46b1ca73e3e86de0fea2dcea9540399c

Sharing

Copy URL Twitter E-mail

General

Target

46b1ca73e3e86de0fea2dcea9540399c
Size

1.0MB
MD5

46b1ca73e3e86de0fea2dcea9540399c
SHA1

cea1ac44eba51067645a093606a13c0808bae6e8
SHA256

e81945c1d2208500ba9a80e0490a838e9f3b1d5539019e13876652ff68af2e77
SHA512

07bbf2bfe4a47ec6da4730a92ee6b69137316e1bfbc541067647b863f013747760f190ee800c57378b318de11272e135e153828f05922b95cd22d712a0437014
SSDEEP

24576:lzK/ot3Hav6j7bheuI+65eI8B38ThwfS6XCYkpt:lzKw9a8EkHB3Ywa6XC9t

Score

1^/10

Malware Config

Signatures

Files

46b1ca73e3e86de0fea2dcea9540399c
.exe windows:6 windows x86 arch:x86

7e4c2a65f7c9fbe83567d6b60cf2766a

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:b5:29:00:00:00:00:00:10
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/01/2010, 21:12

Not After

04/01/2013, 21:22

Subject

CN=Microsoft Time-Stamp Service,OU=nCipher+OU=nCipher DSE ESN:ACD3-AE66-E0B5,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

2b:64:ee:bf:c9:38:22:cb:80:94:69:d5:17:fa:0c:6b:7a:99:c4:6c
Signer

Actual PE Digest

2b:64:ee:bf:c9:38:22:cb:80:94:69:d5:17:fa:0c:6b:7a:99:c4:6c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryA
VirtualFree
VirtualAlloc
UnmapViewOfFile
GetUserDefaultUILanguage
SearchPathW
WaitForMultipleObjects
SetErrorMode
GetVersionExA
InterlockedExchange
Sleep
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetVersion
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
CloseHandle
FlushInstructionCache
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
SetEvent
CreateEventW
ResetEvent
CreateMutexW
SetLastError
InterlockedIncrement
InterlockedDecrement
GetVersionExW
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
FreeConsole
GetConsoleDisplayMode
AttachConsole
lstrcmpW
CreateDirectoryW
GetTempPathW
GetTempFileNameW
GetModuleFileNameW
CopyFileW
LoadLibraryExW
CreateProcessW
WaitForSingleObject
ReleaseMutex
IsWow64Process
GetExitCodeProcess
GetSystemDirectoryW
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FreeResource
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
DeleteFileW
HeapAlloc
GetProcessHeap
HeapFree
CreateFileW
ReadFile
WriteFile
GetFileSize
GetFileSizeEx
GetLongPathNameW
MoveFileW
CreateThread
GetExitCodeThread
GetPrivateProfileStringW
GetSystemDefaultUILanguage
ProcessIdToSessionId
GetModuleHandleW
GetDateFormatW
GetTimeFormatW
FileTimeToLocalFileTime
GetLocaleInfoW
GetLocalTime
FileTimeToSystemTime
MulDiv
GetDriveTypeW
GetFileAttributesW
GetLogicalDriveStringsW
ExitProcess
CompareFileTime
SwitchToThread
FormatMessageW
GetSystemDefaultLangID
lstrlenW
TryEnterCriticalSection
GetSystemDefaultLCID
MoveFileExW
InitializeCriticalSectionAndSpinCount
LCMapStringW
CreateFileMappingW
MapViewOfFile
ExpandEnvironmentStringsW
GetCurrentThread
SystemTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW

msvcrt

_wcsnicmp
__mb_cur_max
isleadbyte
isxdigit
localeconv
_iob
_snprintf
_itoa
wctomb
ferror
bsearch
_errno
__CxxFrameHandler
wcspbrk
_wtoi
wcstoul
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
memchr
fclose
strcspn
_wgetenv
__uncaught_exception
abort
__crtLCMapStringW
__crtGetStringTypeW
setlocale
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
__pctype_func
_time64
wcsncmp
towlower
_wfopen
_beginthreadex
mbtowc
isdigit
calloc
_onexit
_lock
__dllonexit
_unlock
wcschr
wcsstr
??0exception@@QAE@ABQBD@Z
wcsrchr
_resetstkoflw
_wchmod
_purecall
_vsnwprintf
_vscwprintf
_wcsicmp
iswspace
iswctype
wcstombs
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
_write
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
memmove
memcpy
memset
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
malloc
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_wcslwr
_isatty
ungetc
fgetws
feof
__RTDynamicCast

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

crypt32

CertVerifyCertificateChainPolicy

wininet

InternetGetConnectedState

advapi32

CloseServiceHandle
InitiateSystemShutdownExW
PrivilegeCheck
QueryServiceStatus
ControlService
ChangeServiceConfigW
CopySid
OpenThreadToken
StartTraceW
ControlTraceW
EnableTrace
QueryAllTracesW
OpenServiceW
OpenSCManagerW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetSidSubAuthority
DuplicateTokenEx
GetSidSubAuthorityCount
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegDeleteKeyW
GetLengthSid
RegSetValueExW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceEvent
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

gdi32

DPtoLP
SetWindowOrgEx
SetViewportOrgEx
ModifyWorldTransform
SetGraphicsMode
SaveDC
SetBkColor
RestoreDC
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateBitmap
GetDeviceCaps
CreateCompatibleDC
SetTextColor
GetStockObject
GetPixel
GetTextMetricsW
GetTextExtentPoint32W
CreateDIBSection
ExtTextOutW
PatBlt
CreatePatternBrush
SetBkMode
CreateFontIndirectW
GetObjectW
GetObjectA
CreateSolidBrush
SetLayout
GetLayout

user32

TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
GetDesktopWindow
FindWindowExW
AllowSetForegroundWindow
MessageBoxW
EnableWindow
SetWindowTextW
LoadImageW
GetLastActivePopup
TranslateMessage
SetCursor
GetWindowTextW
GetWindowTextLengthW
GetFocus
PostQuitMessage
SetCursorPos
SendInput
SendMessageTimeoutW
GetCursorPos
GetSystemMetrics
GetWindowRect
GetWindowThreadProcessId
FindWindowW
SetForegroundWindow
SetFocus
GetWindowLongW
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageW
GetClassNameW
GetKeyState
CreateDialogParamW
LoadIconW
ShowWindow
LoadStringW
SetTimer
KillTimer
PostThreadMessageW
CallWindowProcW
MoveWindow
SetWindowPos
GetClientRect
GetWindowPlacement
ScreenToClient
BeginPaint
EndPaint
InvalidateRect
IsWindowVisible
LockWindowUpdate
MapWindowPoints
SystemParametersInfoW
GetWindow
GetParent
IsRectEmpty
UnregisterClassA
PeekMessageW
WindowFromPoint
GetForegroundWindow
DispatchMessageW
DestroyMenu
ExitWindowsEx
FlashWindowEx
TrackMouseEvent
DialogBoxIndirectParamW
RegisterWindowMessageW
ReplyMessage
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
MessageBeep
GetDoubleClickTime
GetDC
GetAncestor
ReleaseDC
DrawFocusRect
FillRect
InflateRect
EndDialog
GetDlgItem
DrawTextW
GetDlgCtrlID
GetSubMenu
LoadMenuW
DeleteMenu
RedrawWindow
MessageBoxIndirectW
GetActiveWindow
GetSysColorBrush
GetSystemMenu
GetMenuState
EqualRect
PtInRect
SetMenuItemInfoW
SetMenuInfo
IsMenu
ShowCaret
HideCaret
GetWindowDC
SetDlgItemTextW
SetRectEmpty
UpdateWindow
SetCapture
ReleaseCapture
DrawEdge
GetMessagePos
GetCapture
GetScrollPos
ScrollWindow
ScrollWindowEx
SetScrollPos
GetScrollInfo
SetScrollInfo
OffsetRect
GetWindowInfo
CreateDialogIndirectParamW
SetActiveWindow
SendMessageW
PostMessageW
CreateWindowExW
RegisterClassExW
DestroyIcon
DestroyWindow
LoadCursorW
GetClassInfoExW
IsWindow
SetWindowLongW
DefWindowProcW
ClientToScreen
GetSysColor
ShowCursor

shell32

SHGetFileInfoW
Shell_NotifyIconW
ord43
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderPathW

ole32

CoInitializeEx
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
SysStringLen
SafeArrayCreate
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen

msi

ord141
ord137
ord72
ord232
ord190
ord70
ord45
ord169
ord88

psapi

GetModuleFileNameExW

gdiplus

GdipDrawImageRect
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipStringFormatGetGenericDefault
GdipCloneStringFormat
GdipDrawLine
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawLineI
GdipDrawPath
GdipFillPath
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdipDrawString
GdipCloneBitmapAreaI
GdipCreateFontFromDC
GdipMeasureString
GdipFillRectangle
GdipReleaseDC
GdipGetDC
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipCreateLineBrushFromRect
GdipCreateHICONFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipDeleteFont
GdipCloneBrush
GdipFillRectangleI
GdipDrawRectangleI
GdipCreateLineBrushFromRectI
GdipCreateSolidFill
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipCloneImage
GdipDrawImageRectRectI
GdipSetSmoothingMode
GdipCreateFromHDC
GdiplusStartup
GdipCreateBitmapFromHICON
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipCreateFontFromLogfontA

comctl32

ord410
ord412
ord413
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_LoadImageW

shlwapi

PathCombineW
PathRemoveFileSpecW
PathIsRelativeW
StrCmpIW
StrCmpNIW
StrStrIW
PathAppendW
StrCmpNW
StrCmpW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e4c2a65f7c9fbe83567d6b60cf2766a

Code Sign

61:05:f7:1e:00:00:00:00:00:32Certificate

Extended Key Usages

Key Usages

61:16:b5:29:00:00:00:00:00:10Certificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

2b:64:ee:bf:c9:38:22:cb:80:94:69:d5:17:fa:0c:6b:7a:99:c4:6cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

wintrust

crypt32

wininet

advapi32

gdi32

user32

shell32

ole32

oleaut32

msi

psapi

gdiplus

comctl32

shlwapi

version

Sections

.text Size: 698KB - Virtual size: 698KB

.data Size: 17KB - Virtual size: 21KB

.rsrc Size: 281KB - Virtual size: 281KB

.reloc Size: 56KB - Virtual size: 55KB

61:05:f7:1e:00:00:00:00:00:32
Certificate

61:16:b5:29:00:00:00:00:00:10
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

2b:64:ee:bf:c9:38:22:cb:80:94:69:d5:17:fa:0c:6b:7a:99:c4:6c
Signer

.text
Size: 698KB - Virtual size: 698KB

.data
Size: 17KB - Virtual size: 21KB

.rsrc
Size: 281KB - Virtual size: 281KB

.reloc
Size: 56KB - Virtual size: 55KB