593e5cca77dfd64dbd6e3b1d687df201

Sharing

Copy URL Twitter E-mail

General

Target

593e5cca77dfd64dbd6e3b1d687df201
Size

96KB
MD5

593e5cca77dfd64dbd6e3b1d687df201
SHA1

da85e760b780b9a88640a9aceb36cf993ca6993d
SHA256

4c9e78f0e212f8d6c3e3a98bb446d759a4fa28869f15702ec4ceb0c8f838f40a
SHA512

19ec5414be0d0d8cd1653f84deb7d31c2e859c6bab61d0698ee1880fedf2f48e66c5a1431b05f9268cc379482bee7b88c4ad3fe77bd4042aca7d770a66ea04aa
SSDEEP

3072:/3q6bCEBgtP4IS51hc/ufMc0QJzdGBVFc:/rOtE1U7Q7I0

Score

1^/10

Malware Config

Signatures

Files

593e5cca77dfd64dbd6e3b1d687df201
.exe windows:4 windows x86 arch:x86

21e457127658098bfa768499c7567ec6

Code Sign

01:33
Certificate

Issuer

CN=ercentr-ca,O=ercentr,L=Novosibirsk,ST=Novosibirsk,C=RU,1.2.840.113549.1.9.1=#0c12737570706f727440657263656e74722e7275

Not Before

19/03/2010, 12:41

Not After

16/03/2020, 12:41

Subject

CN=term-k,O=ercentr,ST=Novosibirsk,C=RU,1.2.840.113549.1.9.1=#0c12737570706f727440657263656e74722e7275

39:b4:72:b6:0c:e8:84:44:06:9a:e0:a1:e5:b0:b7:56:9a:bb:94:56
Signer

Actual PE Digest

39:b4:72:b6:0c:e8:84:44:06:9a:e0:a1:e5:b0:b7:56:9a:bb:94:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
GetModuleFileNameA
GlobalAlloc
GlobalFree
LeaveCriticalSection
LoadLibraryA
GetCurrentThread
ReadFile
Sleep
WaitForSingleObject
WriteConsoleA
lstrlenA
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCommandLineA
FindNextFileA
EnterCriticalSection
CreateThread
CreateProcessA
CreateFileA
CloseHandle
AllocConsole

advapi32

RegSetValueExA
RegSetValueA
RegQueryValueExA
RegQueryValueA
RegOpenKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey

user32

AppendMenuA
CallWindowProcA
CascadeWindows
CharNextW
CharUpperBuffA
CheckDlgButton
ClientToScreen
CopyRect
CreatePopupMenu
MessageBoxA

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21e457127658098bfa768499c7567ec6

Code Sign

01:33Certificate

39:b4:72:b6:0c:e8:84:44:06:9a:e0:a1:e5:b0:b7:56:9a:bb:94:56Signer

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 67KB - Virtual size: 79KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

01:33
Certificate

39:b4:72:b6:0c:e8:84:44:06:9a:e0:a1:e5:b0:b7:56:9a:bb:94:56
Signer

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 67KB - Virtual size: 79KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB