5026e7bb0d84267387b84deef31e89b7

Sharing

Copy URL

Twitter E-mail

General

Target

5026e7bb0d84267387b84deef31e89b7
Size

279KB
MD5

5026e7bb0d84267387b84deef31e89b7
SHA1

d745c0c3c5cdb7133db6f81822b8e12faa73fa32
SHA256

e88572accc29a9ca79eef71c2e535396d86504b213442af558ee4294260522cd
SHA512

627c21121c3d2cf99568a1fe16b9ad5024da1ff624c2df279ec5d527c5d85bd47a49841246e48a05e96525336d9f9910ec298199af3a9bf53fbb9056c2edd52a
SSDEEP

6144:PPEbIteUll5FcDOGej/1JxOcM28gQw3IvCIm5hG7X0hLqOh:9ll5FsOdj/1mB1hOImvGb0

Score

1^/10

Malware Config

Signatures

Files

5026e7bb0d84267387b84deef31e89b7
.exe windows:4 windows x86 arch:x86

55a292386462f039f1b9e7d7fc293656

Code Sign

48:74:45:b2:ab:8c:59:b7:45:d8:76:d4:df:e2:58:96
Certificate

Issuer

CN=aPgdobQNbLOM

Not Before

12-03-2012 14:38

Not After

31-12-2039 23:59

Subject

CN=aPgdobQNbLOM

Extended Key Usages

ExtKeyUsageCodeSigning

71:6a:24:bb:b6:d2:5b:1b:da:ba:fb:8b:1b:0c:41:77:7f:f4:d2:1e
Signer

Actual PE Digest

71:6a:24:bb:b6:d2:5b:1b:da:ba:fb:8b:1b:0c:41:77:7f:f4:d2:1e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
CreateFileA
lstrlenA
lstrcpyA
VirtualAlloc

advapi32

RegOpenKeyExW
DeleteAce
SetPrivateObjectSecurity
CloseTrace
CryptGenKey
RegCreateKeyExA
GetServiceKeyNameA
AccessCheckByTypeResultListAndAuditAlarmW
ElfReportEventW
GetAccessPermissionsForObjectA
RegFlushKey
StartTraceW
RegReplaceKeyA
StartServiceA
GetKernelObjectSecurity
SystemFunction021
LsaSetSecret
RegOpenKeyA
CryptEnumProviderTypesA
SystemFunction003
CryptVerifySignatureA
NotifyChangeEventLog
DeregisterEventSource
RemoveTraceCallback
SetSecurityDescriptorRMControl
LsaSetQuotasForAccount
OpenTraceA
LsaClose
SetSecurityInfoExW
InitiateSystemShutdownExA
SystemFunction032
GetSecurityDescriptorLength
OpenSCManagerW
RegConnectRegistryA
AddAuditAccessObjectAce
CreatePrivateObjectSecurityEx
LsaOpenAccount
GetSidSubAuthorityCount
OpenBackupEventLogW
RegQueryValueExA
BuildSecurityDescriptorA
IsTokenRestricted
AllocateAndInitializeSid
LsaRemoveAccountRights
QueryServiceLockStatusW
ClearEventLogA
ElfReadEventLogW
LsaSetSystemAccessAccount
CryptGetHashParam
EnumServicesStatusExW
BuildExplicitAccessWithNameW
WriteEncryptedFileRaw
CryptSetProviderExA
GetSecurityInfoExW
LookupAccountNameW
SetSecurityDescriptorControl
StartTraceA
RegCreateKeyA
RegisterServiceCtrlHandlerW
GetSecurityDescriptorRMControl
SystemFunction023
AddAce
GetAccessPermissionsForObjectW
CryptHashData
GetSidLengthRequired
SystemFunction017
GetServiceKeyNameW
BuildTrusteeWithSidA
RegOverridePredefKey
FileEncryptionStatusA
ControlService
GetManagedApplications
FindFirstFreeAce
ElfOpenEventLogW
ElfChangeNotify
CryptDuplicateKey
AddAuditAccessAceEx
LsaQuerySecret
GetSecurityInfo
RegCreateKeyExW
DecryptFileW
QueryServiceObjectSecurity
IsValidSid
AccessCheckAndAuditAlarmA
PrivilegedServiceAuditAlarmW
SystemFunction033
OpenSCManagerA
OpenEncryptedFileRawA
LookupPrivilegeValueW
CommandLineFromMsiDescriptor
GetNamedSecurityInfoW
EnumServicesStatusExA
CloseEventLog
SetSecurityInfo
AdjustTokenGroups

