004db7737105ea6bd66fa0f54a3a93df

Sharing

Copy URL

Twitter E-mail

General

Target

004db7737105ea6bd66fa0f54a3a93df
Size

101KB
MD5

004db7737105ea6bd66fa0f54a3a93df
SHA1

829b87387ecbec21fbf1ba70cf22e655e4810ed6
SHA256

18cf498cc68fafb22321be2d377408448adf3cd0938bfba6868e7eb3476eea50
SHA512

6bc9afdf9a4077d022458dd0d15d0a2387dc1e48c6328fe7a1538d3ce3ed0e21f5ac9adb7a612266084807fa520c08f56f05488bec927ff90e80e25a5f5fa142
SSDEEP

3072:AXZPXXU/kR5ZYQz8wh36E1vCP2LuogmnaHGhN:GZPn5pXhKE29oL1

Score

1^/10

Malware Config

Signatures

Files

004db7737105ea6bd66fa0f54a3a93df
.exe windows:5 windows x86 arch:x86

0642c8d76fb6157a0c5e91d469035a61

Code Sign

69:9d:1f:67:c2:f1:c4:4c:b9:38:42:69:f1:79:93:0e
Certificate

Issuer

CN=666666

Not Before

12-02-2012 08:59

Not After

31-12-2039 23:59

Subject

CN=666666

Extended Key Usages

ExtKeyUsageCodeSigning

a2:a9:f7:fe:c5:95:ae:80:dc:2e:f5:0e:12:f3:b0:b3:f7:32:e3:e8
Signer

Actual PE Digest

a2:a9:f7:fe:c5:95:ae:80:dc:2e:f5:0e:12:f3:b0:b3:f7:32:e3:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
GetExitCodeThread
GetFileSize
GetFileSizeEx
GetFileTime
GetLongPathNameW
GetNamedPipeHandleStateW
GetNamedPipeInfo
GetNumberFormatW
GetOEMCP
GetPrivateProfileSectionNamesW
GetProcessHeap
GetProcessHeaps
GetProfileSectionW
GetShortPathNameA
GetStringTypeA
GetSystemDefaultLCID
GetThreadPriorityBoost
GetVersionExW
GetVolumePathNameW
GetWindowsDirectoryW
GetWriteWatch
GlobalAddAtomW
GlobalDeleteAtom
GlobalMemoryStatus
GlobalUnWire
GlobalUnlock
InitializeCriticalSection
IsBadStringPtrA
LoadLibraryA
LocalAlloc
LocalCompact
LocalFlags
LocalUnlock
Module32NextW
MulDiv
OpenEventW
OpenMutexW
GetDriveTypeA
QueryDosDeviceA
QueryInformationJobObject
RaiseException
ReadDirectoryChangesW
ReadProcessMemory
ReleaseMutex
ScrollConsoleScreenBufferA
SearchPathA
SearchPathW
SetCommBreak
SetComputerNameExA
SetConsoleActiveScreenBuffer
SetConsoleDisplayMode
SetConsoleScreenBufferSize
SetEndOfFile
SetFileApisToOEM
SetFileAttributesW
SetInformationJobObject
SetWaitableTimer
SuspendThread
UnhandledExceptionFilter
UnlockFile
UnregisterWait
VirtualAllocEx
VirtualQuery
WaitForDebugEvent
WaitNamedPipeA
WaitNamedPipeW
WriteConsoleW
WriteFileGather
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteTapemark
_hwrite
lstrcmpA
lstrcpyn
GetDiskFreeSpaceA
GetDefaultCommConfigW
GetCurrencyFormatA
VirtualAlloc
GetConsoleTitleA
GetConsoleDisplayMode
GetConsoleAliasesLengthW
GetConsoleAliasExesA
GetComputerNameW
GetComputerNameA
GetCommandLineA
GetCommState
GetCommProperties
GetCalendarInfoW
GetAtomNameW
FreeEnvironmentStringsA
FoldStringA
FlushInstructionCache
FindResourceA
FindNextFileA
FindFirstVolumeW
FindFirstVolumeMountPointW
FindFirstVolumeA
FindFirstChangeNotificationA
FillConsoleOutputCharacterW
FileTimeToDosDateTime
ExitProcess
EnumUILanguagesA
EnumTimeFormatsW
EnumSystemLocalesW
EnumSystemLanguageGroupsA
EnumResourceTypesW
EnumResourceNamesW
EnumResourceNamesA
EnumDateFormatsExW
EnumCalendarInfoExW
EnumCalendarInfoA
DnsHostnameToComputerNameW
DisconnectNamedPipe
DisableThreadLibraryCalls
DeleteFileA
DeleteFiber
DebugBreak
CreateProcessA
CreateNamedPipeW
CreateMutexW
CreateHardLinkA
CreateEventW
CreateEventA
CreateDirectoryA
CopyFileExW
ConvertThreadToFiber
ConvertDefaultLocale
CancelIo
BuildCommDCBAndTimeoutsA
BeginUpdateResourceA
BackupSeek
BackupRead
AllocateUserPhysicalPages
AddAtomW
AddAtomA
LoadLibraryW
GetProcAddress
PeekConsoleInputA

user32

LoadAcceleratorsW

shell32

DoEnvironmentSubstW
DoEnvironmentSubstA
CommandLineToArgvW
CheckEscapesW
WOWShellExecute
Shell_NotifyIconA
ShellHookProc
ShellExecuteW
ShellExecuteExW
ShellExecuteEx
ShellExecuteA
ShellAboutW
SHQueryRecycleBinW
SHQueryRecycleBinA
SHPathPrepareForWriteA
SHLoadInProc
SHInvokePrinterCommandW
SHInvokePrinterCommandA
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconEx
ExtractIconExA
ExtractIconW
FindExecutableW
SHAddToRecentDocs
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDiskFreeSpaceExA
SHGetFileInfo
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
Shell_NotifyIconW

shlwapi

StrStrIW
StrStrIA
StrStrA
StrRStrIW
StrRStrIA
StrRChrIW
StrRChrIA
StrRChrA
StrCmpNIW
StrCmpNA
StrChrW
StrChrIA
StrChrA

comctl32

CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord15
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetOverlayImage
ord17
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
ord13
ord2
PropertySheet
PropertySheetA
PropertySheetW
ord3
UninitializeFlatSB
ord8

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ggj
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heh
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0642c8d76fb6157a0c5e91d469035a61

Code Sign

69:9d:1f:67:c2:f1:c4:4c:b9:38:42:69:f1:79:93:0eCertificate

Extended Key Usages

a2:a9:f7:fe:c5:95:ae:80:dc:2e:f5:0e:12:f3:b0:b3:f7:32:e3:e8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

comctl32

Sections

.text Size: 9KB - Virtual size: 9KB

.ggj Size: 2KB - Virtual size: 1KB

.heh Size: 78KB - Virtual size: 77KB

.data Size: 512B - Virtual size: 192B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 277KB

69:9d:1f:67:c2:f1:c4:4c:b9:38:42:69:f1:79:93:0e
Certificate

a2:a9:f7:fe:c5:95:ae:80:dc:2e:f5:0e:12:f3:b0:b3:f7:32:e3:e8
Signer

.text
Size: 9KB - Virtual size: 9KB

.ggj
Size: 2KB - Virtual size: 1KB

.heh
Size: 78KB - Virtual size: 77KB

.data
Size: 512B - Virtual size: 192B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 277KB