514fcbb51d4909e2e4cdb5c90587e499

Sharing

Copy URL Twitter E-mail

General

Target

514fcbb51d4909e2e4cdb5c90587e499
Size

293KB
MD5

514fcbb51d4909e2e4cdb5c90587e499
SHA1

94644e08531311e7644c862a6e6cd3da13996727
SHA256

22c8a6a8b662727d77ec27219ded6eb49ca22a37e26d0b2d30fdc4c02ebcf603
SHA512

27930fa935a14b9daeba4bb40b5163d546e3359a3583d55c6ed500726f5b78bdbc0dd6688470755e075ddce6ac903eafca2530c2273d1106bdbb14cfba4bc733
SSDEEP

6144:FMXgjVP2JVDdNcQJHWmv7uxyL7x6The1FGM9Evg2NDJRF0+f:tVGsQJHWmDLt6Q1oM2Ika+f

Score

1^/10

Malware Config

Signatures

Files

514fcbb51d4909e2e4cdb5c90587e499
.exe windows:4 windows x86 arch:x86

ff90041ba071de6bfc991245f3082f34

Code Sign

63:ad:ec:0d:18:d0:9a:81:44:b1:34:5c:60:bd:24:4f
Certificate

Issuer

CN=Bad_Potato_CA

Not Before

17/04/2015, 12:48

Not After

31/12/2039, 23:59

Subject

CN=One_bad_potato

ec:27:c0:c7:d2:83:5c:86:55:7b:bd:2c:5c:a0:90:ce:3a:73:96:81
Signer

Actual PE Digest

ec:27:c0:c7:d2:83:5c:86:55:7b:bd:2c:5c:a0:90:ce:3a:73:96:81

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowTextA
GetLastActivePopup
SetWindowPos
GetWindowThreadProcessId
GetDlgItem
DeferWindowPos
GetDesktopWindow
GetWindowTextA
CreateWindowExA
GetForegroundWindow

ole32

CoIsHandlerConnected

gdi32

CloseEnhMetaFile
CopyMetaFileW
EnumObjects
AbortDoc
CreateEllipticRgn
GetBkColor
CreateCompatibleBitmap
DeleteMetaFile
DeleteDC
ChoosePixelFormat
DrawEscape
ExtCreateRegion

advapi32

RegDeleteValueA
RegNotifyChangeKeyValue
RegQueryInfoKeyA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegSaveKeyA

urlmon

CreateAsyncBindCtxEx

kernel32

GetProfileStringA
WritePrivateProfileStringA
WriteProfileSectionA
GetProfileSectionA
GetProcAddress
LCMapStringA
VirtualAlloc
GetModuleHandleA
GetStartupInfoA
GetProfileIntA

msvcrt

exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_exit
_XcptFilter

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 275KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff90041ba071de6bfc991245f3082f34

Code Sign

63:ad:ec:0d:18:d0:9a:81:44:b1:34:5c:60:bd:24:4fCertificate

ec:27:c0:c7:d2:83:5c:86:55:7b:bd:2c:5c:a0:90:ce:3a:73:96:81Signer

Headers

File Characteristics

Imports

user32

ole32

gdi32

advapi32

urlmon

kernel32

msvcrt

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 275KB - Virtual size: 383KB

.rsrc Size: 3KB - Virtual size: 2KB

63:ad:ec:0d:18:d0:9a:81:44:b1:34:5c:60:bd:24:4f
Certificate

ec:27:c0:c7:d2:83:5c:86:55:7b:bd:2c:5c:a0:90:ce:3a:73:96:81
Signer

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 275KB - Virtual size: 383KB

.rsrc
Size: 3KB - Virtual size: 2KB