035dc51d67b410c497ec0e6fbcad6257

Sharing

Copy URL Twitter E-mail

General

Target

035dc51d67b410c497ec0e6fbcad6257
Size

610KB
MD5

035dc51d67b410c497ec0e6fbcad6257
SHA1

7df9f3e91d38cab68d55c2f96e81d239c7aa480e
SHA256

132c02a80e716a32f8c6071ae79ae0f949956c4000b17752a8e92caf2aa83375
SHA512

dd7084e6a50ec7ea1b2d11baa6cfdd6df929fda7eff84bf4dda42f90d52772addb52edbfd95748104981f9ed2c0eeb3ae0e48477c5eec21e0d19485f260b5b73
SSDEEP

12288:eq7QC37E6/Tv4nzPWB3u4uhAuC8S3neo6NjM2:eQ7E6j4zOB3u4LgSXZ6z

Score

1^/10

Malware Config

Signatures

Files

035dc51d67b410c497ec0e6fbcad6257
.exe windows:4 windows x86 arch:x86

11be535f97eed2eb98f96eccba3985ab

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/05/2015, 00:00

Not After

28/05/2016, 23:59

Subject

CN=KATANA,O=KATANA,POSTALCODE=156002,STREET=44/7 ul.Ostrovskogo,L=Kostroma,ST=Kostroma region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:45:1b:20:93:0a:89:11:97:bc:c9:cc:d3:25:b1:12:e7:b2:5e:cf
Signer

Actual PE Digest

62:45:1b:20:93:0a:89:11:97:bc:c9:cc:d3:25:b1:12:e7:b2:5e:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DragObject
BringWindowToTop
EmptyClipboard
OemToCharA
RegisterDeviceNotificationA
SetClipboardData
WaitMessage
ToUnicode
MoveWindow
GetKeyState
SendMessageCallbackW
GetGuiResources
GetWindowTextLengthW
SetWindowPos
GetClientRect
IsCharUpperW
CreateMDIWindowW
LoadKeyboardLayoutW
GetMenuBarInfo
SetClassLongW
ShowWindowAsync
GetCapture
DrawTextExA
wsprintfW
IsMenu
GetKeyboardLayoutNameW
UnloadKeyboardLayout
LoadCursorFromFileW
AdjustWindowRectEx
SetMenuItemInfoW
DefFrameProcA
GetWindowThreadProcessId
MessageBoxTimeoutA
GetMessageW
EnumDisplaySettingsA
CopyAcceleratorTableW
GetClipboardFormatNameW
SubtractRect
SendMessageTimeoutA
OemToCharBuffA
RegisterClipboardFormatW
DrawIcon
SetMenuInfo
CreateCursor
ShowCaret
LoadStringW
LoadCursorA
SetClassLongA
GetTabbedTextExtentW
GetAncestor
UnhookWindowsHook
GetClassInfoExA
LoadCursorFromFileA
GetListBoxInfo
ShowOwnedPopups
EnumDesktopsA
DefDlgProcA
SystemParametersInfoW
DlgDirListA
SystemParametersInfoA
FindWindowA
MessageBoxTimeoutW
PeekMessageA
HideCaret
MessageBoxIndirectA
GetKeyboardLayoutNameA
CloseDesktop
GetUserObjectInformationA
ActivateKeyboardLayout
OpenInputDesktop
ModifyMenuA
PostThreadMessageA
GetKeyboardState
SetDlgItemTextA
GetMenuItemInfoW
RealGetWindowClassW
GetUpdateRgn
IsDialogMessageW
UnregisterHotKey
GetMonitorInfoA
SetWindowWord
GetCursorPos
FindWindowW
IsWindow
EqualRect
EnumThreadWindows
IsDlgButtonChecked
GetMessagePos
EnumDesktopsW
CreateDialogIndirectParamA
UpdateWindow
GetClipboardFormatNameA
BroadcastSystemMessageExA
InsertMenuW
BroadcastSystemMessageExW
GetSystemMetrics
TranslateMessageEx
GetScrollInfo
GetMessageTime
MessageBoxA
IsCharAlphaNumericA
OpenWindowStationA
SetCaretPos
GetWindowTextA
SetWindowWord

kernel32

SetFileApisToANSI
CreateProcessW
lstrcmpiA
SetErrorMode
ReplaceFile
IsBadStringPtrW
AddAtomA
EnumResourceNamesW
HeapReAlloc
GetCalendarInfoA
FindFirstFileExA
SetFileShortNameW
VerLanguageNameW
SetFileApisToOEM
ClearCommError
CloseProfileUserMapping
CancelIo
GetLargestConsoleWindowSize
SetComputerNameA
CreateDirectoryA
GetPrivateProfileIntA
WinExec
GetThreadContext
GetFileInformationByHandle
ReadConsoleOutputCharacterA
GetModuleHandleExW
GetConsoleCursorInfo
GetPrivateProfileStringA
ClearCommBreak
GetEnvironmentStrings
RemoveDirectoryA
WaitNamedPipeW
GetStringTypeExA
SetEnvironmentVariableA
LZInit
CompareStringA
Heap32First
BuildCommDCBAndTimeoutsW
CreateProcessInternalW
FileTimeToLocalFileTime
WriteConsoleOutputA
ScrollConsoleScreenBufferA
OpenEventW
FindClose
GetDiskFreeSpaceExA
ConnectNamedPipe
EnumSystemLanguageGroupsA
WaitForSingleObject
CreateTimerQueue
MapUserPhysicalPages
GetOEMCP
GetProfileIntA
FlushConsoleInputBuffer
GetNamedPipeHandleStateA
GetThreadSelectorEntry
LocalSize
GetStringTypeA
GetTimeFormatA
CreateFileA
GetProcessTimes
ConvertDefaultLocale
GetConsoleKeyboardLayoutNameA
PulseEvent
FindFirstVolumeMountPointW
lstrcpyn
lstrcpyW
QueryDosDeviceW
ExpandEnvironmentStringsW
WaitForMultipleObjectsEx
GetConsoleFontInfo
GetDriveTypeA
GetTimeZoneInformation
FindFirstChangeNotificationA
GetACP
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextW
PageSetupDlgW
ChooseFontW

