20fb49b7949712e6d2f25a2efff2ee26

Sharing

Copy URL Twitter E-mail

General

Target

20fb49b7949712e6d2f25a2efff2ee26
Size

548KB
MD5

20fb49b7949712e6d2f25a2efff2ee26
SHA1

0617835f3bce0b3c9f2a4df038942362e04e9866
SHA256

d032c19a0cbab423aa5d65fc300c10b03820ccd60aa906fa3fae16595439f9c7
SHA512

8d99bfd9ba56761b21c3a959291ae5b17f09b9ff4be8a3ec91b5c84dddb54c22f69d5b529f35afc59dbff7dd0d0dd5301f4594d1ffb7f6960920b20bed0cbc32
SSDEEP

12288:ZBau6pHh2LMeSmD6SYtZU7Q5C2iDfFdyTLgtsbI3:XaPeMwcO7rZWvJo

Score

1^/10

Malware Config

Signatures

Files

20fb49b7949712e6d2f25a2efff2ee26
.exe windows:4 windows x86 arch:x86

4d0280811b1718e49b0bd6320076fd05

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f2:ba:93:fb:a5:fc:7f:8d:a7:04:39:f1:10:a8:ab:8c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/04/2015, 00:00

Not After

02/04/2016, 23:59

Subject

CN=Web Leader JSC,O=Web Leader JSC,POSTALCODE=107076,STREET=19\, korp.2\, ul.Stromynka,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cf:7d:2e:7d:1d:80:ea:69:ff:c6:ef:b0:63:6d:ae:76:cf:24:3f:27
Signer

Actual PE Digest

cf:7d:2e:7d:1d:80:ea:69:ff:c6:ef:b0:63:6d:ae:76:cf:24:3f:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
VirtualAlloc
GetModuleHandleA
VirtualFree
VirtualAllocEx
VirtualUnlock
OpenEventA
SetEvent
GetFileSize
InterlockedIncrement
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetSystemInfo

user32

SetWindowPos

shell32

SHCreateShellItem

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d0280811b1718e49b0bd6320076fd05

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

f2:ba:93:fb:a5:fc:7f:8d:a7:04:39:f1:10:a8:ab:8cCertificate

Extended Key Usages

Key Usages

cf:7d:2e:7d:1d:80:ea:69:ff:c6:ef:b0:63:6d:ae:76:cf:24:3f:27Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 132KB - Virtual size: 131KB

.rsrc Size: 372KB - Virtual size: 372KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

f2:ba:93:fb:a5:fc:7f:8d:a7:04:39:f1:10:a8:ab:8c
Certificate

cf:7d:2e:7d:1d:80:ea:69:ff:c6:ef:b0:63:6d:ae:76:cf:24:3f:27
Signer

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 132KB - Virtual size: 131KB

.rsrc
Size: 372KB - Virtual size: 372KB