28d0bc9243ea6c88c5b4b0fb6b45b2b4

Sharing

Copy URL Twitter E-mail

General

Target

28d0bc9243ea6c88c5b4b0fb6b45b2b4
Size

7.9MB
MD5

28d0bc9243ea6c88c5b4b0fb6b45b2b4
SHA1

d0890217111f10c7e05df140489e660ab082295f
SHA256

011e83c6eb1d304690bfd0ee2ad734e0849ecc7ecbc66bb28be09e2b868288ea
SHA512

36a58849802ac69d57a5537d324dd2b224d02b2fd599416c1876b2a1e18f4d3172cfaa6511ef5633ee2d735f6ffa563c2c1017218b149b4b45ef0ee6c24c17f3
SSDEEP

196608:xAG3Eo0+wqL1/zgHZZwdL/MJjEJYO1jmOuYBKu1:j31wecHHwdIJjESsVVt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/verycute.exe

Files

28d0bc9243ea6c88c5b4b0fb6b45b2b4
.rar
Read Me First.txt
cuteftppro.exe
.exe windows:4 windows x86 arch:x86

5a9b89741dd0eb9be8754b41c4d30c55

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:97:8f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

06/07/2005, 19:28

Not After

06/07/2007, 19:28

Subject

CN=GlobalSCAPE\, Inc.,OU=IS,O=GlobalSCAPE\, Inc.,L=San Antonio,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1e:37:a1:b5:82:ab:8b:5e:9d:9e:db:d5:f0:3c:53:3d:e2:16:ed:9d
Signer

Actual PE Digest

1e:37:a1:b5:82:ab:8b:5e:9d:9e:db:d5:f0:3c:53:3d:e2:16:ed:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FormatMessageA
DeleteFileA
MulDiv
IsDBCSLeadByte
GetExitCodeProcess
CreateProcessA
GetTempFileNameA
GetSystemDefaultLCID
WaitForSingleObject
CompareStringA
Sleep
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
RemoveDirectoryA
FindNextFileA
WritePrivateProfileSectionA
GetStartupInfoA
WriteFile
ReadFile
SetFileAttributesA
LocalFree
LocalAlloc
LockResource
LoadResource
FindResourceA
SizeofResource
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
GetDiskFreeSpaceA
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameA
ExitProcess
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcpynA
SetFilePointer
GetFileSize
FindFirstFileA
CreateDirectoryA
GetLastError
GetPrivateProfileStringA
FindClose
GetFileAttributesA
lstrcatA
lstrlenA
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
GetTempPathA
GetPrivateProfileSectionA
LoadLibraryA
MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
FlushFileBuffers
CloseHandle
IsBadCodePtr
IsBadReadPtr
SetStdHandle
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetStdHandle
SetHandleCount
GetFileType
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
FreeEnvironmentStringsW
TerminateProcess
GetStringTypeW
GetCurrentProcess
GetOEMCP
GetACP
GetStringTypeA
IsBadWritePtr
HeapReAlloc
GetCPInfo
VirtualFree
HeapCreate
VirtualAlloc
GetVersion
GetCommandLineA
HeapDestroy
RtlUnwind

user32

GetParent
GetDlgItem
SetFocus
SendDlgItemMessageA
EnableWindow
CheckRadioButton
GetWindowLongA
LoadStringA
LoadImageA
MessageBoxA
CharNextA
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
SetDlgItemTextA
ReleaseDC
GetDC
GetWindow
PostMessageA
SetWindowTextA
wsprintfA
GetDesktopWindow
GetWindowTextA
DestroyWindow
CreateDialogParamA
FillRect
GetSysColor
GetSysColorBrush
EndPaint
BeginPaint
DrawTextA
MoveWindow
GetClientRect
ScreenToClient
GetNextDlgTabItem
SetParent
MapDialogRect
IsWindow
GetWindowRect
CreateDialogIndirectParamA
ShowWindow
InvalidateRect
IsWindowEnabled
SetWindowPos
UpdateWindow
IsDialogMessageA
SetWindowLongA
GetActiveWindow
SetActiveWindow
LoadIconA
PeekMessageA
SendMessageA
DispatchMessageA
TranslateMessage

gdi32

CreateFontIndirectA
RealizePalette
SelectPalette
CreatePalette
GetObjectA
GetStockObject
CreateDIBitmap
GetTextExtentPointA
SelectObject
EnumFontFamiliesExA
DeleteDC
BitBlt
TextOutA
SetBkMode
SetBkColor
CreateCompatibleDC
CreateSolidBrush
SetTextColor
DeleteObject
GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

lz32

LZOpenFileA
LZCopy
LZClose

comctl32

ord17

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
verycute.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 155KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

5a9b89741dd0eb9be8754b41c4d30c55

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

3f:97:8fCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

1e:37:a1:b5:82:ab:8b:5e:9d:9e:db:d5:f0:3c:53:3d:e2:16:ed:9dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

lz32

comctl32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 180KB - Virtual size: 178KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 155KB - Virtual size: 472KB

.rsrc Size: 9KB - Virtual size: 12KB

01
Certificate

0a
Certificate

3f:97:8f
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

1e:37:a1:b5:82:ab:8b:5e:9d:9e:db:d5:f0:3c:53:3d:e2:16:ed:9d
Signer

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 180KB - Virtual size: 178KB

.text
Size: 155KB - Virtual size: 472KB

.rsrc
Size: 9KB - Virtual size: 12KB