0b7825073f56452185d9028a77bad4e2

Sharing

Copy URL Twitter E-mail

General

Target

0b7825073f56452185d9028a77bad4e2
Size

322KB
MD5

0b7825073f56452185d9028a77bad4e2
SHA1

7151d44a86745ae52deff21e4894782993c1d80b
SHA256

15ab930faeae27d9efa77473cbc8a7e302e23d8601848270432fcbbba9a2e835
SHA512

897efb66026a7827e5cf5e29a13b689178f26fad8739666c4913f56a4a0ae958f624584d8cb8d6a6e717122102870e07b24879bc8026fe7eede39738dd3d7ea4
SSDEEP

6144:DaEcOWrmgQ4rsDDm/SXD0OKJwBmr6Sv27ff1QdLzb:DBrWjQheUnmrxv2LIb

Score

1^/10

Malware Config

Signatures

Files

0b7825073f56452185d9028a77bad4e2
.exe windows:4 windows x86 arch:x86

c624a25d86e4fcadf75ac1a7a4824129

Code Sign

7b:b0:fb:11:c6:7d:01:06:4a:b7:f8:c7:8c:eb:83:b8
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/11/2014, 00:00

Not After

07/11/2015, 23:59

Subject

CN=Consortium Group ltd.,O=Consortium Group ltd.,POSTALCODE=00152,STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR. ROSEAU\,DOMINICA\, 00152+STREET=3RD FLOOR\, C&h TOWERS,L=ROSEAU,ST=ROSEAU,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:4c:1e:49:d8:65:4a:4c:d2:17:33:60:22:c4:fa:e5:35:a9:72:05
Signer

Actual PE Digest

43:4c:1e:49:d8:65:4a:4c:d2:17:33:60:22:c4:fa:e5:35:a9:72:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetCurrentThreadId
ExitProcess
VirtualAlloc
ReadFile
LockResource
WriteFile
GetLastError
CreateThread
QueryPerformanceCounter
CloseHandle
GetUserDefaultLangID
GetSystemTimeAsFileTime
GetCurrentProcess
GetDefaultCommConfigA
GetModuleHandleA
GetVersion
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualFree
SetFilePointer
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
lstrcmpiA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetModuleHandleW
GetProcAddress
CreateFileMappingA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
HeapFree
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

RegisterWindowMessageA
GetSystemMetrics
LoadStringA
CreateDialogParamA
GetKeyboardType
SetWindowPos
WindowFromPoint
GetClientRect
RegisterClassExA
DialogBoxParamA
CreateWindowExA
GetDC

gdi32

Rectangle
GetDeviceCaps

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExW
GetUserNameA

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c624a25d86e4fcadf75ac1a7a4824129

Code Sign

7b:b0:fb:11:c6:7d:01:06:4a:b7:f8:c7:8c:eb:83:b8Certificate

Extended Key Usages

Key Usages

43:4c:1e:49:d8:65:4a:4c:d2:17:33:60:22:c4:fa:e5:35:a9:72:05Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 272KB - Virtual size: 269KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 28KB - Virtual size: 25KB

7b:b0:fb:11:c6:7d:01:06:4a:b7:f8:c7:8c:eb:83:b8
Certificate

43:4c:1e:49:d8:65:4a:4c:d2:17:33:60:22:c4:fa:e5:35:a9:72:05
Signer

.text
Size: 272KB - Virtual size: 269KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 28KB - Virtual size: 25KB