20d775ac9508cbbd056af894b0c41f07

Sharing

Copy URL

Twitter E-mail

General

Target

20d775ac9508cbbd056af894b0c41f07
Size

773KB
MD5

20d775ac9508cbbd056af894b0c41f07
SHA1

358ce65a14c7f4f52a56135e736a1848e3abb0af
SHA256

101f54b00223a7b66b7d9d91bd0d05fccb5359e76010e39fe5a610aa38f0283c
SHA512

2b80a3d6fc9e2fa7be750f9e9ebf7389c3113ae6fc54dae1189bdf08ddfdcdee9e87b7df011f734a5e34b4c2308697f67be4a34e01f0a4d71515255ca8a0faa6
SSDEEP

12288:b+XrEi7D5N59js6j6tsqzneU0lLmU+7OzVXLJRYCIEE1bh7IUShCUXNqYJ/o3RFY:mfHjst/mlLmyXLv3IEEpJlUdGU

Score

1^/10

Malware Config

Signatures

Files

20d775ac9508cbbd056af894b0c41f07
.exe windows:4 windows x86 arch:x86

878d897122f150d86a7f4148e6428d12

Code Sign

41:79:ea:1b:ec:59:d4:ca:7e:66:86:28:32:55:54:80
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

24-09-2014 00:00

Not After

24-09-2015 23:59

Subject

CN=Evgen Kugitko,OU=Individual Developer,O=No Organization Affiliation,L=Kiev,ST=Kiev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c9:81:8c:00:38:96:78:45:32:de:65:ef:0b:d5:a2:13:a7:dd:c2:1e
Signer

Actual PE Digest

c9:81:8c:00:38:96:78:45:32:de:65:ef:0b:d5:a2:13:a7:dd:c2:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetVersionExA
GetModuleHandleA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MapWindowPoints

advapi32

RegQueryValueExA

oleaut32

SafeArrayAccessData

version

VerQueryValueA

gdi32

GetDIBColorTable

ole32

StringFromCLSID

comctl32

ImageList_Destroy

shell32

SHChangeNotify

comdlg32

GetOpenFileNameA

shlwapi

StrStrIA

wsock32

send

msvcrt

_gcvt

Sections

CODE
Size: - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 27B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 749KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

878d897122f150d86a7f4148e6428d12

Code Sign

41:79:ea:1b:ec:59:d4:ca:7e:66:86:28:32:55:54:80Certificate

Extended Key Usages

Key Usages

c9:81:8c:00:38:96:78:45:32:de:65:ef:0b:d5:a2:13:a7:dd:c2:1eSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

comdlg32

shlwapi

wsock32

msvcrt

Sections

CODE Size: - Virtual size: 832KB

DATA Size: - Virtual size: 35KB

BSS Size: - Virtual size: 7KB

.idata Size: - Virtual size: 11KB

.tls Size: - Virtual size: 27B

.rdata Size: - Virtual size: 3KB

.reloc Size: - Virtual size: 243KB

.text Size: 749KB - Virtual size: 756KB

.rsrc Size: 18KB - Virtual size: 19KB

41:79:ea:1b:ec:59:d4:ca:7e:66:86:28:32:55:54:80
Certificate

c9:81:8c:00:38:96:78:45:32:de:65:ef:0b:d5:a2:13:a7:dd:c2:1e
Signer

CODE
Size: - Virtual size: 832KB

DATA
Size: - Virtual size: 35KB

BSS
Size: - Virtual size: 7KB

.idata
Size: - Virtual size: 11KB

.tls
Size: - Virtual size: 27B

.rdata
Size: - Virtual size: 3KB

.reloc
Size: - Virtual size: 243KB

.text
Size: 749KB - Virtual size: 756KB

.rsrc
Size: 18KB - Virtual size: 19KB