385eccb9e711368035f0f329f98255ec

Sharing

Copy URL Twitter E-mail

General

Target

385eccb9e711368035f0f329f98255ec
Size

239KB
MD5

385eccb9e711368035f0f329f98255ec
SHA1

9670d9edaa8305f39acb3402f4ad62955e5a73b8
SHA256

1e80bf1bca4a8841d973e8bf1f88e2d7cce3160793f23b2351db0aa7ea23af4e
SHA512

889d0393620aa63eaa9923cb987b3d6c2b86cf9069f1e13a46f5454516a0b8d75e1852b2132be74a1563a6213f40dc598affad55b94b25132b29b4c98cb9812b
SSDEEP

3072:zASUot4cIAg0Fuj7M1iUa2LQR/wkLsrA5vmUBmHHcTnoeYYHIwG1Opm92BuiFwdn:eLAORwAtmBHHc8eY5XOpwiFEHt1CB5O

Score

1^/10

Malware Config

Signatures

Files

385eccb9e711368035f0f329f98255ec
.exe windows:6 windows x86 arch:x86

f2b2e356d2d0eb1b0d5da0b0d4f5e934

Code Sign

56:00:00:01:75:73:76:cd:78:ad:00:0c:9a:00:00:00:00:01:75
Certificate

Issuer

CN=Intel External Issuing CA 7B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

08/11/2016, 10:13

Not After

08/11/2018, 10:13

Subject

CN=Intel(R) Embedded Subsystems and IP Blocks Group,OU=EIG,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:9b:5e:99:27:72:84:c8:76:7f:13:68:a7:de:b0:f3
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/10/2015, 00:00

Not After

17/06/2021, 23:59

Subject

CN=Intel External Issuing CA 7B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

Issuer

CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM

Not Before

30/05/2014, 16:35

Not After

17/03/2021, 18:33

Subject

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:a7:17:a0:16:72:36:ef:9b:1e:c2:c6:65:fa:8c:20:28:ad:7f:75
Certificate

Issuer

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Not Before

24/04/2015, 21:44

Not After

24/04/2018, 21:44

Subject

CN=timestamp.intel.com,OU=Thales TSS ESN:E892-D055-162F+OU=Thales TSS ESN:E892-D055-162F,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:5f:e3:57:08:16:e7:a8:18:e1:9f:5f:e7:e3:d2:be:dc:d1:2e:8c:ad:af:8c:ef:c3:bf:1a:89:84:43:32:d2
Signer

Actual PE Digest

1a:5f:e3:57:08:16:e7:a8:18:e1:9f:5f:e7:e3:d2:be:dc:d1:2e:8c:ad:af:8c:ef:c3:bf:1a:89:84:43:32:d2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
TerminateProcess
ReleaseMutex
OpenProcess
CreateToolhelp32Snapshot
Process32Next
GetModuleFileNameA
MultiByteToWideChar
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTime
IsWow64Process
SetEndOfFile
HeapSize
GetConsoleOutputCP
FlushFileBuffers
CreateFileW
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetFileType
ReadConsoleW
GetConsoleMode
GetComputerNameW
CreateMutexA
CreateDirectoryA
CreateFileA
CopyFileA
WriteFile
GetProcAddress
GetWindowsDirectoryA
GetVersionExA
lstrcpyA
GetModuleHandleA
TerminateThread
lstrcatA
lstrcmpA
WaitForSingleObject
CloseHandle
LoadLibraryA
Sleep
GetCurrentProcess
SetFilePointerEx
HeapAlloc
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
HeapFree
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
GetStdHandle
GetModuleHandleExW
ExitProcess
ReadFile
WriteConsoleW
LoadLibraryExW
FreeLibrary
RtlUnwind
RaiseException
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

MoveWindow
SendMessageA
PrintWindow
MenuItemFromPoint
FindWindowA
GetTopWindow
GetWindowLongA
CloseDesktop
GetWindowPlacement
WindowFromPoint
ScreenToClient
PostMessageA
IsWindowVisible
GetDC
PtInRect
ChildWindowFromPoint
ReleaseDC
RealGetWindowClassA
GetMenuItemID
CharUpperBuffA
wsprintfA
MessageBoxA
GetWindow
GetWindowRect

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
StretchBlt
GetDIBits
DeleteDC
SetStretchBltMode
DeleteObject

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
GetUserNameW

shell32

SHAppBarMessage
SHFileOperationA
SHGetFolderPathA

ws2_32

closesocket
gethostbyname
WSAStartup
send
socket
connect
recv
htons

shlwapi

StrChrA
StrToIntA
PathFileExistsA

wininet

InternetOpenUrlA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA

Sections

code
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2b2e356d2d0eb1b0d5da0b0d4f5e934

Code Sign

56:00:00:01:75:73:76:cd:78:ad:00:0c:9a:00:00:00:00:01:75Certificate

Extended Key Usages

Key Usages

06:9b:5e:99:27:72:84:c8:76:7f:13:68:a7:de:b0:f3Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bfCertificate

Key Usages

17:a7:17:a0:16:72:36:ef:9b:1e:c2:c6:65:fa:8c:20:28:ad:7f:75Certificate

Extended Key Usages

Key Usages

1a:5f:e3:57:08:16:e7:a8:18:e1:9f:5f:e7:e3:d2:be:dc:d1:2e:8c:ad:af:8c:ef:c3:bf:1a:89:84:43:32:d2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ws2_32

shlwapi

wininet

Sections

code Size: 208KB - Virtual size: 207KB

.idata Size: 4KB - Virtual size: 4KB

data Size: 4KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

56:00:00:01:75:73:76:cd:78:ad:00:0c:9a:00:00:00:00:01:75
Certificate

06:9b:5e:99:27:72:84:c8:76:7f:13:68:a7:de:b0:f3
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

17:a7:17:a0:16:72:36:ef:9b:1e:c2:c6:65:fa:8c:20:28:ad:7f:75
Certificate

1a:5f:e3:57:08:16:e7:a8:18:e1:9f:5f:e7:e3:d2:be:dc:d1:2e:8c:ad:af:8c:ef:c3:bf:1a:89:84:43:32:d2
Signer

code
Size: 208KB - Virtual size: 207KB

.idata
Size: 4KB - Virtual size: 4KB

data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB