00022cb26d3ff37386f12e98a196831a

Sharing

Copy URL Twitter E-mail

General

Target

00022cb26d3ff37386f12e98a196831a
Size

324KB
MD5

00022cb26d3ff37386f12e98a196831a
SHA1

b282daa0e20d9d4eb7d803a159de5aac2ed1d11d
SHA256

0f3398cfac5de8b88544773e4d985977831e6c00d9bdf7f352381c0f8a58f693
SHA512

c1a70f5e3f35e0a9ceb487e080745886220f012e35b3cae399b55abaf3e155913416e05156ae6e4c19abd75ddb45288174d43901b0d87abae518b732e9988fb4
SSDEEP

6144:BsLpOxrlfQQ6644KcO+JuBR8QawodowN85Z:BEpSd16jGOGqSwRZ

Score

1^/10

Malware Config

Signatures

Files

00022cb26d3ff37386f12e98a196831a
.exe windows:4 windows x86 arch:x86

a9860d43dc08638f87731660529c9420

Code Sign

67:7b:0f:56:de:04:8d:a7:4e:a7:1f:99:23:cc:68:26
Certificate

Issuer

CN=u65ykrty

Not Before

28/01/2012, 05:39

Not After

31/12/2039, 23:59

Subject

CN=u65ykrty

Extended Key Usages

ExtKeyUsageCodeSigning

60:5e:cd:bf:60:cf:2d:b4:f7:b2:5d:6f:b3:7d:26:07:47:9f:f1:43
Signer

Actual PE Digest

60:5e:cd:bf:60:cf:2d:b4:f7:b2:5d:6f:b3:7d:26:07:47:9f:f1:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
GetWindowsDirectoryA
lstrlenA
lstrcpyA
CreateFileA
VirtualAlloc
Module32Next
GlobalFindAtomA
FindFirstVolumeMountPointW
HeapLock
GetPrivateProfileSectionW
GetCommandLineW
LoadLibraryExA
PeekConsoleInputW
GetLogicalDriveStringsW
VerLanguageNameW
SetCommConfig
GetWindowsDirectoryW
CreatePipe
Sleep
GetConsoleScreenBufferInfo
GetFileAttributesExA
GetTempPathA
GetTempPathW
Module32FirstW
Process32FirstW
Heap32Next
RtlZeroMemory
SetSystemPowerState
WriteTapemark
RtlMoveMemory
GetCPInfoExW
GetPrivateProfileSectionNamesW
GetStringTypeExW
GetStringTypeA
_lclose
SetConsoleTitleW
CommConfigDialogW
GetAtomNameW
SetFileApisToANSI
FindFirstFileExA
LockFileEx
GetCPInfoExA
VirtualProtectEx
lstrcpynA
SetCommState
FindResourceExW
CancelWaitableTimer
WriteProfileSectionA
LocalShrink
GetProfileIntW
OpenThread
MoveFileWithProgressW
BindIoCompletionCallback
CreateMutexA
SignalObjectAndWait
OpenMutexA
WriteFileGather
GetConsoleAliasExesA
FlushInstructionCache
FileTimeToDosDateTime
GetThreadSelectorEntry
GetLongPathNameW
SetConsoleCursorInfo
Thread32Next
SetLocaleInfoA
LocalHandle
Process32Next
HeapCreate
ReadConsoleA
IsBadWritePtr
ScrollConsoleScreenBufferW
TlsAlloc
UpdateResourceW
BuildCommDCBA
GetBinaryTypeA
MultiByteToWideChar
UnmapViewOfFile
SetCurrentDirectoryW
RemoveDirectoryW
GlobalDeleteAtom
GetDriveTypeA
LeaveCriticalSection
CallNamedPipeA
VirtualQueryEx
VerifyVersionInfoW
FindNextVolumeA
FindFirstFileW
IsBadStringPtrA
GetSystemWindowsDirectoryW
CloseHandle
FileTimeToSystemTime
WritePrivateProfileStructA
lstrcmpW
GlobalFlags
SetConsoleOutputCP

user32

LoadIconW

advapi32

RegOpenKeyExW

shell32

SHGetDataFromIDListW
SHGetFileInfoW
DragQueryPoint
SHInvokePrinterCommandA
SHGetInstanceExplorer
Shell_NotifyIcon
SHFileOperation
SHEmptyRecycleBinA
ExtractIconExA
FindExecutableW
ExtractAssociatedIconExW
SHGetFileInfoA
SHCreateDirectoryExA
ShellExecuteExA
ShellExecuteA
WOWShellExecute
SHFormatDrive
SHBrowseForFolderA
CheckEscapesW
SHGetDesktopFolder
SHGetFolderLocation
CommandLineToArgvW
DragQueryFileA
DragQueryFileW
SHLoadInProc
ShellExecuteW
SHLoadNonloadedIconOverlayIdentifiers
DragFinish
SHGetPathFromIDList

shlwapi

SHRegEnumUSValueA
PathMakeSystemFolderA
PathSetDlgItemPathA
SHRegGetBoolUSValueW
SHRegSetUSValueW
SHRegWriteUSValueA
PathAddExtensionA
ord16
PathIsUNCA
SHSkipJunction
StrTrimW
UrlIsOpaqueA
PathFindExtensionA
PathRelativePathToA
PathIsUNCServerA
PathMatchSpecW
SHEnumValueW
SHSetThreadRef
SHRegEnumUSKeyA
PathAppendW
ColorAdjustLuma
UrlCanonicalizeA
SHStrDupW
StrToIntExW
wvnsprintfW
AssocQueryStringA
PathAddBackslashA
SHEnumKeyExA
PathRemoveArgsW
ChrCmpIA
SHGetInverseCMAP
PathSetDlgItemPathW
SHOpenRegStreamA
StrCSpnIW
PathAddExtensionW
PathGetDriveNumberW
PathIsSameRootW
StrPBrkA
PathIsDirectoryEmptyA
SHDeleteEmptyKeyA
PathCanonicalizeA
AssocQueryKeyW
PathUnquoteSpacesA
StrChrIW
wnsprintfW
StrCpyNW
StrCSpnW
StrToIntW
SHRegDeleteEmptyUSKeyW
PathRemoveBackslashA
PathIsLFNFileSpecA
PathCompactPathW
SHRegQueryUSValueA
SHIsLowMemoryMachine
UrlCombineA
PathFindFileNameA
PathIsUNCServerShareA
PathIsUNCServerShareW
SHRegWriteUSValueW
UrlCompareW
SHRegQueryInfoUSKeyW
StrRStrIA
PathIsContentTypeW
PathParseIconLocationA
StrStrA
PathGetDriveNumberA
PathGetArgsA
SHDeleteEmptyKeyW
SHRegOpenUSKeyA
StrToIntExA
UrlCreateFromPathW
PathUndecorateW
StrFromTimeIntervalW
StrRChrA
PathCombineA
PathIsSystemFolderW
SHRegDeleteUSValueW
StrCpyW
AssocQueryStringByKeyW
UrlCreateFromPathA
AssocQueryStringW
SHRegEnumUSValueW
SHGetValueW
PathIsDirectoryEmptyW
StrRStrIW
StrChrA
StrRChrIW
StrRChrIA
StrStrIW

Sections

.text
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9860d43dc08638f87731660529c9420

Code Sign

67:7b:0f:56:de:04:8d:a7:4e:a7:1f:99:23:cc:68:26Certificate

Extended Key Usages

60:5e:cd:bf:60:cf:2d:b4:f7:b2:5d:6f:b3:7d:26:07:47:9f:f1:43Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 309KB - Virtual size: 309KB

.data Size: 6KB - Virtual size: 5KB

.text4 Size: 1024B - Virtual size: 960B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

67:7b:0f:56:de:04:8d:a7:4e:a7:1f:99:23:cc:68:26
Certificate

60:5e:cd:bf:60:cf:2d:b4:f7:b2:5d:6f:b3:7d:26:07:47:9f:f1:43
Signer

.text
Size: 309KB - Virtual size: 309KB

.data
Size: 6KB - Virtual size: 5KB

.text4
Size: 1024B - Virtual size: 960B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB