4536364888e94b2caec069471f2dce49

Sharing

Copy URL Twitter E-mail

General

Target

4536364888e94b2caec069471f2dce49
Size

2.5MB
MD5

4536364888e94b2caec069471f2dce49
SHA1

782331f2bef1ce85b1b75d5a959484e6f6512604
SHA256

50fb9359b1a4eb86a837420063802405ea6808df37128b1aab284ffda83836b1
SHA512

4aec726908836aa0195c28d986ba0b0d354676932b62b96b72bbb6efd6ea58ee46fe95afeb0eda78e8590b6448a282671ae359c96b334a2508d7da4312076a5b
SSDEEP

49152:HZJpIZl51jZviD0XznhwQsuJMoDbImmg3kFKFLenjLnqSnCiLB0s:fi19bhwQ1JMC0mJ3kFWLen3nJB0s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ppi.exe

Files

4536364888e94b2caec069471f2dce49
.cab
32fax.exe
.exe windows:4 windows x86 arch:x86

aba177e177c3462a0de97721c4420c64

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:83:12:e8:f1:03:f7:a6:88:32:36:4b:2b:2a:fc:11
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

14/06/2010, 00:00

Not After

14/06/2011, 23:59

Subject

CN=ElectraSoft,O=ElectraSoft,POSTALCODE=77459,STREET=3207 Carmel Valley Drive,L=Missouri City,ST=TX,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:6c:a7:9a:c4:95:89:5a:b8:31:87:78:ae:08:03:85:bf:7d:96:7f
Signer

Actual PE Digest

80:6c:a7:9a:c4:95:89:5a:b8:31:87:78:ae:08:03:85:bf:7d:96:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
ShellExecuteA

kernel32

SetFileAttributesA
RtlUnwind
GetDriveTypeA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
SetCurrentDirectoryA
SetEnvironmentVariableA
GetFileType
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
HeapAlloc
HeapFree
TerminateProcess
HeapReAlloc
HeapSize
GetACP
SetStdHandle
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
FileTimeToLocalFileTime
CompareStringA
CompareStringW
FileTimeToSystemTime
GetProfileStringA
CopyFileA
GetWindowsDirectoryA
WriteProfileStringA
GetLastError
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalLock
GetModuleFileNameA
lstrlenA
WritePrivateProfileSectionA
GetSystemDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
GlobalAlloc
PurgeComm
EscapeCommFunction
ClearCommError
SetCommState
BuildCommDCBA
CloseHandle
CreateEventA
SetCommTimeouts
SetCommMask
SetupComm
CreateFileA
GetOverlappedResult
WaitForSingleObject
ReadFile
Sleep
WriteFile
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
CreateDirectoryA
MoveFileA
GetFileAttributesA
GetFullPathNameA
SetEndOfFile
FlushFileBuffers
SetFilePointer
SetErrorMode
GetCurrentDirectoryA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GlobalFlags
lstrcpynA
lstrcmpA
GetCurrentThread
GetTickCount
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
MultiByteToWideChar
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetFileTime
SetFileTime
GetModuleHandleA
GetProcAddress
GetVersionExA
LocalSize
LocalAlloc
LocalFree

user32

PostThreadMessageA
InvalidateRect
LoadStringA
GetSysColorBrush
PtInRect
GetClassNameA
GetMessageA
ValidateRect
GetCursorPos
PostQuitMessage
RegisterClipboardFormatA
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
GetDlgItemTextA
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
GetSysColor
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
IsWindowVisible
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetSubMenu
DrawFocusRect
UnregisterClassA
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
CharNextA
IsWindowUnicode
CopyRect
LoadImageA
GetSystemMetrics
EndPaint
BeginPaint
DrawIcon
GetClientRect
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SendMessageA
IsIconic
UpdateWindow
PostMessageA
GetDesktopWindow
SetCursor
LoadCursorA
ExitWindowsEx
MessageBoxA
GetDlgItem
HideCaret
DrawMenuBar
ModifyMenuA
DestroyWindow
InflateRect
EnableMenuItem
GetMenu
EnableWindow
DispatchMessageA
TranslateMessage
PeekMessageA
LoadBitmapA
LoadIconA
ReleaseDC
GetDC
SetForegroundWindow
GetWindowRect
IsWindowEnabled
GetWindowLongA
GetParent
CreateDialogIndirectParamA
IsWindow
SetActiveWindow
MapWindowPoints

gdi32

IntersectClipRect
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
DeleteDC
GetStockObject
CreateDIBitmap
GetTextExtentPointA
CreateSolidBrush

comdlg32

PrintDlgA

winspool.drv

DocumentPropertiesA
GetPrinterDriverDirectoryA
OpenPrinterA
DeletePrinter
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
DeleteService
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle

comctl32

ord17

oledlg

ord8

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoCreateInstance
CoRevokeClassObject

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ppi.exe
.exe windows:4 windows x86 arch:x86

1b63c1b4a8b40da1cce827144050341b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord665
ord598
ord631
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord717
ProcCallEngine
ord537
ord644
Zombie_AddRef
ord100
ord616
ord581

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aba177e177c3462a0de97721c4420c64

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

51:83:12:e8:f1:03:f7:a6:88:32:36:4b:2b:2a:fc:11Certificate

Extended Key Usages

Key Usages

80:6c:a7:9a:c4:95:89:5a:b8:31:87:78:ae:08:03:85:bf:7d:96:7fSigner

Headers

File Characteristics

Imports

shell32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

oledlg

ole32

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 84KB - Virtual size: 200KB

.rsrc Size: 5.5MB - Virtual size: 5.5MB

1b63c1b4a8b40da1cce827144050341b

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 52KB - Virtual size: 49KB

.data Size: - Virtual size: 1KB

.rsrc Size: 152KB - Virtual size: 149KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

51:83:12:e8:f1:03:f7:a6:88:32:36:4b:2b:2a:fc:11
Certificate

80:6c:a7:9a:c4:95:89:5a:b8:31:87:78:ae:08:03:85:bf:7d:96:7f
Signer

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 84KB - Virtual size: 200KB

.rsrc
Size: 5.5MB - Virtual size: 5.5MB

.text
Size: 52KB - Virtual size: 49KB

.data
Size: - Virtual size: 1KB

.rsrc
Size: 152KB - Virtual size: 149KB