13686d58c83d7489aa618f26418f649b

Sharing

Copy URL Twitter E-mail

General

Target

13686d58c83d7489aa618f26418f649b
Size

422KB
MD5

13686d58c83d7489aa618f26418f649b
SHA1

774c00e2a25cc59b1aba92e1dd066539d721ccaa
SHA256

15512736c52ea79c458883aa1fea4c533b20b1a41be8691575466be97362e678
SHA512

96c15454d9aa34c08c489b641650d6952c4c750714a1a6e28a87bb35f969cc06b47fb8168ea7950db96b982f845ba0dbd3be76ad8905ec44173b7d9788272b9b
SSDEEP

12288:DaUn6SuFTeWB569exdMthjefKfLUPBBoCg5Ru:Dh0TeWBsu6ofKfGILu

Score

1^/10

Malware Config

Signatures

Files

13686d58c83d7489aa618f26418f649b
.exe windows:4 windows x86 arch:x86

5295fcc71bf347d0dc1a52d03cce6e97

Code Sign

77:70:7a:d4:51:b8:24:aa:49:03:ad:a8:af:21:f4:4a
Certificate

Issuer

CN=tfyrvxqvexs

Not Before

21/11/2011, 11:24

Not After

18/06/2018, 22:00

Subject

CN=OKolo

6a:08:08:24:9a:1a:0c:cd:54:17:3c:9b:ba:a1:33:8d:d1:69:24:40
Signer

Actual PE Digest

6a:08:08:24:9a:1a:0c:cd:54:17:3c:9b:ba:a1:33:8d:d1:69:24:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterWindowMessageA
MessageBoxExA
EndDialog
GetWindowRect
SetSysColors
IsIconic
GetParent
DialogBoxIndirectParamA
SendMessageA
AdjustWindowRect
ReplyMessage

ole32

OleDoAutoConvert
CoResumeClassObjects
ProgIDFromCLSID
OleGetAutoConvert
CoInitialize
OleRegGetMiscStatus
CoGetStdMarshalEx
OleCreateFromFile

kernel32

SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
RtlUnwind
HeapFree
GetModuleHandleA
GetProcAddress
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bxcdlr
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

grtar
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5295fcc71bf347d0dc1a52d03cce6e97

Code Sign

77:70:7a:d4:51:b8:24:aa:49:03:ad:a8:af:21:f4:4aCertificate

6a:08:08:24:9a:1a:0c:cd:54:17:3c:9b:ba:a1:33:8d:d1:69:24:40Signer

Headers

File Characteristics

Imports

user32

ole32

kernel32

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 91KB

bxcdlr Size: 284KB - Virtual size: 283KB

grtar Size: 109KB - Virtual size: 109KB

.rsrc Size: 5KB - Virtual size: 5KB

77:70:7a:d4:51:b8:24:aa:49:03:ad:a8:af:21:f4:4a
Certificate

6a:08:08:24:9a:1a:0c:cd:54:17:3c:9b:ba:a1:33:8d:d1:69:24:40
Signer

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 91KB

bxcdlr
Size: 284KB - Virtual size: 283KB

grtar
Size: 109KB - Virtual size: 109KB

.rsrc
Size: 5KB - Virtual size: 5KB