1e707df53682369132e152f7f3a444f5

Sharing

Copy URL

Twitter E-mail

General

Target

1e707df53682369132e152f7f3a444f5
Size

1.0MB
MD5

1e707df53682369132e152f7f3a444f5
SHA1

052494c49d1cc1f5db75a95b8d440ed4e562080d
SHA256

c8aa0a26ce1bab524dd88d314d197a2af59b5b67db0fff3d82690b74e7d95c4e
SHA512

bb845f2d2d5cbb9a56e416eec448d9b023638558dbaf694d19ad414169867c4b3303467a2f2c0130f661843e2e7f0a889401153fa9ae83811bcc511567169d6f
SSDEEP

12288:Mi94bywx1Dj5+h7ZCn0P5T7lHDbIi9dszYjN5HbPiLsptcyx7tbFEujtgDc:MHx13SZW0x5j5dsYnHeYpuyx7tx/tgDc

Score

1^/10

Malware Config

Signatures

Files

1e707df53682369132e152f7f3a444f5
.exe windows:5 windows x86 arch:x86

919a9aec1eff347967bff351784e8b43

Code Sign

7e:f3:00:91:52:fb:26:96:43:26:de:50:92:ec:72:ca
Certificate

Issuer

CN=XZZOXJSC

Not Before

25/12/2018, 12:03

Not After

31/12/2039, 23:59

Subject

CN=XZZOXJSC

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

29:de:92:5c:6d:1d:cb:6c:c7:86:4e:43:6c:28:f9:f8:7c:07:54:9e:c1:b9:60:31:04:2e:87:16:b9:e6:f5:30
Signer

Actual PE Digest

29:de:92:5c:6d:1d:cb:6c:c7:86:4e:43:6c:28:f9:f8:7c:07:54:9e:c1:b9:60:31:04:2e:87:16:b9:e6:f5:30

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetTickCount
GetTimeFormatA
GetUserDefaultLCID
GetVersion
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GetCommandLineA
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
IsDebuggerPresent
GetDateFormatW
LoadLibraryW
LocalAlloc
LocalFree
MoveFileW
MultiByteToWideChar
OpenEventW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiW
lstrlenA
lstrlenW
GetCPInfo
FreeLibrary
FormatMessageW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitProcess
DuplicateHandle
DeleteFileW
DeleteFileA
CreateProcessW
CreateMutexW
CreateFileW
CreateFileA
CreateEventW
CreateDirectoryW
GetCurrentProcessId
LoadLibraryA
GetCurrentProcess
CopyFileW
GlobalHandle
CloseHandle

user32

IsCharUpperW
GetMenuItemCount
CharUpperW
wsprintfA
UpdateWindow
SystemParametersInfoA
SetTimer
SetCursor
SendMessageA
ReleaseDC
PostMessageA
LoadStringA
LoadCursorA
KillTimer
GetParent
GetDlgItem
GetDC

gdi32

BeginPath
CreateMetaFileW

advapi32

AccessCheck
AllocateAndInitializeSid
FreeSid
GetLengthSid
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
OpenProcessToken
OpenThreadToken
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RevertToSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegOpenKeyExW
AddAccessAllowedAce

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

919a9aec1eff347967bff351784e8b43

Code Sign

7e:f3:00:91:52:fb:26:96:43:26:de:50:92:ec:72:caCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

29:de:92:5c:6d:1d:cb:6c:c7:86:4e:43:6c:28:f9:f8:7c:07:54:9e:c1:b9:60:31:04:2e:87:16:b9:e6:f5:30Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 4KB - Virtual size: 1.0MB

7e:f3:00:91:52:fb:26:96:43:26:de:50:92:ec:72:ca
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

29:de:92:5c:6d:1d:cb:6c:c7:86:4e:43:6c:28:f9:f8:7c:07:54:9e:c1:b9:60:31:04:2e:87:16:b9:e6:f5:30
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 4KB - Virtual size: 1.0MB