2d0ec077e5a16007d75fb624aefb6e35

Sharing

Copy URL Twitter E-mail

General

Target

2d0ec077e5a16007d75fb624aefb6e35
Size

629KB
MD5

2d0ec077e5a16007d75fb624aefb6e35
SHA1

a4ed6ecdbef5a3ce643b653a0b15ffb0d043f425
SHA256

cf2674fc10cde31465ae398b30f7c37622e410244ace932a5a9ff2019ac43c31
SHA512

4ec86029da35f4bbf51bed00217cc09a0fcd05f60cebfbbcd161633dc4a33b3026da87310314eafb7c5fd7f710b154effe05126c353a3e2fa7f405c4134327e5
SSDEEP

12288:Dxk8OldtzCVQOemRJHoc6MnafLoghtbTorgT1d2j/orXs06enD5ianY5n:D8lb9mD33nUlDbO4C/4s0FiN5n

Score

1^/10

Malware Config

Signatures

Files

2d0ec077e5a16007d75fb624aefb6e35
.exe windows:5 windows x86 arch:x86

1c82ea47357a34330edc40c89fa73628

Code Sign

f7:d6:36:15:2c:e9:e1:f7
Certificate

Issuer

CN=To take a tedious leave thus losers part

Not Before

23/12/2010, 18:24

Not After

18/09/2013, 18:24

Subject

CN=To take a tedious leave thus losers part

6b:eb:a8:a1:dd:4a:1a:1e:86:20:83:ff:72:f6:2e:5e:61:5f:5c:95
Signer

Actual PE Digest

6b:eb:a8:a1:dd:4a:1a:1e:86:20:83:ff:72:f6:2e:5e:61:5f:5c:95

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRChrW
PathIsRelativeW
PathStripToRootW
PathIsUNCW
PathIsRootW
PathStripPathW
StrChrW

kernel32

SetThreadPriority
GetModuleHandleA
GetConsoleTitleA
ReadFile
GetCurrentProcess
ResetEvent
GetTickCount
CreateMutexA
GetCurrentProcessId
CopyFileA
GetExitCodeThread
GetCommandLineW
GlobalSize
LoadLibraryA
VirtualAlloc
WaitForSingleObject
CreateEventA
GetProcAddress
IsBadReadPtr
VirtualProtect
VirtualProtectEx
VirtualFree
SleepEx
SystemTimeToFileTime
GetSystemTime
GetCurrentThread
WaitForMultipleObjects
GetProfileIntW
GlobalLock
GetProfileStringW
LocalAlloc
LocalFree
LocalReAlloc
lstrlenW
lstrcatW
lstrcpynW
CreateThread
CreateEventW
GlobalUnlock
WriteProfileStringW
Sleep
lstrcmpW
GlobalReAlloc
GlobalFree
GlobalAlloc
GlobalCompact
SetEvent
CloseHandle
FlushInstructionCache
GetStartupInfoA
CreateToolhelp32Snapshot
DebugActiveProcess
lstrcpyA
lstrcpyW
Module32First
GetCurrentThreadId

user32

GetCaretBlinkTime
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
MessageBoxA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetProcessDefaultLayout
LoadStringW
MessageBoxW
CreateWindowExW
LoadAcceleratorsW
GetMessageW
IsDialogMessageW
TranslateAcceleratorW
DispatchMessageW
SystemParametersInfoW
GetWindowRect
SetMenu
DestroyMenu
CreateDialogParamW
GetWindowLongW
SetWindowLongW
LoadMenuW
EnableWindow
GetClientRect
MapWindowPoints
OffsetRect
SetWindowPos
CheckMenuRadioItem
CheckMenuItem
SetDlgItemTextW
SendMessageW
InvalidateRect
LoadIconW
LoadCursorW
GetSysColorBrush
RegisterClassExW
CharNextW
SetCursor
SetFocus
SetWindowTextW
CheckRadioButton
GetSubMenu
MessageBeep
EndDialog
DialogBoxParamW
GetSysColor
CloseClipboard
CharNextA
GetClipboardData
OpenClipboard
TrackPopupMenuEx
EnableMenuItem
IsClipboardFormatAvailable
DefWindowProcW
ChildWindowFromPoint
ScreenToClient
PostQuitMessage
WinHelpW
DrawTextW
CallWindowProcW
CheckDlgButton
GetWindowTextW
SetDlgItemInt
IsHungAppWindow
GetProcessDefaultLayout
IsChild
GetMenu
GetDlgItem
GetMenuItemCount
GetDlgCtrlID
HideCaret
GetOpenClipboardWindow
GetDesktopWindow

gdi32

SetTextColor
SetBkColor
SetBkMode

advapi32

RegDeleteValueW
RegCloseKey
RegEnumKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
DuplicateTokenEx
AllocateAndInitializeSid
ImpersonateSelf
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigW
StartServiceW
ChangeServiceConfig2W
QueryServiceConfig2W
ChangeServiceConfigW
RegQueryValueExW
LookupPrivilegeValueW
RegDeleteKeyW
InitiateSystemShutdownExW
RevertToSelf
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetUserNameW
CheckTokenMembership
IsValidSid
GetLengthSid
CopySid
RegOpenCurrentUser
OpenThreadToken
OpenProcessToken
GetTokenInformation
FreeSid
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
AdjustTokenPrivileges

ole32

CoCreateGuid
CoWaitForMultipleHandles
CoUninitialize
CoDisconnectObject
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetObject

Sections

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c82ea47357a34330edc40c89fa73628

Code Sign

f7:d6:36:15:2c:e9:e1:f7Certificate

6b:eb:a8:a1:dd:4a:1a:1e:86:20:83:ff:72:f6:2e:5e:61:5f:5c:95Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

ole32

Sections

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1.0MB

.text Size: 615KB - Virtual size: 614KB

.rsrc Size: 6KB - Virtual size: 6KB

f7:d6:36:15:2c:e9:e1:f7
Certificate

6b:eb:a8:a1:dd:4a:1a:1e:86:20:83:ff:72:f6:2e:5e:61:5f:5c:95
Signer

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1.0MB

.text
Size: 615KB - Virtual size: 614KB

.rsrc
Size: 6KB - Virtual size: 6KB