SizeofResource
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
HeapSize
LockResource
GlobalAlloc
HeapReAlloc
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
HeapDestroy
GlobalLock
GlobalUnlock
MulDiv
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
GetVersionExW
GetCommandLineW
SetEvent
WriteFile
SetDllDirectoryW
CreateMutexW
ReleaseMutex
CreateThread
SetEndOfFile
SetFilePointerEx
InitializeCriticalSection
GetFileSizeEx
GlobalFree
GetSystemTimeAsFileTime
SetFilePointer
GetLocalTime
GetTimeFormatW
GetDateFormatW
OpenMutexW
GetUserDefaultUILanguage
CreateEventW
ResetEvent
SystemTimeToFileTime
GetSystemTime
FlushFileBuffers
AreFileApisANSI
HeapCreate
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
CreateDirectoryW
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreW
QueryPerformanceFrequency
VerSetConditionMask
VerifyVersionInfoW
WaitForMultipleObjects
GetUserDefaultLangID
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
GetUserDefaultLCID
LCMapStringW
GetTimeZoneInformation
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetStartupInfoW
IsValidLocale
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetStringTypeW
EnumSystemLocalesW
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetProcessHeap

user32

DefWindowProcW
GetSystemMenu
CallWindowProcW
PostMessageW
GetWindow
GetFocus
DestroyWindow
GetDC
GetWindowLongW
MessageBoxW
GetWindowRect
IsIconic
LoadImageW
SystemParametersInfoW
PostQuitMessage
PostThreadMessageW
LoadIconW
TranslateMessage
TranslateAcceleratorW
BringWindowToTop
GetForegroundWindow
AttachThreadInput
DispatchMessageW
GetActiveWindow
GetSystemMetrics
GetMessageW
UnregisterClassW
GetWindowTextW
EndPaint
BeginPaint
SetWindowPos
FillRect
CreateWindowExW
ScreenToClient
SendMessageW
SetWindowTextW
RegisterClassExW
ShowWindow
SetClassLongW
IsWindow
InvalidateRgn
GetAsyncKeyState
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
GetWindowThreadProcessId
EnableMenuItem
wsprintfW
AllowSetForegroundWindow
GetWindowTextLengthW
ReleaseDC
InvalidateRect
IsChild
GetSysColor
MoveWindow
RegisterWindowMessageW
GetParent
GetClassInfoExW
GetDesktopWindow
GetClassLongW
AppendMenuW
GetDlgItem
GetClientRect
CreateAcceleratorTableW
SetFocus
CharNextW
LoadCursorW
GetClassNameW
SetCapture
SetWindowLongW
ReleaseCapture

gdi32

GetObjectW
DeleteDC
DeleteObject
CreateSolidBrush
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
GetDeviceCaps

advapi32

SetEntriesInAclW
SystemFunction036
GetUserNameW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegFlushKey
RegCloseKey

ole32

CoInitializeEx
CoSetProxyBlanket
OleRun
CoUninitialize
CoInitialize
CoRevokeClassObject
CoReleaseServerProcess
CoAddRefServerProcess
OleLockRunning
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoInitializeSecurity

oleaut32

VariantClear
SysAllocStringLen
SysStringLen
DispCallFunc
VariantCopy
SysAllocString
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
SysFreeString
LoadTypeLi
VariantInit
LoadRegTypeLi
VariantChangeType
GetErrorInfo

crypt32

CertGetIssuerCertificateFromStore
CertGetNameStringW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96ed5030638b98a063a4c6938db6ebe4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

6d:c3:ed:45:66:16:3e:27:9d:27:84:c9:9f:ff:d7:87Certificate

Extended Key Usages

Key Usages

5a:da:0d:35:48:be:cc:0a:fe:53:ff:f8:a4:e2:00:2a:4e:8b:62:baSigner

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

winhttp

setupapi

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

crypt32

wintrust

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 277KB - Virtual size: 277KB

.data Size: 25KB - Virtual size: 49KB

.gfids Size: 1024B - Virtual size: 888B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 63KB - Virtual size: 62KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

6d:c3:ed:45:66:16:3e:27:9d:27:84:c9:9f:ff:d7:87
Certificate

5a:da:0d:35:48:be:cc:0a:fe:53:ff:f8:a4:e2:00:2a:4e:8b:62:ba
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 277KB - Virtual size: 277KB

.data
Size: 25KB - Virtual size: 49KB

.gfids
Size: 1024B - Virtual size: 888B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 63KB - Virtual size: 62KB