2d134c49704bc59fe9e1f54dddace8e1

Sharing

Copy URL

Twitter E-mail

General

Target

2d134c49704bc59fe9e1f54dddace8e1
Size

566KB
MD5

2d134c49704bc59fe9e1f54dddace8e1
SHA1

1ced33006475570b16b64fccfc15514f1e2079ef
SHA256

1379c32e7df1c4ec17cd060fe51205028b20959251d4a7b2ca810006bb4f6904
SHA512

42c11dcc75638cfbc9550bd165538bad811cfdac28b4533423d5064800aabbd0c4d14c030725ec532acb70a86850dcce2ad5ce88dff6ab6a26e8c4a4704ddcbb
SSDEEP

6144:k3rJjM4pnuvONUttdod+sR/HF2GDKal7pebQkfRORVxSAhPulqYMgDQffEwI:kbGqHUvdod+sBHF2GDLlNeb3++AqQ1I

Score

1^/10

Malware Config

Signatures

Files

2d134c49704bc59fe9e1f54dddace8e1
.exe windows:4 windows x86 arch:x86

9d4d60f820ab8b16e786b7a4d58297bc

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2015, 00:00

Not After

24/05/2016, 23:59

Subject

CN=Minimus,O=Minimus,POSTALCODE=236022,STREET=ul. Repina\, 46\, 12,L=Kaliningrad,ST=Kaliningrad Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:63:99:25:21:ef:c6:3d:72:b8:aa:9a:5a:d2:c0:01:73:d8:c9:ca
Signer

Actual PE Digest

8e:63:99:25:21:ef:c6:3d:72:b8:aa:9a:5a:d2:c0:01:73:d8:c9:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualUnlock
LoadLibraryA
GetModuleHandleA
CreateThread
VirtualAllocEx
GetProcAddress
CreateEventW
TerminateProcess
LoadLibraryExW
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetThreadPriority
FindClose
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
GetSystemInfo

user32

LoadCursorW
MessageBoxA
DestroyWindow
GetDC
LoadCursorA
IsWindowVisible

advapi32

RegOpenKeyExA

shell32

ord165
SHCreateDirectoryExA

ws2_32

send
select

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d4d60f820ab8b16e786b7a4d58297bc

Code Sign

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23Certificate

Extended Key Usages

Key Usages

8e:63:99:25:21:ef:c6:3d:72:b8:aa:9a:5a:d2:c0:01:73:d8:c9:caSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 480KB - Virtual size: 479KB

.rsrc Size: 36KB - Virtual size: 36KB

25:95:e9:af:2c:4d:1e:db:85:26:a0:0c:99:35:7f:23
Certificate

8e:63:99:25:21:ef:c6:3d:72:b8:aa:9a:5a:d2:c0:01:73:d8:c9:ca
Signer

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 480KB - Virtual size: 479KB

.rsrc
Size: 36KB - Virtual size: 36KB