1792a016351f379497b629d76b4e7ecb

Sharing

Copy URL Twitter E-mail

General

Target

1792a016351f379497b629d76b4e7ecb
Size

6.4MB
MD5

1792a016351f379497b629d76b4e7ecb
SHA1

8f11d3afc13400722bee9305caf1b4871cedf9cc
SHA256

bf9b9bafb1f15a7a17ba66b1d4621bf55a58bc19f3dcf278d91f2b162dae2fcc
SHA512

0bfefc5c616a245cb082d3d499310c9e8663ce653c596afc5504df4fffe87de517bc48f31ea624731fc0a8663e5b79e07b3b39de942a7488f3982023c46b13a7
SSDEEP

98304:fJ9jRtcP0ahSEwdKBaVHJj2ubEsEjMfDtbAEaxVP8rWSK01OEdweF:fJY9sESKB2subEsLZAE4hIWi199F

Score

1^/10

Malware Config

Signatures

Files

1792a016351f379497b629d76b4e7ecb
.exe windows:5 windows x86 arch:x86

12065f6b7427417bee72fa39872bf459

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/12/2015, 00:00

Not After

06/02/2018, 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=\ Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:50:d2:71:f4:6d:24:cd:d8:a1:34:59:f9:02:82:7f:43:3f:f1:6a
Signer

Actual PE Digest

3c:50:d2:71:f4:6d:24:cd:d8:a1:34:59:f9:02:82:7f:43:3f:f1:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
OpenProcess
GetModuleFileNameW
FindResourceW
SizeofResource
LoadResource
LockResource
MoveFileW
GetTickCount
SetThreadPriority
SetDllDirectoryW
WaitForSingleObject
GetExitCodeThread
FreeResource
DeleteFileW
LocalFree
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetProcAddress
GetFileAttributesW
MoveFileExW
GetTempPathW
FindFirstFileW
CreateDirectoryW
CopyFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
TerminateProcess
Process32NextW
SetEndOfFile
WriteConsoleW
SetStdHandle
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringW
SetFileAttributesW
WriteFile
ReadFile
CloseHandle
CreateFileW
GetLastError
WideCharToMultiByte
GetVersionExW
ReadConsoleW
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
SetEnvironmentVariableA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
GetTimeZoneInformation
GetFileType
GetProcessHeap
GetStdHandle
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapAlloc
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCPInfo
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineW
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW

advapi32

LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
GetUserNameA
RegCloseKey
RegSetValueExW
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW
SHFileOperationW
CommandLineToArgvW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize
PropVariantClear
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen

shlwapi

PathIsRelativeW
PathRemoveFileSpecW
SHStrDupW
StrStrIW
PathFindFileNameW
PathAppendW
PathFileExistsW
StrCmpW

Sections

.text
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12065f6b7427417bee72fa39872bf459

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

3c:50:d2:71:f4:6d:24:cd:d8:a1:34:59:f9:02:82:7f:43:3f:f1:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 255KB - Virtual size: 255KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 9KB - Virtual size: 26KB

.rsrc Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 11KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

3c:50:d2:71:f4:6d:24:cd:d8:a1:34:59:f9:02:82:7f:43:3f:f1:6a
Signer

.text
Size: 255KB - Virtual size: 255KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 9KB - Virtual size: 26KB

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 11KB - Virtual size: 11KB