shell32

SHAddToRecentDocs
DoEnvironmentSubstW
SHGetDesktopFolder
SHGetPathFromIDListA
ShellAboutA
SHGetIconOverlayIndexW
SHInvokePrinterCommandW
ShellExecuteW
DragQueryFileAorW
ExtractIconExA
ShellHookProc
SHGetIconOverlayIndexA
DragQueryFileW
SHGetFileInfo
SHBrowseForFolderW
WOWShellExecute
ExtractIconA
SHGetDataFromIDListW
SHGetDiskFreeSpaceA
DoEnvironmentSubstA
ExtractIconW
SHGetFileInfoA
SHGetSettings
ExtractAssociatedIconExW
SHGetFolderPathW
SHGetInstanceExplorer
ShellExecuteExW
SHEmptyRecycleBinW
SHFileOperationA
SHEmptyRecycleBinA
ShellExecuteEx
SHCreateProcessAsUserW
SHPathPrepareForWriteA
ExtractAssociatedIconExA
SHInvokePrinterCommandA
SHCreateDirectoryExW
SHIsFileAvailableOffline
FindExecutableA
ShellAboutW
ExtractAssociatedIconW
DragFinish
SHQueryRecycleBinA
SHFreeNameMappings
Shell_NotifyIconA
ShellExecuteA
SHPathPrepareForWriteW
ExtractAssociatedIconA
Shell_NotifyIconW
DuplicateIcon
SHBrowseForFolder
DragQueryFileA
SHAppBarMessage

shlwapi

StrRChrW
StrRChrA
StrStrIW
StrCmpNA
StrStrA
StrRChrIW
StrCmpNIA
StrStrIA
StrChrW
StrStrW

comctl32

CreateToolbarEx
ord6
CreateStatusWindowW
PropertySheetW
ImageList_AddMasked
FlatSB_SetScrollProp
ImageList_SetImageCount
ImageList_SetBkColor
UninitializeFlatSB
ord8
CreatePropertySheetPageW
DrawStatusTextW
ord14
PropertySheet
ImageList_SetDragCursorImage
GetMUILanguage
PropertySheetA
ImageList_GetIcon
ImageList_GetDragImage
ImageList_GetImageInfo
ord3
FlatSB_GetScrollPos
ord2
ImageList_DragLeave
ImageList_Destroy
ImageList_BeginDrag
ImageList_SetFilter
FlatSB_SetScrollRange
ord4
_TrackMouseEvent
ord5
ImageList_LoadImageA
DestroyPropertySheetPage
ImageList_Duplicate
ImageList_Replace
FlatSB_ShowScrollBar
ImageList_GetIconSize
ord17
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_Copy
ImageList_DrawEx
DrawStatusText
ImageList_LoadImage
CreateStatusWindow
ImageList_SetOverlayImage
InitMUILanguage
InitCommonControlsEx
ImageList_Merge
FlatSB_GetScrollInfo
ImageList_LoadImageW
InitializeFlatSB
ImageList_Remove
CreatePropertySheetPage
FlatSB_GetScrollRange
ImageList_Create
ord13
ImageList_DrawIndirect
ord16
ImageList_Draw

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55a292386462f039f1b9e7d7fc293656

Code Sign

48:74:45:b2:ab:8c:59:b7:45:d8:76:d4:df:e2:58:96Certificate

Extended Key Usages

71:6a:24:bb:b6:d2:5b:1b:da:ba:fb:8b:1b:0c:41:77:7f:f4:d2:1eSigner

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 270KB - Virtual size: 270KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

48:74:45:b2:ab:8c:59:b7:45:d8:76:d4:df:e2:58:96
Certificate

71:6a:24:bb:b6:d2:5b:1b:da:ba:fb:8b:1b:0c:41:77:7f:f4:d2:1e
Signer

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 270KB - Virtual size: 270KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB