2985be69a27c6575b07270b73957acaa

Sharing

Copy URL Twitter E-mail

General

Target

2985be69a27c6575b07270b73957acaa
Size

339KB
MD5

2985be69a27c6575b07270b73957acaa
SHA1

3e3e64d5fcc4c8108a44cc128dce592aa329070e
SHA256

22f045d3f814ae5054e7a519fe11947aecbfa90075128ebd79f2bcb4150600ed
SHA512

522566cd41da67e32894162ac63aaf46aca0e0ee43a6df0d5dda8d54ad0f7fa19d6b4b49990daff17a1d06b9f9fce0c84b49c1adba8b287fa3ee017762cafd25
SSDEEP

6144:dCPmgvo/NP+Wnr4qN9Hw81mY3khrUySQeuRnmKFaGT0Ratu:dCBvQNPRnrNC8Z2UySFuXIRa

Score

1^/10

Malware Config

Signatures

Files

2985be69a27c6575b07270b73957acaa
.exe windows:4 windows x86 arch:x86

805b31615d80e55f3609722ebaf2e3d9

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2b:bf:3d:ce:b9:e4:fd:17:a0:91:1c:02:b4:03:ae:69:cb:0c:b2:a1
Signer

Actual PE Digest

2b:bf:3d:ce:b9:e4:fd:17:a0:91:1c:02:b4:03:ae:69:cb:0c:b2:a1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
LookupAccountSidA
PrivilegeCheck
GetSecurityDescriptorLength
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
MakeAbsoluteSD
SetSecurityDescriptorDacl
MakeSelfRelativeSD
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
GetUserNameA
AllocateAndInitializeSid
GetSidLengthRequired
CopySid
FreeSid
LookupAccountNameA
LookupAccountSidW
IsValidSid
EqualSid
RegConnectRegistryA
RegSetKeySecurity
RegCreateKeyA
DuplicateToken
RegOpenKeyA
RegQueryValueExA
RegEnumValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
CreateServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
DeleteService
RegEnumKeyExA
OpenThreadToken
GetTokenInformation
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetThreadToken
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyA

kernel32

HeapCreate
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetOEMCP
GetCPInfo
HeapSize
VirtualAlloc
ExitProcess
RtlUnwind
HeapReAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
TlsSetValue
TlsGetValue
IsBadWritePtr
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetEndOfFile
lstrcpyA
HeapDestroy
GetCurrentThreadId
InterlockedIncrement
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
CloseHandle
RaiseException
WaitForSingleObject
GetLastError
CreateEventA
SetEvent
OpenEventA
TerminateThread
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
GetComputerNameA
WideCharToMultiByte
lstrlenW
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetProcessHeap
lstrcmpiA
UnmapViewOfFile
lstrcatA
LocalFree
FormatMessageA
GetFileAttributesA
GetCurrentThread
lstrcpynA
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
SetUnhandledExceptionFilter
GetCommandLineA
GetCurrentProcessId
SetErrorMode
GetPrivateProfileStringA
OpenProcess
TerminateProcess
GetProcessTimes
CreateDirectoryA
GetProfileStringA
WritePrivateProfileStringA
WriteProfileStringA
GetPrivateProfileSectionNamesA
ResumeThread
HeapFree
LocalAlloc
GetVersion
GetTickCount
CreateProcessA
LockResource
SetEnvironmentVariableA
GetSystemDirectoryA
ReleaseMutex
CreateMutexA
GetModuleHandleW
FindClose
FindFirstFileA
LocalSize
ReadFile
SetFilePointer
CreateFileA
SetLastError
ReadProcessMemory
FindResourceExA
CompareStringA
CompareStringW
TlsAlloc

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoDisconnectObject
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstanceEx
CoRegisterClassObject
CoSetProxyBlanket
CoQueryProxyBlanket
CLSIDFromString
StringFromCLSID
StringFromIID
IIDFromString
CoGetClassObject
CoGetCallContext
CoRevokeClassObject
CoRevertToSelf
CoCreateGuid
CoImpersonateClient
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SafeArrayCreate

rpcrt4

RpcStringFreeA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrClientCall
RpcBindingSetAuthInfoA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA

shlwapi

PathFindExtensionA

user32

UnregisterClassA
wsprintfW
CharUpperA
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
SetForegroundWindow
EndDialog
EnableWindow
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
IsDlgButtonChecked
PostThreadMessageA
KillTimer
GetMessageA
SetTimer
PeekMessageA
SetWindowLongA
CharNextA
MessageBoxA
LoadStringA
DialogBoxParamA
DispatchMessageA
RegisterWindowMessageA
wsprintfA
GetWindowLongA
SendMessageA
CheckDlgButton
GetDlgItemInt
GetDlgItemTextA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

805b31615d80e55f3609722ebaf2e3d9

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

2b:bf:3d:ce:b9:e4:fd:17:a0:91:1c:02:b4:03:ae:69:cb:0c:b2:a1Signer

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

rpcrt4

shell32

shlwapi

user32

version

Sections

.text Size: 276KB - Virtual size: 275KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 47KB - Virtual size: 61KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

2b:bf:3d:ce:b9:e4:fd:17:a0:91:1c:02:b4:03:ae:69:cb:0c:b2:a1
Signer

.text
Size: 276KB - Virtual size: 275KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 47KB - Virtual size: 61KB