20a79c667a1a26a8e2fc98891d3a613e

Sharing

Copy URL Twitter E-mail

General

Target

20a79c667a1a26a8e2fc98891d3a613e
Size

1.7MB
MD5

20a79c667a1a26a8e2fc98891d3a613e
SHA1

877b9c916562e5f8e2b7d398693c83b9d1a39d79
SHA256

d6961e7c6dfdbaccf147fcffe4a8fb74d936bd93a44cd73ab3e6c147c04c9ca6
SHA512

7afb5f54ebf5bc0951309f6580734bc3d1015aad312c712a77b00b1256d846036d856298f64bf524145cb1249e02d2438663aebff764eddf620e613c00ea90ed
SSDEEP

24576:Ev9U8OrTnMwjT6pRz0xGYmajtwUWKGLOIuYvEJdkzIBPf8To8FXX6QwiwZkr9epL:E2xnMuWLzeDaUpGLnufGIpfsqRkrspL

Score

1^/10

Malware Config

Signatures

Files

20a79c667a1a26a8e2fc98891d3a613e
.exe windows:4 windows

3c491c7833eaf74b6851ef90427604ef

Code Sign

87:68:f4:31:fe:34:57:bf:a5:35:49:c6:af:02:e0:a2
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/08/2017, 00:00

Not After

16/06/2018, 23:59

Subject

CN=OOO\,LOG,O=OOO\,LOG,POSTALCODE=664047,STREET=proezd Trudovoi 40 pom 6,L=Irkutsk,ST=RU,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MapFileAndCheckSumW
MapFileAndCheckSumA

comctl32

ord17

version

VerQueryValueA

setupapi

SetupGetFileCompressionInfoA
SetupDecompressOrCopyFileW
SetupGetBinaryField
SetupGetFileCompressionInfoW

wininet

InternetErrorDlg
InternetReadFile
InternetWriteFile
HttpSendRequestExA
InternetCloseHandle
InternetOpenW
HttpQueryInfoW

kernel32

DuplicateHandle
GetProcAddress
GetLastError
GetModuleHandleA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetFilePointer
LoadLibraryA
GetOEMCP
GetCPInfo
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
IsProcessorFeaturePresent
GlobalLock
GetDateFormatA
ExpandEnvironmentStringsA
GetVolumeInformationW
SearchPathA
SetFileAttributesA
FlushFileBuffers
FindClose
RemoveDirectoryA
GetExitCodeProcess
GetConsoleCP
GetDiskFreeSpaceA
SetCurrentDirectoryA
GlobalUnlock
IsValidCodePage
FindFirstFileA
lstrcmpiA
FindNextFileA
LockFile
SetEndOfFile
CreateDirectoryA
RaiseException
GetTempPathA
GlobalFlags
GetTimeFormatA
FreeLibrary
CloseHandle
GetCurrentThreadId
GetACP
QueryPerformanceCounter
GetTickCount
CreateFileMappingA
GetVersionExA
WriteFile
GetStringTypeW

user32

CreateWindowExW
ScreenToClient
GetWindowRect
GetSysColor
InvalidateRect
SetWindowTextW
GetDlgItem
SetScrollRange
SetWindowPos
CloseClipboard
SetCursor
CheckDlgButton
BeginPaint
CreatePopupMenu
EnableMenuItem
CallWindowProcA
GetMessagePos
EndPaint
DrawTextA
MessageBoxIndirectA
SendMessageTimeoutA
LoadBitmapA
AppendMenuW
EmptyClipboard
GetSystemMenu
IsWindowVisible
LoadCursorA
EndDialog
DefWindowProcA
GetWindowLongA

gdi32

OffsetViewportOrgEx
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
DeleteObject
SetTextColor
SetBkMode
GetStockObject
GetDIBits
ExtTextOutW
GetMapMode
RectVisible
Escape
SetMapMode
SetViewportExtEx
CreateBitmap
SetViewportOrgEx
PtVisible
ScaleWindowExtEx
TextOutW
SetWindowExtEx
GetViewportExtEx
GetWindowExtEx
GetTextColor
DeleteDC
ExtSelectClipRgn
GetObjectW
GetBkColor
GetRgnBox
CreateFontIndirectW
SelectObject
CreateFontIndirectA
RestoreDC
SetBkColor

rpcrt4

NdrClientCall2
NdrClientInitialize
NdrComplexArrayBufferSize
NdrClientInitializeNew
NdrComplexArrayFree

advapi32

RegQueryValueExW
FreeSid
AllocateAndInitializeSid
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW

shell32

SHGetFileInfoA
ShellExecuteA
Shell_NotifyIconA

oleaut32

VarDecRound
VarAdd
SafeArrayPutElement

shlwapi

PathAddBackslashA
PathAddBackslashW

ws2_32

WSAAddressToStringA
WSASend

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 30.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c491c7833eaf74b6851ef90427604ef

Code Sign

87:68:f4:31:fe:34:57:bf:a5:35:49:c6:af:02:e0:a2Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

imagehlp

comctl32

version

setupapi

wininet

kernel32

user32

gdi32

rpcrt4

advapi32

shell32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 30.0MB

.rsrc Size: 20KB - Virtual size: 16KB

.reloc Size: 16KB - Virtual size: 12KB

87:68:f4:31:fe:34:57:bf:a5:35:49:c6:af:02:e0:a2
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 30.0MB

.rsrc
Size: 20KB - Virtual size: 16KB

.reloc
Size: 16KB - Virtual size: 12KB