1fbc4a7fbad64b1e3548e2d90fad1117

Sharing

Copy URL Twitter E-mail

General

Target

1fbc4a7fbad64b1e3548e2d90fad1117
Size

183KB
MD5

1fbc4a7fbad64b1e3548e2d90fad1117
SHA1

2b105945420b2607673e48ce0d7832081c7a8f52
SHA256

14d613ed55e29fb8be20229cf621df716715e318677fe61c12a3ce542fcc0576
SHA512

25de8fe3e51a46e8ed8ae8c56786a79da287910605ca3586051e2a5841c60c374fa6c85b544dbc46ddf6923de00bb0553466cc101450ee7f2f0e57a7558b9696
SSDEEP

3072:9aUg3H4ilb+6tj8Pzj7mFjptNeE1zW6Gp4tRANX+03ZnHf9mE:8UOH4+a6tYP4ny4sxL1mE

Score

1^/10

Malware Config

Signatures

Files

1fbc4a7fbad64b1e3548e2d90fad1117
.exe windows:5 windows x86 arch:x86

de95ec990b1cab6cbb3fa29bff92d3ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Ravwot Uenhj,O=Apaeece Ueoymerp Obed,L=Toamfe,ST=Lacaaukalc,C=GB

Not Before

08/07/2015, 08:11

Not After

07/07/2016, 08:11

Subject

CN=Wimurykr Kaeew,O=Apaeece Ueoymerp Obed,L=Toamfe,ST=Lacaaukalc,C=GB

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ce:3a:ef:a6:a6:fd:d2:d6:63:ed:48:b1:50:b1:00:d3:f4:58:7d:92
Signer

Actual PE Digest

ce:3a:ef:a6:a6:fd:d2:d6:63:ed:48:b1:50:b1:00:d3:f4:58:7d:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
CreateFileW
WriteFile
FlushFileBuffers
GetFileSize
ReadFile
GetProcAddress
HeapDestroy
HeapSize
HeapReAlloc
WideCharToMultiByte
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
ReleaseMutex
GetCurrentThreadId
CreateEventW
SetEvent
GetModuleHandleA
DeviceIoControl
CreateFileA
SetLastError
InitializeCriticalSectionAndSpinCount
LoadResource
DecodePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
SizeofResource
FindResourceW
HeapFree
GetProcessHeap
HeapAlloc
MultiByteToWideChar
GetCurrentProcess
IsWow64Process
Sleep
WaitForSingleObject
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
TerminateProcess
OpenProcess
GetCurrentProcessId
CreateDirectoryW
GetLastError
GetLongPathNameW
GetModuleHandleW
GetModuleFileNameW
SetStdHandle
WriteConsoleW
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
ReadConsoleW
RaiseException
GetCommandLineW
LoadLibraryExW
ExitThread
CreateThread
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetStringTypeW
MoveFileExW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW

user32

GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
DefWindowProcW
KillTimer
PostQuitMessage
SetTimer
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW

advapi32

RegCloseKey
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegOpenKeyW
StartServiceCtrlDispatcherW
StartServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
ChangeServiceConfigW
DeleteService
ControlService
CloseServiceHandle
ChangeServiceConfig2W
QueryServiceStatus
OpenServiceW
CreateServiceW
OpenSCManagerW
RegQueryValueExW
RegEnumKeyExW
LookupAccountSidW

ole32

CoUninitialize
CoInitializeEx

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de95ec990b1cab6cbb3fa29bff92d3ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

ce:3a:ef:a6:a6:fd:d2:d6:63:ed:48:b1:50:b1:00:d3:f4:58:7d:92Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 856B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

ce:3a:ef:a6:a6:fd:d2:d6:63:ed:48:b1:50:b1:00:d3:f4:58:7d:92
Signer

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 856B