3b887b4e2c91f87d2d29d7ef9d309596

Sharing

Copy URL Twitter E-mail

General

Target

3b887b4e2c91f87d2d29d7ef9d309596
Size

4.3MB
MD5

3b887b4e2c91f87d2d29d7ef9d309596
SHA1

2ff3cc07a9497909495c29c64f22e2bf3f89033a
SHA256

2d67a3bc493d7851ddd842e645dac8335efd70cd0ff26eec368e57a3d201d905
SHA512

db28427bc5e5c7bb828919c44f004ca4002ab5da20b909df2361af3749b97462087716fa156a7464fa60e20d67c7f903d76e377c2570126bfd144b41d3e014e2
SSDEEP

98304:60PtINAMG9tb3SFmfxUXb5jcS+0nS8Y35s0HMlAozD4bz:60PtIABtb3YiMbFpnLY35scAAS4X

Score

1^/10

Malware Config

Signatures

Files

3b887b4e2c91f87d2d29d7ef9d309596
.exe windows:4 windows x86 arch:x86

7799099d8596097d5944d245d64ad588

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

6d:c4:f2:ad:b6:c0:1e:b5:af:c0:87:b8:75:03:1c:e2
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

19/04/2010, 00:00

Not After

18/04/2012, 23:59

Subject

CN=Safe Decision\, Inc,O=Safe Decision\, Inc,POSTALCODE=19958,STREET=16192 Coastal Highway,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
SHGetValueA
StrCmpIW
SHDeleteValueA
SHDeleteKeyA
PathFindFileNameA
SHSetValueA

kernel32

FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetModuleHandleW
CreateDirectoryA
GetLastError
LoadLibraryA
GetTempPathA
GetTickCount
VirtualFree
GetModuleFileNameW
CopyFileA
GetModuleFileNameA
GetCurrentProcessId
DeleteFileA
ExitProcess
FindResourceW
LoadResource
SizeofResource
LockResource
CreateThread
InitializeCriticalSection
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CreateFileA
GetFileSize
SetFilePointer
WriteFile
OpenProcess
TerminateProcess
ReadFile
CreateFileW
MultiByteToWideChar
VirtualAlloc
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
MoveFileExA
FindFirstFileA
RemoveDirectoryA
FindClose
FindNextFileA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
RtlUnwind
HeapReAlloc
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
HeapCreate
HeapDestroy
GetFileType
WideCharToMultiByte
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
LocalAlloc
FreeLibrary
InterlockedExchange
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
GetStdHandle

user32

LoadCursorW
LoadIconW
ShowWindow
CreateWindowExW
GetSystemMetrics
PostQuitMessage
DefWindowProcW
MessageBoxA
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassExW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.easydl
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ed
Size: 832KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.html
Size: 924KB - Virtual size: 921KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ico
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cloud
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t1
Size: 868KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7799099d8596097d5944d245d64ad588

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

6d:c4:f2:ad:b6:c0:1e:b5:af:c0:87:b8:75:03:1c:e2Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 20KB

.easydl Size: 1.4MB - Virtual size: 1.4MB

.ed Size: 832KB - Virtual size: 830KB

.html Size: 924KB - Virtual size: 921KB

.ico Size: 100KB - Virtual size: 99KB

.cloud Size: 4KB - Virtual size: 3KB

.t1 Size: 868KB - Virtual size: 864KB

.rsrc Size: 148KB - Virtual size: 145KB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

6d:c4:f2:ad:b6:c0:1e:b5:af:c0:87:b8:75:03:1c:e2
Certificate

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 20KB

.easydl
Size: 1.4MB - Virtual size: 1.4MB

.ed
Size: 832KB - Virtual size: 830KB

.html
Size: 924KB - Virtual size: 921KB

.ico
Size: 100KB - Virtual size: 99KB

.cloud
Size: 4KB - Virtual size: 3KB

.t1
Size: 868KB - Virtual size: 864KB

.rsrc
Size: 148KB - Virtual size: 145KB