shell32

ShellExec_RunDLL
InternalExtractIconListA

Exports

Exports

�B��$��~��'�=�#`wٝ@�U��WC0MX�b�sda�0��K�w��ϴ�݋�aӉ5��@�)c|1Q�Ģ�W�q1bȪ�T0>%��#Z��f4�[��"��Ι��[��PE�*��=y��GF��[u�z � ��a�x��vʙ�q��P�1A�=��I�.�1i��f�q67Մ�u�� I#�m��}N��g�tu�Ļ��5�@�w] ](��8�{��D� ��wg ��u] �͑;��y�'�iG�} ��QB��t�}�ާG�lݫ��*Eʩ�Y�Ҋ��+�b��-r��_��)h H��=&��)��S�<�$��s�v��bs��E��X��&��U��s��A�W��[Gʔ^.;�M-J�<�ج��Z6��ȕ&g��J�:��sY��D 6�)d6�n-U9��L��@_D��e|��C�]��n�y H3FҠ�b��L��kL�˨��:s��"�p�%�o[��]��1G��,��ܒ��zn��'�-A򎤽~�O�p�kp�Ʌ�xp��+XA'x)��C��~��*D�J�2aCi��s�~�� X�R�`TTs��9o�C�u�= *�i�;�)r5�%��Lܺ�S�F�8. ��'�s&DN�*RR��fN��KԳ�sk눢Bbw`��;�3hNW�Gn_n��=N�$�# �>�x�,��g^�'q��\QQ��z�nEх�M��/�-K�O��}3?��8��4w��/�\t-�[n�{��$�T�$ @I�D��#( ��܏��깰?�� ڢ�bl�!�1�'�,�P&`G��^��D�w[ú4V�j��ꮢ��!��*t�$� Kו��H}�?�<i��YTv(`��=y=B�� 1�z x��p)��Srh��q�X�3�E$��"��Fr��J%V��'O ��_>h�s�qE��+��/�`��"C��T�)��y�q!nc>�4�oc(�= �Fn� �ᩬhw>��/?� ��<|�*�H�,;��_W�o�hqx�t�NW��C��ըp��S�ǭWo�a[ �"�Y�Q�"��R�i�c�,�b��ل��j��a;A e�%�W$�y��إ��Ū�~\��nc"�2�D��CLeP \e�ݤB�� J_uE��n��F.LB��̓�k:�U�0?��aƭͣ�yE��ܜ��V0�zO�`0�U ��U��)��ݾc^��<k�L�{��b��ڹ�'�;�{0(��U��k�p`$��]�M�ѕ�.sg㋇�p�$�ʔ��_!3�^CQg׬�2�3�3�wB��)7;�6K n��X�:s=��`�*�(@��X�1ӷ��8��m��ۏ��A-�z��`GS��rp�WU=C�d�m��ύe*�"�7X��E0��ʰ�g61=;��:F䁱��`Y��`[sl�ļT�#��a�Z3�\ׁ��nQ�-�G��&�AI!w��w!�j�_��DcW@�9�??�s� �Չt�,��o;��>��[��1��I�-R��%�ƟY�?3].�e�䌗n۝B�+��&��_��kt��Kq�7TQM��g��싵(��P��`��lzьy�j��St��9wif|o��[�Vl��Ƴ�V�-�g��l��n>(��sΟ\�T�aǪͮ?��W��m=�7,�/A8�]>(Zzg��bQ��U��aR�Q�N��i��*(�� Pw�u��`�� `c�s��x�BL�#ض��|� NQ��x(��a��V��O �7i��I�j�T��p0r#�# U�u:��Qi'\y��Sڢ��> z|�w��n� ��"�,|�w�3�L:;@V�O�IR'K�.�h��'@��3 8n8��veEZ��n��gUdq�1�12�~t��y��&��u�%��Z��=e ��qU_�s�iL��2�3J:��Q�:�t��a�<��[��I,6@A�?��XҞ؁D�S�e��>��Bl��Gb�9�Y�|ˮ"��.��%u��o�Z�&�@�w�+�k��!�λL��%ޣ�p�qv&��˵��R�rs��?m*Fﷸd��*��[DC��)�=��){��U��zxz�8��P V�{'�"��<'��O�D�F�i��L��Y�us��v��sk��κ�G��V)9��G4q9�wG1�o�M�Y�:� ��q��*�u=��j�`ΐ`�n��%��x~h'��P(�~uJ�>�I!+h��DAkU��K�S��,��_�4��?�Dhy~gv�J/��V辳4��i0ٵ�%��c��Ғ/@B6e"e5-��)M��Jq��]��`��0�$ή�\��6�0��|�9ѯ�C|�M0��8ߛ�E��$vɁf�m5��kbr�|S/u1��F5��S��0:��_U��(��Z��+��f��9�z�R[n�'�$��,K.�|=>?1��F�M��Fg��u�T��kt� -)�$�c�Z�V�,��->�O�%�Մ��OB�c|+�� X�8��A��n[�4䔏�]�ɄOEg��^�^Q��"��1/ZvLS��ٰ�6��,�l΁�w@�E �'��Z�ia�$t�ҕb0��bĳĞ�*�pU��sG�}>8��ٚhrvQ4��k��0�<��w�Aq-�9�%5=��mgz��ᆟ��C�S[J�Ύ�P;M�$h��l�\��]�� 'BY�I m<&قsi^�ЫK�Vb�NTW�N��Fzh�k��X��o�_�6)��y��ue/��R;t�ز s��09?�W��NЏl��{�FVE��=�Y�f~��LP��%Y;$��j˽3.��3��

Sections

CODE
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 821B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11be535f97eed2eb98f96eccba3985ab

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57Certificate

Extended Key Usages

Key Usages

62:45:1b:20:93:0a:89:11:97:bc:c9:cc:d3:25:b1:12:e7:b2:5e:cfSigner

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

shell32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 440KB

DATA Size: 19KB - Virtual size: 18KB

BSS Size: - Virtual size: 821B

.idata Size: 5KB - Virtual size: 4KB

.text0 Size: 18KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 60KB - Virtual size: 60KB

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

90:ad:07:f1:69:75:8b:4d:6d:2e:51:21:24:a5:3b:57
Certificate

62:45:1b:20:93:0a:89:11:97:bc:c9:cc:d3:25:b1:12:e7:b2:5e:cf
Signer

CODE
Size: 441KB - Virtual size: 440KB

DATA
Size: 19KB - Virtual size: 18KB

BSS
Size: - Virtual size: 821B

.idata
Size: 5KB - Virtual size: 4KB

.text0
Size: 18KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 60KB - Virtual size: 60KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB