2cf55536555ce362bb512c76b3af24a1

Sharing

Copy URL Twitter E-mail

General

Target

2cf55536555ce362bb512c76b3af24a1
Size

607KB
MD5

2cf55536555ce362bb512c76b3af24a1
SHA1

6bf244ff2a83b9406f4284f9f5f40adccefcedbd
SHA256

140784ae3ff2f3e9e7f6ce9bc53b74ebd4be7c9c05d9a73e73e57afc6dacf207
SHA512

49bb7fdc2d39e2b00efac628b80d6c18595a06ddb9a4e02bde249837649dbf5af529a8c83096f04f459b569f79bdbae8ae637976681aeef4c5e51a9fd47c8b8e
SSDEEP

6144:NlrRPlNVQhcVaHsoLZObp+QsM45eEUKJS9zxNztfHiqJwDukqZp9423ocqlVQNTt:NzNkHsoL13x5e8w9jlwDHKnvYVlrMD

Score

1^/10

Malware Config

Signatures

Files

2cf55536555ce362bb512c76b3af24a1
.exe windows:4 windows x86 arch:x86

d791ec0960b62edcdf4882442ff7d044

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2015, 00:00

Not After

02/05/2016, 23:59

Subject

CN=SBIS,O=SBIS,POSTALCODE=150001,STREET=PR-T MOSKOVSKIJ\, 12,L=YAROSLAVL,ST=YAROSLAVL REGION,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

29:50:67:30:af:db:62:bd:3d:48:10:72:1e:af:48:93:bd:f4:40:75
Signer

Actual PE Digest

29:50:67:30:af:db:62:bd:3d:48:10:72:1e:af:48:93:bd:f4:40:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

LoadIconA
UpdateWindow
GetDCEx
MapVirtualKeyA
GetUserObjectInformationA
DrawCaption
EnumClipboardFormats
GetInputDesktop
GetMenuItemCount
DrawIcon
BroadcastSystemMessageA
CharToOemW
SetScrollRange
GetIconInfo
FlashWindow
PrivateExtractIconsW
SetParent
PeekMessageA
SetMenuItemInfoA
SystemParametersInfoA
DestroyWindow
GetMenuDefaultItem
GetThreadDesktop
ShowStartGlass
IsCharAlphaW
SetDeskWallpaper
IsMenu
CallMsgFilterW
CloseDesktop
LoadMenuIndirectA
SetWindowTextA
IsCharUpperA
SendMessageA
CallWindowProcA
PtInRect
SendDlgItemMessageA
TranslateAcceleratorW
PrivateExtractIconExA
ActivateKeyboardLayout
EditWndProc
GetClassNameA
OemKeyScan
CharNextW
LoadKeyboardLayoutW
GetWindowContextHelpId
IsZoomed
GetClipboardData
GetInternalWindowPos
IsCharLowerA
GetTabbedTextExtentW
CreateDialogParamW
MonitorFromWindow
PostThreadMessageA
CharNextA
EndDialog
GetCapture
RedrawWindow
LockWindowUpdate
ChangeDisplaySettingsW
SetWindowsHookA
EndTask
GetUpdateRgn
DrawIconEx
GetKeyNameTextW
LoadAcceleratorsA
FillRect
SetMenuItemBitmaps
DestroyCursor
ClipCursor
CreateMenu
SetPropW
GetTabbedTextExtentA
ChangeDisplaySettingsExW
DragObject
SetCaretPos
GetWindowTextW
SetWindowWord
InsertMenuItemW

kernel32

WriteConsoleOutputW
HeapSize
FreeConsole
WriteFileGather
lstrcmpW
OpenWaitableTimerA
lstrlen
SetWaitableTimer
GetVolumeNameForVolumeMountPointW
SetTimeZoneInformation
FlushConsoleInputBuffer
LoadResource
FatalAppExitA
GetEnvironmentVariableW
GetProfileSectionA
VerifyVersionInfoA
GlobalUnlock
GetDateFormatW
GetStringTypeExA
WritePrivateProfileStringA
HeapQueryInformation
ExitThread
SetInformationJobObject
GetSystemDefaultUILanguage
FindFirstFileExW
ExpandEnvironmentStringsW
FindFirstVolumeMountPointW
SetThreadPriority
GetDriveTypeW
RemoveDirectoryW
lstrcpyW
GetVolumePathNameA
CompareStringA
GetNamedPipeHandleStateW
GetTempPathW
GetFileAttributesW
SetTapePosition
UnlockFileEx
WaitForDebugEvent
HeapUnlock
GlobalGetAtomNameW
AllocConsole
GetCurrentActCtx
ReplaceFileA
LZStart
GetConsoleHardwareState
GetVolumePathNameW
GetPrivateProfileStructW
FileTimeToDosDateTime
GetNumberOfConsoleMouseButtons
GetLargestConsoleWindowSize
FindFirstFileExA
CreateTimerQueue
GetPrivateProfileStringW
GetProcessWorkingSetSize
GetLastError
CallNamedPipeA
ClearCommBreak
SetThreadPriorityBoost
HeapAlloc
GetConsoleSelectionInfo
ChangeTimerQueueTimer
RemoveDirectoryA
SetVolumeMountPointW
GetCPInfo
GetProcessHeap
GetLastError
ConvertDefaultLocale
VirtualQuery
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

CoTreatAsClass
HMETAFILE_UserMarshal
HACCEL_UserUnmarshal

comdlg32

PageSetupDlgW

oleaut32

VarCyAbs
VarUI8FromDec

shell32

Control_RunDLLA

advapi32

RegCreateKeyA
GetInheritanceSourceW
LsaFreeMemory
GetSecurityDescriptorOwner

gdi32

CreateHatchBrush

comctl32

ImageList_SetFlags
ImageList_GetIcon
CreateStatusWindowA

Exports

Exports

��P|.��Dq�� e��a�\Z��E��%Q��$}��,�f��b�ǰ8��r#��x��i��;�ϧF�Ȁ�޻F��B��QSo��8-��F.�ǋ �H��J�YHh]Oj ��]�TU��-�L�qjp�G��(�ˍ��$h�+�܄�ܟ��ĺ��l��HUgH�Ĉ9��Ű�D7��A�w�j��C��eqc��g�n!�Qi{��,tA��HzLt�� [��G�\�溎�[�;׉-��+��׏��ո�Bq�?k<0ܻ�%��賄��A�h��ɱ��ɖ��`� S��B�I4U NX�D@|W�l8j��B{�u$3��Z8�[O t%��D�9��b�Ϯ�[A��=�[Y4L?=��l��DH�.�.�+кu�hN�y��;��=� (�s�b�(� T��do��MM��Va�g��a�Z��Yj�[EE�� ߜtty�U�Յ��E 򤂩!v��I�.��8��[��d j�g�0b��nƫ=+]��݃�b(ʬ<��O�Z|s�N�y�{V�c)J�n��7�u�U��=�J/ޣ��x�:�TFYߒg+�� b�8��N.3��l��-�Vc��a�zy�M%"��B\V#��G��d��(v�jû��W+[$�z�C�dh��|z �Yr�> Bb�?}<�N�lS��V=�� Q(��}�V��'��슊w��S�'�ħ�*��8d7�"0_>�-��wL� �t�t��u�s�_<�� b� fċ��+B��E��eA�;��!�)b$��(v��B�RH_��j0��P#Z��bA��S�i�+��gz�8( f�R��j�P08�/�r7~ՙk�2��G� "�&��h��cgR� iK��k\��a4Ye� M�"!*�A�$�IMk]�I��/��C��$B`d��W�6�]�6j^u![Q�� #{;��6��V&�?��_��<'�p&��ѭ6T^�Rg��n�\K�s�`I�h�P�᜕��[8�q�7�H��f��ߘ��k�T��x;�B��6:��<+6��*� ��aQ�&ny��W�:�?X��:'�D��ҰA�h�n�0��VkN��leg��Q�%��B�*�G]��w�W��'S��{>(Z �{~W��gi� b(��h�h8vZ/h@l��񖑐��}c��,��R��zz>`RzbPO��SZ@͇�}��ARɹKmCIL��ԕ�6O�:��F��44��!��>��X/��g��3[.�jl�� 5YJ`�� B��Y�p�<�:8�!��,�H�E:L`T@��ջ �5��k|��Gdd��{��l��R! ��n�M�ҝ�c��?2�!�h�7BS V:��4��ɹ��}CLsј��nbm �;�ྪU�0}�3��4��N7Av��My��zN[g��a��,t��#��ރ��{�3��o0�T�&�~_�w� ])"{�!T�Ԩ�:|�f�.�� O��;�.O}ѵ\��C:�H��҇�Y�+$��<��"�Y06J�jYO(�!R��'AB#) ;��O��O�J��&v�*�6��Am��4�D��C/��8p/"3o�᝘�/l��'8� u��m K]f��H ��i��N�ӁN��T�C�_g�2�T�9a� �BǸgb㌤v��x�8K(��r4D 啝o �O�6�l?��e��&BȴA�.(�3�qt��h^�]��NhS.�/G��@�0��l[�L�I��{��D/�L s 52i��Mi@X�f�̨��>V��T��cھ>~j�{1sL[j ��ԏdG7��*��t�hgR��G��Mb��3�Ҿ&*��ʯ!#6Q� ,�v#d�i�]��AK*�Liw*o�@��g�F�N�$��P��%#oԐ �Lp8)ey�Q<�þ��>��P}��~aG!J�28�N��j[��ъi-�h�2]�^o��u]�)Q��1 �y�ƒ1��ny��b��e�7�*Ld�sQ��[��UeJ��}��İ4�$�v:[�Q�P��I+�|��v)�B�T��G��GK�l�0�i��Q��!V��RY��#�X��F��_9q��'/<R�r�_��R�I��R�*��̛u;Rk��l^�^Eȕ�i\��i��̶��P6�u��[ތ�xs��+:�Cܠڊ.�N��r�&�ُ�5;5��ov�a��V��H � ��{�� YnpPO�o]Jv�e�-�"��#!*|��&��Ӿ�r$WP@A��z~x��݄u��8?;l�0Y{��n9��;�s��jTA- �8; ��ЦA��%mҫ=�Fi�-9�i��j0�'U�/�Z�ӂӋB��57S��#��:��R��/�Z�Sy`�V�9<��f�X��,H�1��Mb7\a"��5��B�0!�:�dOh_�gV�o0�l��`+vV�GH�ތ�m�| T��N|(��~>p��ٝB��L��u��|��D$jy�7t��=@t8��1^Tݐwrt�1�cY��y��M�˫c�.��b'"�%a�?x:��#M^�C�#H�M��i��}��2��y��S�ݒ�3!B��c�� ƹ 2�D��MΌ�m��wY��L�4f?�5��w�ZJ��*$�]αX��j��p 5�/!΃�J#�5�VO~{��1�.��>�m��/�N�z1�!�F��Ji WP�w�T8�/��i�P~[TNOi,��dV.�Z2Oژ�=�g�ǀp'�`�F�࣒HӶ��ҾJ�༚�b\ ��+e��T�Y`I�Ɯ�C@rQy'��&N�2��zѧ\Q�_%

Sections

CODE
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d791ec0960b62edcdf4882442ff7d044

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2Certificate

Extended Key Usages

Key Usages

29:50:67:30:af:db:62:bd:3d:48:10:72:1e:af:48:93:bd:f4:40:75Signer

Headers

File Characteristics

Imports

user32

kernel32

ole32

comdlg32

oleaut32

shell32

advapi32

gdi32

comctl32

Exports

Exports

Sections

CODE Size: 441KB - Virtual size: 440KB

DATA Size: 16KB - Virtual size: 16KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.text0 Size: 18KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 61KB - Virtual size: 61KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 53KB - Virtual size: 53KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

9c:a0:be:54:a9:51:63:64:68:0a:d4:5d:64:08:c6:a2
Certificate

29:50:67:30:af:db:62:bd:3d:48:10:72:1e:af:48:93:bd:f4:40:75
Signer

CODE
Size: 441KB - Virtual size: 440KB

DATA
Size: 16KB - Virtual size: 16KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.text0
Size: 18KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 61KB - Virtual size: 61KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 53KB - Virtual size: 53KB