45c64ff0ba273704dd768d1e61227e39

Sharing

Copy URL

Twitter E-mail

General

Target

45c64ff0ba273704dd768d1e61227e39
Size

165KB
MD5

45c64ff0ba273704dd768d1e61227e39
SHA1

aa22e45771a2291632b73637137f99ddd4664adf
SHA256

20949c301af812918db3a2a940121e7e69d6da7a133c48b549bd0d251e112e27
SHA512

faa820047e7ee41ae8e360779a30906e18983b455192984cc3f8621376eae51b14d449864ac4a4e862138ef3985d8c854631860de66f719398f6bc28810a84de
SSDEEP

3072:cxiyOb2HmU3dVmgg9c7DIWkt7RQ83MLmnjowD7FizgV:YObgI9wDYVu83kQjosFizg

Score

1^/10

Malware Config

Signatures

Files

45c64ff0ba273704dd768d1e61227e39
.exe windows:5 windows x86 arch:x86

934dda3bf0780f8aabbdc947c12809cf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
FindResourceW
SizeofResource
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
GetModuleFileNameW
OutputDebugStringW
LockResource
FindResourceExW
VirtualAllocEx
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OpenProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetNativeSystemInfo
CreateMutexW
OpenMutexW
IsDebuggerPresent
CloseHandle

user32

GetWindowThreadProcessId
LoadCursorW
RegisterClassExW
GetWindowRect
GetDC
UpdateLayeredWindow
SetWindowPos
ReleaseDC
FindWindowW
CreateWindowExW
SetTimer
PostQuitMessage
TrackMouseEvent
InvalidateRect
GetMessageW
TranslateMessage
PtInRect
GetWindowTextW
WindowFromPoint
IntersectRect
SubtractRect
GetDesktopWindow
OffsetRect
UnionRect
EnumDisplayMonitors
CopyRect
SetCursor
PostMessageW
EnumWindows
FindWindowExW
GetClassNameW
DefWindowProcW
SendMessageW
EqualRect
IsWindowVisible
ShowWindow
KillTimer
ValidateRect
DispatchMessageW

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
CreateCompatibleBitmap

ole32

CreateStreamOnHGlobal

msvcp100

?_Xlength_error@std@@YAXPBD@Z

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipLoadImageFromStream
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImagePointRectI
GdipDrawImageRectI

msvcr100

_fmode
_commode
__setusermatherr
_crt_debugger_hook
_except_handler4_common
__set_app_type
_invoke_watson
_controlfp_s
_CxxThrowException
_configthreadlocale
_initterm_e
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
__CxxFrameHandler3
_lock
__dllonexit
_unlock
??3@YAXPAX@Z
memset
wcscmp
memcpy
_wsplitpath_s
wcsstr
wcsnlen
memcpy_s
wmemcpy_s
wcslen
memmove_s
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_vscwprintf
vswprintf_s
free

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mbytvzm
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

934dda3bf0780f8aabbdc947c12809cf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

msvcp100

gdiplus

msvcr100

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 41KB - Virtual size: 42KB

mbytvzm Size: 90KB - Virtual size: 90KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 41KB - Virtual size: 42KB

mbytvzm
Size: 90KB - Virtual size: 90KB