1be083e0166386b675a94c8933973001

Sharing

Copy URL Twitter E-mail

General

Target

1be083e0166386b675a94c8933973001
Size

569KB
MD5

1be083e0166386b675a94c8933973001
SHA1

72d722ebf9d25d31afd742d13e36a6cd96ea1f85
SHA256

143688f2f28157da61b6f80b206e4112dba0280a43e76d38a75e6cc2a5f03efd
SHA512

526b759b04e1d6adfe2ca21e5a03a903a281c0c4e47044c671c5d411f451446b2189495991f81fead9dcd27f62d5f6232a89ad70db24e1daf54e94fca3157710
SSDEEP

12288:UJhaBlf39DDd++UEOP1RBZWLo/0L3kjMsS:V/f3Jd+BXP1RBH0LUjM

Score

1^/10

Malware Config

Signatures

Files

1be083e0166386b675a94c8933973001
.exe windows:4 windows x86 arch:x86

da7969a7904815cfe317719e4bed954b

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:0d:77:48:e3:75:2b:71:67:9d:d0:a8:95:ff:29:44
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/04/2015, 00:00

Not After

01/04/2016, 23:59

Subject

CN=TELEKOM-ASSIST,O=TELEKOM-ASSIST,POSTALCODE=125009,STREET=Khlynovski tupik\, 3/4,L=Moscow,ST=Moscow region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ac:ec:d4:35:55:69:ec:d9:80:27:af:9f:f8:c8:7c:b0:c3:fc:dc:64
Signer

Actual PE Digest

ac:ec:d4:35:55:69:ec:d9:80:27:af:9f:f8:c8:7c:b0:c3:fc:dc:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualLock
TerminateThread
OpenMutexA
ReadFile
Sleep
GetModuleHandleA
VirtualFree
GetLastError
FindClose
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
GetSystemInfo

user32

EnableWindow
GetWindowTextW
LoadBitmapA
EnumWindows
LoadCursorW

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da7969a7904815cfe317719e4bed954b

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

f9:0d:77:48:e3:75:2b:71:67:9d:d0:a8:95:ff:29:44Certificate

Extended Key Usages

Key Usages

ac:ec:d4:35:55:69:ec:d9:80:27:af:9f:f8:c8:7c:b0:c3:fc:dc:64Signer

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 108KB - Virtual size: 107KB

.rsrc Size: 416KB - Virtual size: 413KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

f9:0d:77:48:e3:75:2b:71:67:9d:d0:a8:95:ff:29:44
Certificate

ac:ec:d4:35:55:69:ec:d9:80:27:af:9f:f8:c8:7c:b0:c3:fc:dc:64
Signer

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 108KB - Virtual size: 107KB

.rsrc
Size: 416KB - Virtual size: 413KB