12a2b6c279a648577e1ce5fa1a35afc3

Sharing

Copy URL

Twitter E-mail

General

Target

12a2b6c279a648577e1ce5fa1a35afc3
Size

604KB
MD5

12a2b6c279a648577e1ce5fa1a35afc3
SHA1

d9f25ad9e5705246278df8aab3762c0a5be7fc64
SHA256

3e8b1ea84ad2d991323a9df69f5bedece5252c0f7cb83139a25f9441ca98a131
SHA512

36444c069c0763c22f06ab71570eb9818db937c978324a94610dbc37a3362ddbb4596cee4e75415c8193dcb02bdb721c6e197dd82590ad8eb85280e16283dcfe
SSDEEP

12288:iTC7O4L2AudlNj0E852PaPuou8UYYZY/BwTDKlu/cQ/4M:iTCK4L0Nj0l5x1u8IZYpwTDKlu/cs

Score

1^/10

Malware Config

Signatures

Files

12a2b6c279a648577e1ce5fa1a35afc3
.exe windows:4 windows x86 arch:x86

50204e196d0e253e09ec8471a1e9ed69

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29-04-2015 00:00

Not After

28-04-2016 23:59

Subject

CN=RTPK,O=RTPK,POSTALCODE=214000,STREET=UL. KONENKOVA\, 4\, 68,L=SMOLENSK,ST=SMOLENSK REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5c:e9:14:f3:13:6f:ef:84:12:fd:f0:aa:fc:3e:27:52:a5:c3:97:13
Signer

Actual PE Digest

5c:e9:14:f3:13:6f:ef:84:12:fd:f0:aa:fc:3e:27:52:a5:c3:97:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

SetUserObjectInformationW
PrivateExtractIconExW
IsCharAlphaW
SendInput
GetWindowTextLengthW
ToAscii
SetMenuInfo
SetSystemMenu
GetMenuItemInfoA
CharUpperBuffW
IsDlgButtonChecked
GetNextDlgTabItem
GetScrollPos
GetSystemMetrics
EnableWindow
GetWindowRgn
IsCharUpperW
DlgDirSelectExA
DialogBoxParamW
SetClassLongW
IsIconic
LoadIconA
SendMessageCallbackA
PostThreadMessageA
SendMessageTimeoutW
PostMessageA
OffsetRect
IsMenu
GetScrollRange
GetKeyboardLayoutNameA
UnregisterDeviceNotification
UnregisterHotKey
SetWindowTextA
CheckMenuRadioItem
SetForegroundWindow
DialogBoxIndirectParamW
SetLayeredWindowAttributes
CharLowerBuffW
ChangeMenuW
PrivateExtractIconsA
GetIconInfo
EnumPropsA
FrameRect
SystemParametersInfoW
GetWindowPlacement
GetLastActivePopup
LoadKeyboardLayoutA
EndTask
WaitForInputIdle
GetDC
CreateMDIWindowA
GetClassInfoA
DrawAnimatedRects
GetWindow
UnlockWindowStation
MessageBoxExW
FindWindowW
SetLastErrorEx
GetMenuBarInfo
GetWindowWord
EndDialog
SetDoubleClickTime
IsCharLowerW
RegisterHotKey
SetMenuDefaultItem
RegisterClipboardFormatA
SetWindowWord
GetWindowTextA
SetCaretPos
SetCaretBlinkTime
PeekMessageA

kernel32

GetProcessVersion
TransmitCommChar
DisableThreadLibraryCalls
AddVectoredExceptionHandler
GetUserGeoID
EnumResourceLanguagesA
SetVolumeLabelW
CreateHardLinkA
ResetWriteWatch
ReplaceFileA
GetPrivateProfileSectionW
WriteProfileSectionW
SystemTimeToTzSpecificLocalTime
IsProcessorFeaturePresent
LZStart
GetCommModemStatus
ReplaceFileW
GetVolumePathNameW
GetCalendarInfoA
UpdateResourceA
ClearCommBreak
GetDiskFreeSpaceExA
GetModuleHandleExA
SetCriticalSectionSpinCount
GetPrivateProfileStringW
EnumSystemLanguageGroupsA
WriteFileEx
WaitForSingleObject
HeapLock
IsValidLocale
GetFileSize
MoveFileExA
MoveFileWithProgressA
GetDefaultCommConfigW
LZCreateFileW
ActivateActCtx
SetVolumeMountPointA
CancelWaitableTimer
VerifyVersionInfoW
RtlMoveMemory
FindResourceA
DefineDosDeviceA
CopyFileW
MoveFileW
IsWow64Process
GetConsoleWindow
EnumCalendarInfoA
EnumCalendarInfoExW
FindAtomW
ReplaceFile
SuspendThread
MapViewOfFile
SetEndOfFile
CreateFileMappingW
RequestDeviceWakeup
Heap32ListFirst
SetComPlusPackageInstallStatus
ExpandEnvironmentStringsA
ConnectNamedPipe
ScrollConsoleScreenBufferA
VirtualQueryEx
SetCommMask
GetCurrentProcessId
DeleteVolumeMountPointA
GetUserDefaultUILanguage
GlobalAddAtomA
LocalFileTimeToFileTime
GetGeoInfoW
FreeUserPhysicalPages
GetACP
SetThreadAffinityMask
lstrcpynA
FindVolumeMountPointClose
SetLastConsoleEventActive
GetNamedPipeHandleStateW
GetTapePosition
GetLastError
ConvertDefaultLocale
GetProcessHeap
GetVersion
WriteConsoleOutputW
MoveFileExA
VirtualQuery
LoadLibraryA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

GetOpenFileNameW
LoadAlterBitmap
GetFileTitleW

oleaut32

VarI4FromUI4
SafeArrayCreateEx
SafeArrayGetUBound
RevokeActiveObject

gdi32

GdiReleaseDC
CreateScalableFontResourceW

comctl32

GetMUILanguage

Exports

Exports

��R��Q��"�'3hϗ]�$y��%F�"��`��#��aߨ��E�]��B:P� �a�w�!U�ɠs"��Uz��no6��'?��e��5V��oW��s��-�!�L@mD�$9ș(��γ&vm�K��@�h��a�D]#�n��GE�6c4��::�Y�1xj��t�81$�;fP��S��+�{w��a�?�a�W�ۺ��L]�{��ǎ��hg�dOk�?b v��}��g��F�q'V+��4G#V#-�ͅ��s� ��Y0,�#}yP�CPA,�9sD�2�2w��X�:c��N��l>bL�r��tE��b��5�4�*G�d(��d��v��سs5�3��h6NH�p'5�$Qz�(��>�b�j3!^J��1�Q�c�?�~�[�f#�:��47�բ�?iܘ�\��7��}$Ҥ�I�^��(�=~�$5��F��ၷC�̇ޒ��u-��N��c�Mɹ�ҴH��8��% Kz��E��*TqÂ�� ÿ1W�.M{�1��V�R(��ʊGx�\�t�0u ��ً �+˗�ඐ(��զ�ӈ�5��)��L0N�k��Hc��TE��>��s�6�yQ��l�� V��(.�gR��<#�I�h��N�߬�$�h�t��!5�@%"Ff炭��f��Z|J<��c��<��6�]/�"�U��{�5v3t�{"W��\��Q<�'�re��?,Q��n<�3W��.F��V>�`Lp��b�COx�%�_�汼��=yiǣA��L��q|�9��<�(4��f�$��*[efϖ;k��f{?ZO� �Ȃ��o�s}��̤�� m��t^|��`��`B�\��l� � p�X� G}$��(�x��\G�MKs/��A>��8�R�7��8��t�� u��vtg��p�b�5(��6��zwb5�p�;W�Z�̀��o��yK�-��cQ��S��D`�AmG��A-�c)#ڿ�VL�R�#~f��.�$2�j4��W,YG%ܑ�A�]R�d9��Bb��&�-g?��'�/ �m�8��v�&p��S��DM��G�ղ#��R�)��=6��1��.�p=��oU��Ƥ-�P ��]�M >En��߯�hxvfc?_m��YJP5Uز7�j,��e��w|�C�_)��6��(Y9��'�:�{!�b�9�� &S��wגٓE�lr�l��T�c^=-��?� ��f�) ��[8��+[4$�؝x��P��ӧ۞�@�� O9�W<8��oB��+�p��3�2N��t�*��#_��srk)��n ��_ V}V��B�6��A-d)V8)�Ҡ�QX0b�"�J 3��gcL�4��]C��mx�Hf�5P��p$L�u��3�"��Hʕ�%p��]�Ju`@a;�,P�~��b!,��řC�� _mNN��47�� |��YV5�z~/ ��K �[�l�ě�9�2�\��%C�MYQW��x� ��q�g� o��cCm7�o�['��r�~솾Ag� ��4 ��'Z��ە�XJ�]�{k��e��YmT��򅋊荫=ka�_��|50�#�`7/��>��ˑ͐�T��Cq߲� �Bhw��c��z��`�H_Pg�QIe�7:��~P��o��t��Aեȡ� ]ߊ��h_JT��l��Jaߝ��1�N�a Xu6�E��I5#�Py8p-��k0��k��L�F�� z��1��+8�<7�h��ArS��A��9-hg�3em��;��P�jϴNf��p�7�\��x�/K`I\�a|;�"�RJ�;��Ÿ��Z��GY�DE2a(#ڥ1��"|N�VΈ+�X��H�L��Qia?)�d'�Fk��:�\�o'��-�BQ4�y��C�/��e��,�$x�{9-�$��i�,PmA��ДT��v'��W(��1F<�)�/��5'��k�{��k�>��@��=�0��-"��X*��5"&��)+�=�t�\��(8G\3u�Ex�H��j'��At�>=J�[0��~I�X#��y�< W��p��m�A��k($�F��oh��L $T��:~��'#G=A�t�p��6 �k}��.��ɉ[B<��C3�Hd��Wj��.��n ) z��!a l��4�0~g�q��I$�]�Y�Ԟ��lR��T'`�A�tp��o3.�5�Ԡ̈c�a�T��騭��S�Uz�+{1;�!��+�� Ħ߳��/9��-ZR��ٕ�B4EC��&_�-/��a븣E[��ʿ� X��k�>�v�u�}��L��P}�� G(L��>��75h�$aakm�R�;��z�#34��a� �N!*� Bt�?�:R�/ack��Q~#��7�l�?,n��ொ^��"<��F�́��/��0�2�j�t��@�?�nJI��8��'N�^g��H�1��-��)+�K Z�f��+��5��G�)D�u8��?��#�'jF.{�6�ԫ�,d� ש�� :$��5��I��xRHU��M&�v(\�8+��-��+��8��[�}�� @e��U��ФM�_W��)"Ը��0��smS�ŏ O��/(��>��C��<)��m(�b�_�.+jZű��5�1��Ŋ�c_S܆�V��~��W�U��R��>��f9�PrA+|n��N�#�v]�L��)�z݂K(��$,�o�M��,A۸AXj1�/�יzi,��T��N៝CԚ�j��N�R��:4�cþ��=�)e,�<y7g#�k�kWUn[�ڑ;A`

Sections

CODE
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50204e196d0e253e09ec8471a1e9ed69

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:deCertificate

Extended Key Usages

Key Usages

5c:e9:14:f3:13:6f:ef:84:12:fd:f0:aa:fc:3e:27:52:a5:c3:97:13Signer

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

gdi32

comctl32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 438KB

DATA Size: 20KB - Virtual size: 19KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.text0 Size: 15KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 59KB - Virtual size: 59KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

8e:18:34:16:de:03:f9:76:e8:a4:d7:48:a2:9e:0c:de
Certificate

5c:e9:14:f3:13:6f:ef:84:12:fd:f0:aa:fc:3e:27:52:a5:c3:97:13
Signer

CODE
Size: 438KB - Virtual size: 438KB

DATA
Size: 20KB - Virtual size: 19KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.text0
Size: 15KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 59KB - Virtual size: 59KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB