0bce4281d2e6e327fec379ad325178f2

Sharing

Copy URL

Twitter E-mail

General

Target

0bce4281d2e6e327fec379ad325178f2
Size

849KB
MD5

0bce4281d2e6e327fec379ad325178f2
SHA1

f6ec12791f2329db7fb31a0ebecca69ad475babf
SHA256

6ed588b24a9b18c4af7862065740a0d86d9be4657263351567b6b2ed55c8dedc
SHA512

f2b39ebadb8c5a09e49d7e15d5b0b397824a8d7024d3f1c2aca5f2cb8762c2b115ddfa1a068475447c63bb0c047930e676d1924220ec9ff640e9ae8f1d00a019
SSDEEP

24576:4iksWPAAVj/SGaCM2rMjXspZx87eS4sCUCj/rXkzjLNN48B:41XAwj6AM2rMjK8FpJCSjLPxB

Score

1^/10

Malware Config

Signatures

Files

0bce4281d2e6e327fec379ad325178f2
.exe windows:4 windows x86 arch:x86

6da67cb4a04912fe1c214ef7a6b6ba63

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:37:24:bd:97:e2:e1:04:75:59:68:2a:a9:14:7a:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/11/2005, 00:00

Not After

22/11/2006, 23:59

Subject

CN=Screaming Bee LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Screaming Bee LLC,L=Middleton,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

21:6e:cd:8c:fc:3a:62:a0:0f:f6:d7:aa:df:c0:77:ea:b7:ef:a5:5a
Signer

Actual PE Digest

21:6e:cd:8c:fc:3a:62:a0:0f:f6:d7:aa:df:c0:77:ea:b7:ef:a5:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
SetFileAttributesA
GetTempFileNameA
FindClose
LockResource
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
CloseHandle
GetTempPathA
DeleteFileA
lstrcpyA
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetCurrentProcess
SetFileTime
WriteFile
GetFileType
GetCurrentDirectoryA
DuplicateHandle
CreateDirectoryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
FlushFileBuffers
ReadFile
GetFileAttributesA
SizeofResource
LoadResource
GetWindowsDirectoryA
CreateFileA
MoveFileExA
lstrlenA
FindResourceA
GetFileSize
VirtualProtect
SetStdHandle
HeapSize
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersionExA
RtlUnwind
RaiseException
ExitProcess
GetProcAddress
TerminateProcess
GetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetSystemInfo

user32

EndPaint
DestroyWindow
RegisterClassExA
PostQuitMessage
GetClassInfoExA
WaitForInputIdle
wsprintfA
GetClientRect
BeginPaint
SetWindowLongA
MessageBoxA
InvalidateRect
GetWindowLongA
CreateWindowExA
PeekMessageA
DefWindowProcA
ShowWindow
DispatchMessageA
GetSystemMetrics
LoadCursorA
MoveWindow
TranslateMessage

gdi32

SelectObject
Rectangle
GetStockObject
Polygon

advapi32

RegSetValueExA
RegCloseKey
RegFlushKey
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteExA
SHFileOperationA

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 777KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6da67cb4a04912fe1c214ef7a6b6ba63

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

37:37:24:bd:97:e2:e1:04:75:59:68:2a:a9:14:7a:55Certificate

Extended Key Usages

Key Usages

21:6e:cd:8c:fc:3a:62:a0:0f:f6:d7:aa:df:c0:77:ea:b7:ef:a5:5aSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 777KB - Virtual size: 777KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

37:37:24:bd:97:e2:e1:04:75:59:68:2a:a9:14:7a:55
Certificate

21:6e:cd:8c:fc:3a:62:a0:0f:f6:d7:aa:df:c0:77:ea:b7:ef:a5:5a
Signer

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 777KB - Virtual size: 777KB