4d17cf48dfc38ee82e6122968427487b

Sharing

Copy URL

Twitter E-mail

General

Target

4d17cf48dfc38ee82e6122968427487b
Size

86KB
MD5

4d17cf48dfc38ee82e6122968427487b
SHA1

7d590fa03afa1325c34f5f16fa85c39252e168e5
SHA256

0bd48d235209bdd86ad3d5f51da453efaab2c919479cecd6d5cfee3873e63c40
SHA512

f82bea4b6597ccefedf9352fd4f92a2bdd3550727945429e4edada612571c25dd9a8db0ffe79d699d88e4a90103528540aefbf47808519e44ef1f17b376267a8
SSDEEP

1536:vYpMSZhUbtCGSKrTgkWr6cd6MQOiyQBSQlLi8r4Pv:eM8IwG4k7bBSQlLi8rMv

Score

1^/10

Malware Config

Signatures

Files

4d17cf48dfc38ee82e6122968427487b
.exe windows:4 windows x86 arch:x86

e197f08762bd4eae1cb8dc5d6c3ec8a7

Code Sign

01:00:00:00:00:01:1c:51:f3:66:9d
Certificate

Issuer

CN=Cybertrust Educational CA,OU=Educational CA,O=Cybertrust,C=BE

Not Before

11-09-2008 15:06

Not After

11-09-2011 15:06

Subject

CN=ad-idmapp.cityofbristol.ac.uk,OU=ICLT,O=City of Bristol College,L=Bristol,ST=Bristol,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

04:00:03:fb
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

14-03-2006 20:30

Not After

14-03-2013 23:59

Subject

CN=Cybertrust Educational CA,OU=Educational CA,O=Cybertrust,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:dd:77:a5:88:76:2d:05:b0:c8:55:41:b9:68:ed:9e:f2:a0:a4:c8
Signer

Actual PE Digest

89:dd:77:a5:88:76:2d:05:b0:c8:55:41:b9:68:ed:9e:f2:a0:a4:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
SetCurrentDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
Sleep
GetLastError
CreateMutexA
SetPriorityClass
GetThreadContext
GetCurrentThread
SetThreadPriority
WriteFile
lstrlenA
CreateFileA
lstrcatA
lstrcpyA
MoveFileExA
TerminateProcess
ReadProcessMemory
LoadLibraryA
FreeLibrary
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
SetThreadContext
ResumeThread
GetSystemDefaultLangID
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetVersionExA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetSystemInfo
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
ReadFile
GetFileAttributesA
FlushFileBuffers
GetWindowsDirectoryA
GetModuleHandleW
GetCurrentProcessId
Process32NextW
Process32FirstW
ExitProcess
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

wsprintfA
PostQuitMessage
GetSystemMetrics

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ws2_32

closesocket
WSAStartup
inet_addr
send
connect
htons
socket
gethostbyname
recv

iphlpapi

GetAdaptersInfo

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

shlwapi

PathRemoveFileSpecA

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e197f08762bd4eae1cb8dc5d6c3ec8a7

Code Sign

01:00:00:00:00:01:1c:51:f3:66:9dCertificate

Key Usages

04:00:03:fbCertificate

Key Usages

89:dd:77:a5:88:76:2d:05:b0:c8:55:41:b9:68:ed:9e:f2:a0:a4:c8Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

wininet

shlwapi

setupapi

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 2KB

01:00:00:00:00:01:1c:51:f3:66:9d
Certificate

04:00:03:fb
Certificate

89:dd:77:a5:88:76:2d:05:b0:c8:55:41:b9:68:ed:9e:f2:a0:a4:c8
Signer

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 2KB