1545123520be5b7fc3017cb581471524

Sharing

Copy URL

Twitter E-mail

General

Target

1545123520be5b7fc3017cb581471524
Size

284KB
MD5

1545123520be5b7fc3017cb581471524
SHA1

24733882efbad539a49bc4767e0950c521c15d12
SHA256

81a2141c8e0773f88f841a65600610d52280ed07c1da6f2afdd4d12c22ce01c5
SHA512

1af320c81b1f3662f9e27c2311361aa128ca95a6f6d6b033c7ebec7d9b067058951776e835032736b854e539c817d3c246c9c3853b0b230b3d5dceac8ecfafee
SSDEEP

6144:cNq6Au17HPwmDDANk9eAMezi8Tu4+4lAGJ9gGSwD+c6g:cM6Au17HB196ALSg

Score

1^/10

Malware Config

Signatures

Files

1545123520be5b7fc3017cb581471524
.exe windows:4 windows x86 arch:x86

cd4b2f17fec7f7f47ad9cb11d0e38fd2

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

Issuer

CN=55666123h

Not Before

14-02-2012 20:22

Not After

31-12-2039 23:59

Subject

CN=55666123h

Extended Key Usages

ExtKeyUsageCodeSigning

b8:8d:0d:2a:55:b8:2c:20:ee:63:6a:dc:fc:16:b0:94:8f:67:3c:b4
Signer

Actual PE Digest

b8:8d:0d:2a:55:b8:2c:20:ee:63:6a:dc:fc:16:b0:94:8f:67:3c:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
VirtualAlloc
SetComputerNameExW
GetUserDefaultUILanguage
CreateMutexA
HeapSize
CancelDeviceWakeupRequest
LockResource
FreeConsole
GetLastError
UpdateResourceW
InterlockedDecrement
GetPrivateProfileSectionA
lstrcmpiW
GetStringTypeExA
IsBadReadPtr
SetCurrentDirectoryA
GetPrivateProfileIntW
GetConsoleAliasW
GetThreadSelectorEntry
GetProfileIntW
GetBinaryTypeW
FreeUserPhysicalPages
SetCalendarInfoW
CancelIo
GetProfileStringA
GetCPInfo
ReleaseMutex
SetProcessWorkingSetSize
SetConsoleMode
LoadModule
FindAtomW
GetACP
SetConsoleCtrlHandler
EnumResourceTypesA
SetComputerNameW
GetProcessVersion
CommConfigDialogW
ScrollConsoleScreenBufferA
GetNamedPipeInfo
IsBadStringPtrW
SwitchToFiber
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetPrivateProfileSectionNamesA
GetConsoleAliasesW
ExpandEnvironmentStringsW
WriteProfileSectionA
IsBadStringPtrA
SetCommMask
WaitNamedPipeA
GetLocaleInfoA
Heap32ListNext
ResetEvent
SetDefaultCommConfigA
DosDateTimeToFileTime
CreateFileA
GetDateFormatW
SetThreadAffinityMask
GetSystemWindowsDirectoryW
IsDebuggerPresent
GetCPInfoExA
GetCommandLineA
FatalAppExitA
WriteConsoleA
VirtualAllocEx
AddAtomW
EnumResourceNamesW
GetFileTime
FindAtomA
GetPrivateProfileStringW
VirtualProtect
TransactNamedPipe
GetProcessHeaps
SetThreadExecutionState
GlobalUnfix
SetConsoleCP
WritePrivateProfileStringW
HeapReAlloc
GlobalHandle
FindFirstFileA
AreFileApisANSI
SetProcessPriorityBoost
DeleteTimerQueueEx
GetCurrentThreadId
CopyFileExW
GetProcessShutdownParameters
LCMapStringA
Toolhelp32ReadProcessMemory
GlobalReAlloc
Module32NextW
GlobalDeleteAtom
GetFileSizeEx
ReadProcessMemory
GetProfileSectionW
DeleteTimerQueueTimer
GetSystemTimeAdjustment
lstrcmpiA
BuildCommDCBW
TryEnterCriticalSection
SetHandleCount
MoveFileExW
CreateTimerQueue
SystemTimeToTzSpecificLocalTime
VirtualLock
WritePrivateProfileSectionW
FindResourceW
lstrcmpW
CreateMailslotW
SetFilePointer
SetFileTime
QueryPerformanceCounter
CompareStringA
GetEnvironmentVariableW
FindFirstChangeNotificationA
GetDefaultCommConfigA
GetOverlappedResult
ReadConsoleA
GetFileAttributesA
VirtualQueryEx
LocalUnlock
GetEnvironmentStringsW
FindClose
GetCurrentConsoleFont
GetPrivateProfileStringA
WriteConsoleOutputAttribute
GlobalUnWire
GetDefaultCommConfigW
RtlFillMemory
CancelWaitableTimer
_hwrite
GetCompressedFileSizeA
SetConsoleScreenBufferSize

