75c044713d8d2ceecfa1802138e739b2

Sharing

Copy URL

Twitter E-mail

General

Target

75c044713d8d2ceecfa1802138e739b2
Size

582KB
MD5

75c044713d8d2ceecfa1802138e739b2
SHA1

df7346536e4f03efa1ab54fd454fc29a688f01e4
SHA256

56ac1f04af918d6097c2aa137d26b13fc6d2563cc18b0d0631022f25675aa607
SHA512

c70e0ad2dda8d7eeb90ac61df070df0bf086a9e0c2607ee699b6830d5f98390ce09f7aa054936e671769e9181dca4f32a6d098a20d9202734959873df68d2754
SSDEEP

12288:Y4XfUISgOLuu0RuGUX+4tS3J4MnNQwbmwFdeQkaS:lWpt0RxQTnimCkaS

Score

1^/10

Malware Config

Signatures

Files

75c044713d8d2ceecfa1802138e739b2
.exe windows:4 windows x86 arch:x86

515d9b0653cd62210a0370c9c6a6feb5

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-04-2015 00:00

Not After

12-04-2016 23:59

Subject

CN=FLAGMAN-SOFT,O=FLAGMAN-SOFT,POSTALCODE=646822,STREET=4\, kv.1\, ul.Vodoprovod,L=S. PRISTANSKOE,ST=Omsk region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:b9:d3:d0:e4:be:27:2a:86:c7:2a:db:79:11:7d:f1:94:80:bd:2f
Signer

Actual PE Digest

04:b9:d3:d0:e4:be:27:2a:86:c7:2a:db:79:11:7d:f1:94:80:bd:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

BroadcastSystemMessageA
CallWindowProcA
GetGuiResources
ValidateRect
GetUserObjectInformationW
SetMessageExtraInfo
GetMessageExtraInfo
ShowScrollBar
SendInput
CheckRadioButton
RegisterDeviceNotificationA
SetKeyboardState
GetWindowThreadProcessId
ChangeDisplaySettingsExA
GetWindowModuleFileNameA
GetMenuItemInfoW
SetScrollInfo
GetAncestor
GetUserObjectSecurity
SendDlgItemMessageA
GetMessagePos
GetClipboardOwner
LoadImageA
DestroyWindow
SetWindowPlacement
DlgDirListW
SetWindowWord
CreateDialogIndirectParamA
IsChild
DrawFocusRect
TranslateMessageEx
CreateIconIndirect
SetThreadDesktop
SetForegroundWindow
SetDoubleClickTime
AlignRects
SetActiveWindow
UnregisterClassA
EnableWindow
RedrawWindow
DrawTextA
ArrangeIconicWindows
GetClientRect
MapWindowPoints
FindWindowExA
GetMenuStringA
MapDialogRect
UpdateWindow
RegisterClipboardFormatW
SetInternalWindowPos
SubtractRect
DrawTextW
DestroyMenu
CheckDlgButton
GetInternalWindowPos
EnumDesktopWindows
MenuWindowProcA
PrivateExtractIconsW
ChildWindowFromPointEx
IsCharAlphaNumericW
EnumThreadWindows
GetWindowWord
InvalidateRect
GetTabbedTextExtentA
TranslateMessage
MapVirtualKeyExA
ToUnicodeEx
DragDetect
CreateIconFromResourceEx
CopyRect
IsCharLowerW
GetWindowTextLengthA
OpenDesktopA
GetCursorInfo
ReleaseDC
TranslateAcceleratorA
GetWindowTextA
SetParent
EnumDesktopsW
LoadStringA
OemToCharA
DialogBoxIndirectParamA
GetAsyncKeyState
WaitForInputIdle
GetCursor
CloseWindow
InsertMenuItemW
GetLastInputInfo
DrawCaptionTempA
GetMenuState
GetCaretPos
RegisterClassExA
GetComboBoxInfo
GetMenuInfo
GetClassInfoA
LoadMenuW
MessageBoxTimeoutA
GetKeyboardLayoutNameW
CreateMenu
OpenClipboard
MessageBeep
CopyIcon
MessageBoxExW
GetMonitorInfoA
CharLowerBuffA
SetLastErrorEx
GetDialogBaseUnits
GetClipboardFormatNameW
GetKeyboardState
DestroyIcon
CharToOemBuffA
ShowCaret
GetSystemMetrics
TabbedTextOutW
CallMsgFilterW
SetWindowsHookExA
EnumPropsW
OffsetRect
RegisterDeviceNotificationW
LoadIconW
PtInRect
ExitWindowsEx
CharNextW
CharLowerA
ScreenToClient
AdjustWindowRectEx
GetCursorPos
IntersectRect
EndTask
ValidateRgn
RegisterClassA
GetLastActivePopup
CloseClipboard
AttachThreadInput
SwitchDesktop
CharPrevExA
GetClipboardViewer
GrayStringW
GetUpdateRect
GetClassLongA
GetMessageA
EqualRect
MonitorFromWindow
TileWindows
SetWindowTextA
SendMessageCallbackA
SetProgmanWindow
GetWindowTextW
GetSysColorBrush
GetMenuStringW
RegisterClipboardFormatA
GrayStringA
UpdateLayeredWindow
DestroyCaret
GetCapture
SetWindowsHookA
AppendMenuW
GetUpdateRgn
FrameRect
CheckMenuRadioItem
RegisterWindowMessageA
MapVirtualKeyW
EnumDisplayMonitors
GetNextDlgGroupItem
LoadCursorW
MenuItemFromPoint

comdlg32

ChooseFontA
ReplaceTextA

shell32

SHGetInstanceExplorer
SHInvokePrinterCommandA
SHGetIconOverlayIndexA
SHGetNewLinkInfoW
StrNCmpIA
SHHelpShortcuts_RunDLL

gdi32

GdiSetServerAttr
GetCharWidth32W
EngMultiByteToUnicodeN
CombineTransform

wtsapi32

WTSVirtualChannelOpen
WTSOpenServerW
WTSVirtualChannelPurgeOutput
WTSQueryUserConfigW
WTSSetSessionInformationA

ws2_32

WSAInstallServiceClassA
getservbyname
gethostname
socket
WSAConnect
connect
WSALookupServiceEnd

kernel32

GetVersion
GetCurrentProcess
LoadLibraryA
LocalAlloc
VirtualUnlock
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

u��Z�|M��lQ��"c��b�د�*��f"�<��$��+�AK��d��2I��[1��sJI8� 7��RD�g�~]x b=�R^DA�v"ߘJ$tA�f�|b��c�v[4�k��V!��\��1BsꈦS~��&�PYJ�*��8e ��Y� PY$-򒠕�6��%$}7��OǏ�v�-OYrp�5�)�(��{6�]*�o��v�/ �8r�:S�D#�=�5?J�N��?f��P;TӖ��a7t*O�e�v�)�֏ ��v��US Hwt��p)�J�;ճ?�Q\P�p� /��d�(��t]g��x^<2 M�x��f�W\��k({!<>X⫛,KׅQ��b��w�ku/TԪ��ʞ�a��cLW��'��V�Ȃ��Auvbt��!'�ʭ��;�<��3T�5�@mY#��"�31�\��'9�樉�~U�]P3�#߲7]?�[�GG`��.��o�O�H�<�S�<�z�v�H�c6�UB|�t��!=u��k�|d��pw�u�|d:�!�� 8�|�&��o��(�� u-y�ĭ�1�R��M�\�|�V��I��x��}N/��I�#�kcwzKs��~��9/�䏅��P��<��ĀG��ᅁt~��S��L�W��ch'��UI�XY��䳸l�B}��PL��$�8�ܚ�I��Rh��k��Zu�mq��RLͫ< 0?{z$}q��-C�� C��:�Z��Y4�k٘��_�B'��p��9��k��zщ,/�rN9��i��8��1�mR�7|�R��_m�-�,�&uYM;�t��1�8F;�gpM=e��J@�l�5)b4�v�69O~3yN��)(�8�l?�F�Q�3��<��E��!ܥJ/�j=�u�Kѽ�;��-��jkH��g��en�O��8ΝŁ��q�t�T{:r�ceTb�{��V�Vך��)��f��m�\��p�*��I��HP�1��c��ޛ��mB�H�p%��?F�:�A��\N�.��1b�AEa��wɭ�&��9F��0AE�>��ޣ4f@mʭ�PvPO�ǃ��r(56iͫ x�IEf��)7��^� �q�� ;f��0�{��>�뾘�ϙ�D�߸$��7��^��\ߤ�ԑ�n��ܓ��r��+4*��Ĵ��#�cd��.ӧ��Бh�*v:'�y��ql��>[�&d�_ !��N��Y��p��7VMK�`Qxp��\,�� 6^+<��&��{�l<�O�a�T�ɒ˙�;yaѹ�Zòx|K��q@a�4G ��a�~ן&�I�43�(Eqw�\)F�"Q�;Ew^�uS�Fb��Nz6�Ȫ�2C�2�0"K�r��hAF�(߭*d��9��}��e�O߀��UkG�,�Bx�d}��w�L�u�Ű!J��$�t�~=5ԅ�|ou�O�T��$�f-r�3�_cj��E"E�=n�0/F?� 6[��}��q��t�mշ��e��+��0:�3e;-<�+U��j��FF��Bux%�u��Cf�-�h��P��+W��=�\N ��-�t�Á��4��?�U?�/�H�ޅ�2�U��Ds�mD��42%i��r��DH��鯯��|��Z��eIC�=~�;�ʱ2�l�GŚ��{�/�`�Y��^TLyі�nKw��W��2z+��Ѥ�2uB�/J�4W��(�i�S��SG��J�Ǌ�1�U�˨޽s2 8_уT�X��Y�+׼�Y�2'��2��ʼ�� N��x ��:��t*ר��(& ��]Hz�Pu�5�H��a_s?+�h��+】�V&�C�,�z�K�^��=3<�<2mW"�?�S΂+�S$�C��,��oCq��F��O;�}�tx�.�S�s)=��+�Wb��ix? �^��p��m��)h %M��BaW��tDǯ��:��0��=��iu��uF�t�� G8j��A��X�K��φ�ҍ��\u��}y="J��Q��ث4�Z��-�� )��}쮤�)��e��ԅK�@|"R�Λ�[��ط��L��%,L~�2n�l8��L��iEz@��L.��]�K��z�� -u�FL��kq�bi��dIѥkE�I�rk]�0��v��SH�rB��Zs!UqH&��9#��~I��W�4D��s�R��iځk4��g�+�^�P�眑� ��xx�?Y@d��,��&�y�&g�_�VSq1zf��O�m��M�4,E]t��<M��ϣ|7��p��!4%<D��bG�4٤�5X��Ձ�T��"e�R]�{��T4eV��2�g��TW��"U�S�Sj��"��\�5{DZ(�ˬ%3ճ��S�D��%Z��̞<Ý��xT �S� g�~&��I�2�%?�5$��"MM��<�e#ǥ��?b�{ۧ� �"��.x��]��Б��U#��4��1��k}.��S"H��]��sՎh�L9�3��Ԉ�d��~�~�.z��Q� %�� G�."��<��-�(r��)��g�x%ZT��F6b��j��tx.(�x-C��b�u��υ6�6�ʐmH��T�3��3��=��ͅ5@Wo݀��l/�Y��s��E�r��^$ɠ&u]�~��\ɵ�T �4B��^�bi�ΐr��o��T�;�|f߹�p�k� �.Uv1��+��!"[�O^pP �'�t��_MЖ��G�Ma�я�&��~��J��jjzm�1�r ,4�tڢ?]��`@ĭ��5�_�\F[��w8{�+��o��0�Y�{ܑ_�9�q�! �>w�g#��a�٥��嶦�3�Ȣ��>8�;}/7?BS<�"�o�A��)�w�

Sections

CODE
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

515d9b0653cd62210a0370c9c6a6feb5

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:eaCertificate

Extended Key Usages

Key Usages

04:b9:d3:d0:e4:be:27:2a:86:c7:2a:db:79:11:7d:f1:94:80:bd:2fSigner

Headers

File Characteristics

Imports

user32

comdlg32

shell32

gdi32

wtsapi32

ws2_32

kernel32

Exports

Exports

Sections

CODE Size: 437KB - Virtual size: 436KB

DATA Size: 13KB - Virtual size: 12KB

BSS Size: - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 7KB

.text0 Size: 15KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 62KB - Virtual size: 62KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 35KB - Virtual size: 34KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

70:01:f1:f3:cc:d2:f6:a9:5b:2a:2d:5c:53:06:f3:ea
Certificate

04:b9:d3:d0:e4:be:27:2a:86:c7:2a:db:79:11:7d:f1:94:80:bd:2f
Signer

CODE
Size: 437KB - Virtual size: 436KB

DATA
Size: 13KB - Virtual size: 12KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 7KB

.text0
Size: 15KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 62KB - Virtual size: 62KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 35KB - Virtual size: 34KB