16c3617c70d889623b64d10010307e6d

Sharing

Copy URL Twitter E-mail

General

Target

16c3617c70d889623b64d10010307e6d
Size

566KB
MD5

16c3617c70d889623b64d10010307e6d
SHA1

0b89468587f78cef8912a2371a40df3480f325b4
SHA256

79cc3dc626bf48c9c8139f17406fffbe218febabe9a630e94db4e0a597dafd68
SHA512

37e977a9643300d38fd8f2490ec5e53e7f0889348fb8a03af492903db50a6105ecf02c1789f84393a966e9f6ce1a33786b9ed3fe93977720725245f87feae5c7
SSDEEP

6144:XynKawv1QfRkZEjgYyGmY8T3HmCukDVuC95bcEZG0l+wxyPMIKb6pVNghW1sODbt:XuZTY7Vp+Yzy0I/p4WsW1Vqu

Score

1^/10

Malware Config

Signatures

Files

16c3617c70d889623b64d10010307e6d
.exe windows:4 windows x86 arch:x86

9d4d60f820ab8b16e786b7a4d58297bc

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2015, 00:00

Not After

24/05/2016, 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:f8:f6:59:49:8e:a3:16:03:bc:4d:b8:b8:bd:98:fd:1f:20:cc:6d
Signer

Actual PE Digest

95:f8:f6:59:49:8e:a3:16:03:bc:4d:b8:b8:bd:98:fd:1f:20:cc:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualUnlock
LoadLibraryA
GetModuleHandleA
CreateThread
VirtualAllocEx
GetProcAddress
CreateEventW
TerminateProcess
LoadLibraryExW
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetThreadPriority
FindClose
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
GetSystemInfo

user32

LoadCursorW
MessageBoxA
DestroyWindow
GetDC
LoadCursorA
IsWindowVisible

advapi32

RegOpenKeyExA

shell32

ord165
SHCreateDirectoryExA

ws2_32

send
select

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d4d60f820ab8b16e786b7a4d58297bc

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

95:f8:f6:59:49:8e:a3:16:03:bc:4d:b8:b8:bd:98:fd:1f:20:cc:6dSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 480KB - Virtual size: 479KB

.rsrc Size: 36KB - Virtual size: 36KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

95:f8:f6:59:49:8e:a3:16:03:bc:4d:b8:b8:bd:98:fd:1f:20:cc:6d
Signer

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 480KB - Virtual size: 479KB

.rsrc
Size: 36KB - Virtual size: 36KB