advapi32

RegOpenKeyExW

shell32

DuplicateIcon
ShellAboutW
SHFileOperationA
SHGetSpecialFolderLocation
SHBrowseForFolder
FindExecutableA
SHCreateDirectoryExA
SHGetFolderPathA
Shell_NotifyIconW
ExtractAssociatedIconExA
DragQueryFileW
SHQueryRecycleBinW
DragAcceptFiles
DragQueryFileAorW
ShellExecuteEx
ShellHookProc
SHGetSettings
CommandLineToArgvW
SHGetFolderLocation
SHGetSpecialFolderPathA
SHGetDataFromIDListA
SHFreeNameMappings
ExtractIconW
ExtractAssociatedIconExW
DragQueryFile
SHGetSpecialFolderPathW
SHPathPrepareForWriteW
SHGetDesktopFolder
SHGetPathFromIDListW
SHChangeNotify
SHGetIconOverlayIndexA
SHFormatDrive
SHCreateProcessAsUserW
DoEnvironmentSubstA
FindExecutableW
ExtractIconEx
ShellExecuteA
ShellAboutA
SHGetDiskFreeSpaceExA
ExtractIconExW
SHInvokePrinterCommandW
SHBindToParent
SHLoadNonloadedIconOverlayIdentifiers
SHGetDataFromIDListW
ExtractIconA
SHGetFileInfoW
SHPathPrepareForWriteA
SHGetFileInfoA
SHCreateDirectoryExW
SHGetFileInfo
ExtractAssociatedIconW
DragFinish
SHGetMalloc
DragQueryFileA
SHAddToRecentDocs
SHIsFileAvailableOffline
ShellExecuteW
WOWShellExecute
SHBrowseForFolderW
Shell_NotifyIconA
SHEmptyRecycleBinA
SHAppBarMessage
ShellExecuteExA
SHGetInstanceExplorer
SHGetPathFromIDListA
SHInvokePrinterCommandA

shlwapi

StrRChrW
StrRStrIA
StrCmpNIW
StrChrIA
StrStrIA
StrStrIW
StrStrW
StrChrIW
StrRStrIW
StrCmpNW
StrCmpNA
StrRChrIA

comctl32

CreatePropertySheetPage
CreatePropertySheetPageW
PropertySheet
CreateStatusWindowW
ImageList_LoadImageW
CreateStatusWindow
ord2
FlatSB_GetScrollProp
ImageList_BeginDrag
ImageList_ReplaceIcon
DestroyPropertySheetPage
ImageList_Merge
GetMUILanguage
ImageList_DragEnter
ImageList_Create
ImageList_EndDrag
ImageList_GetImageRect
ImageList_Add
ord17
ImageList_GetBkColor
ord8
InitMUILanguage
FlatSB_EnableScrollBar
_TrackMouseEvent
ImageList_AddIcon
FlatSB_ShowScrollBar
ord3
ImageList_Write
ImageList_LoadImage
ImageList_Replace
ord7
ImageList_DragMove
ImageList_Destroy
ImageList_Copy
DrawStatusText
ord4
FlatSB_GetScrollRange
ImageList_DrawIndirect
CreatePropertySheetPageA
FlatSB_SetScrollInfo
ImageList_Duplicate
ImageList_LoadImageA
InitCommonControlsEx
FlatSB_SetScrollProp
ImageList_GetImageInfo
ord5
UninitializeFlatSB
ImageList_SetIconSize
ImageList_Draw
ImageList_Read
PropertySheetA
ImageList_GetImageCount
ImageList_SetBkColor
PropertySheetW
ImageList_GetIcon
ord16
ImageList_SetFilter
FlatSB_GetScrollInfo
ImageList_DragShowNolock
DrawStatusTextW
ImageList_SetOverlayImage
ord6
ImageList_GetIconSize
CreateToolbarEx
ImageList_AddMasked

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV2
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textF4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd4b2f17fec7f7f47ad9cb11d0e38fd2

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86Certificate

Extended Key Usages

b8:8d:0d:2a:55:b8:2c:20:ee:63:6a:dc:fc:16:b0:94:8f:67:3c:b4Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 4KB - Virtual size: 4KB

.textV2 Size: 258KB - Virtual size: 258KB

.textF4 Size: 2KB - Virtual size: 2KB

.textV3 Size: 512B - Virtual size: 500B

.textV4 Size: 512B - Virtual size: 500B

.textV1 Size: 512B - Virtual size: 500B

.textV5 Size: 512B - Virtual size: 500B

.textV6 Size: 512B - Virtual size: 500B

.textV7 Size: 512B - Virtual size: 500B

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

b8:8d:0d:2a:55:b8:2c:20:ee:63:6a:dc:fc:16:b0:94:8f:67:3c:b4
Signer

.text
Size: 4KB - Virtual size: 4KB

.textV2
Size: 258KB - Virtual size: 258KB

.textF4
Size: 2KB - Virtual size: 2KB

.textV3
Size: 512B - Virtual size: 500B

.textV4
Size: 512B - Virtual size: 500B

.textV1
Size: 512B - Virtual size: 500B

.textV5
Size: 512B - Virtual size: 500B

.textV6
Size: 512B - Virtual size: 500B

.textV7
Size: 512B - Virtual size: 500B

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB