47850f0b2bb72b5d4428ab1e17759511

Sharing

Copy URL Twitter E-mail

General

Target

47850f0b2bb72b5d4428ab1e17759511
Size

269KB
MD5

47850f0b2bb72b5d4428ab1e17759511
SHA1

1e48f7635631ab7fcd1c9621bc22298d40627a3f
SHA256

150d624a8e7aeb0e810f7cb3ff38db616e01ba27d9387febd784a911355f66d7
SHA512

ed69bade558f6c9ef3eb3e86fce7403f12bd4e5579ed319672835c2e944e6c3cd53a82d3c05eb86e34f575768d3af380a43b122fd780708093d24988f3c80079
SSDEEP

6144:23vFuzf6uhkMyT/SU7meQpgAmAewlMZO69H2sOZkqiDg:2fULC/S2QgAX2ZV9WsOZV

Score

1^/10

Malware Config

Signatures

Files

47850f0b2bb72b5d4428ab1e17759511
.exe windows:5 windows x86 arch:x86

8690800ce755913ca91b856d0518dab1

Code Sign

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24/10/2007, 22:01

Not After

24/10/2017, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bb
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/11/2014, 00:09

Not After

31/10/2016, 17:47

Subject

CN=ООО ”БАНДЛ” - Bundle LLC,O=ООО ”БАНДЛ” - Bundle LLC,L=Saint-Petersburg,ST=Saint Petersburg City,C=RU,1.2.840.113549.1.9.1=#0c16696e666f40696e7374616c6c62756e646c652e636f6d,2.5.4.13=#1310345173635459644f79754e45624e586d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:30:9c:a3:14:f7:2c:ca:7d:69:6a:7f:ef:ff:4f:18:10:ef:da:4b
Signer

Actual PE Digest

56:30:9c:a3:14:f7:2c:ca:7d:69:6a:7f:ef:ff:4f:18:10:ef:da:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
LoadLibraryA
CloseHandle
CreateThread
MultiByteToWideChar
LCMapStringW
IsProcessorFeaturePresent
HeapReAlloc
HeapSize
WideCharToMultiByte
RtlUnwind
IsValidCodePage
GetOEMCP
GetProcAddress
GetCPInfo
Sleep
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetTempPathW
CreateFileW
WriteFile
SetEnvironmentVariableW
GetTempFileNameW
GetACP
GetCommandLineW
GetLastError
HeapFree
HeapAlloc
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
ExitProcess
DecodePointer
GetStdHandle
GetModuleFileNameW
EncodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStringTypeW

user32

EndPaint
DestroyWindow
TranslateAcceleratorW
GetMessageW
PostQuitMessage
DialogBoxParamW
LoadCursorW
BeginPaint
TranslateMessage
LoadAcceleratorsW
RegisterClassExW
LoadIconW
EndDialog
LoadStringW
UpdateWindow
DefWindowProcW
DispatchMessageW
FillRect
GetDC
SystemParametersInfoW
SetWindowPos
ShowWindow
CreateWindowExW

gdi32

LineTo
SelectObject
CreatePen
GetPixel
CreateSolidBrush
MoveToEx

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 222KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8690800ce755913ca91b856d0518dab1

Code Sign

24Certificate

Key Usages

10:bbCertificate

Extended Key Usages

Key Usages

56:30:9c:a3:14:f7:2c:ca:7d:69:6a:7f:ef:ff:4f:18:10:ef:da:4bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 222KB - Virtual size: 225KB

.rsrc Size: 7KB - Virtual size: 6KB

24
Certificate

10:bb
Certificate

56:30:9c:a3:14:f7:2c:ca:7d:69:6a:7f:ef:ff:4f:18:10:ef:da:4b
Signer

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 222KB - Virtual size: 225KB

.rsrc
Size: 7KB - Virtual size: 6KB