751bc7284282d568166cd73f6dfdb44b

Sharing

Copy URL

Twitter E-mail

General

Target

751bc7284282d568166cd73f6dfdb44b
Size

598KB
MD5

751bc7284282d568166cd73f6dfdb44b
SHA1

ccbd61c67a70a696d982820cb520d81d11706275
SHA256

202ecdd3d57ba69a070c9d3448d56019981e14c14e05b3f3a788021f5f7570d2
SHA512

10dd2ce80c5cec1d5db57b52d834c706f02c3e4efa1a5743ce8c0bb99324a24be60d6bb180ce53dcd92fe1a312ef3a141b97364637210886f06550585a3d338f
SSDEEP

12288:+TwHlx1//xGf8GkkgwIAIEFXcbyg+yw1BRrMTGFrIsQg:+T2lxx4f8OFcbOrMTGlQg

Score

1^/10

Malware Config

Signatures

Files

751bc7284282d568166cd73f6dfdb44b
.exe windows:4 windows x86 arch:x86

e54d218a815f922fea04b4acc7a0fee8

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:39:5a:86:d9:1d:a6:3b:ac:9c:ef:69:4a:77:2b:43
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/05/2015, 00:00

Not After

19/05/2016, 23:59

Subject

CN=PKK OOO,O=PKK OOO,POSTALCODE=241037,STREET=103 ul.Krasnoarmeiskaya,L=Bryansk,ST=Bryansk Region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

da:08:0b:a9:ba:1a:8e:b9:20:20:d7:48:34:20:66:a9:68:cc:54:8a
Signer

Actual PE Digest

da:08:0b:a9:ba:1a:8e:b9:20:20:d7:48:34:20:66:a9:68:cc:54:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

CreateCursor
GetTopWindow
IsHungAppWindow
FindWindowW
DrawCaption
DrawAnimatedRects
IsChild
CharLowerW
LoadCursorW
CharLowerBuffA
BeginPaint
AppendMenuA
GetSystemMetrics
RedrawWindow
CreatePopupMenu
GetMonitorInfoA
ShowWindowAsync
GetWindowLongW
GetUpdateRgn
TranslateAcceleratorW
BroadcastSystemMessageW
PeekMessageA
RegisterClassExW
SetDeskWallpaper
OpenClipboard
DrawEdge
GetProcessWindowStation
IsCharAlphaW
GetMenuStringA
SetMenuItemBitmaps
DrawFrameControl
CreateDialogParamA
CharToOemBuffA
DialogBoxParamA
CopyAcceleratorTableA
OemKeyScan
SetSystemCursor
RegisterWindowMessageA
PaintDesktop
DestroyMenu
PtInRect
PrivateExtractIconExA
CreateIcon
SetRectEmpty
EndTask
OpenIcon
GetClassWord
GetKeyboardType
MonitorFromRect
PostThreadMessageA
OffsetRect
DrawTextExA
SetCapture
GetMenuStringW
GetMenuState
SetMenu
GetFocus
AnyPopup
EnumClipboardFormats
SendMessageW
UpdateLayeredWindow
SetDlgItemTextW
GetAltTabInfoA
MonitorFromWindow
GetSubMenu
RemoveMenu
KillTimer
SetMenuContextHelpId
LoadKeyboardLayoutEx
RealGetWindowClassA
AllowForegroundActivation
GetDlgItemTextA
LoadImageA
GetWindowRect
ModifyMenuA
GetClassNameA
MapWindowPoints
WindowFromPoint
ChangeDisplaySettingsA
HideCaret
GetKeyNameTextW
MessageBoxIndirectW
DrawIconEx
EnableScrollBar
CreateMDIWindowW
GetWindowWord
DrawMenuBarTemp
MenuWindowProcA
DrawTextW
SetWindowsHookA
GetCursorPos
GetDlgCtrlID
GetClipboardOwner
GetLastInputInfo
SetMenuItemInfoA
GetWindowRgn
EnumDisplaySettingsW
IsIconic
InsertMenuA
DlgDirSelectExW
CheckDlgButton
GetIconInfo
GetSysColorBrush
LoadMenuIndirectA
TileChildWindows
BroadcastSystemMessageExA
LoadBitmapA
OemToCharA
GetTitleBarInfo
UnregisterClassA
PrintWindow
CheckMenuRadioItem
TabbedTextOutW
SetScrollInfo
EnumThreadWindows
LoadMenuW
ScrollChildren
MessageBoxExA
IsGUIThread
IsCharAlphaNumericW
CharPrevExA
GetWindowTextLengthA
GetClipboardFormatNameA
GetMenuItemInfoW
CharLowerBuffW
GetClassLongW
GetNextDlgGroupItem
RegisterHotKey
CharUpperA
IsDlgButtonChecked
ExitWindowsEx
GetMessageExtraInfo
RegisterDeviceNotificationW
CascadeChildWindows
SetCaretBlinkTime
GetKeyNameTextA
ShowCursor
SetMenuInfo
GetDC
SendInput
GetTabbedTextExtentA
SetMenuDefaultItem
GetWindowPlacement
GetScrollPos
CreateAcceleratorTableA
GetRawInputDeviceInfoA
AttachThreadInput
RegisterClipboardFormatW
GetClassInfoW
EnumWindowStationsW
FlashWindowEx
GetCursor
UnhookWindowsHook
LockWorkStation
FindWindowA
wsprintfW
ShowStartGlass
TranslateMessageEx
ReleaseCapture
GetClassInfoExA
SetWindowPlacement
CopyIcon
PrivateExtractIconsA
InvalidateRgn
MoveWindow
GetClipboardFormatNameW
SetWindowsHookExA
SendMessageCallbackW
MessageBoxExW
GetKeyboardLayoutNameW
SetThreadDesktop
SetDoubleClickTime
GetMessageTime
DrawFocusRect
GetUserObjectInformationW
CallWindowProcW
MapVirtualKeyA
CloseWindow
CharPrevW
FindWindowExW
GetUserObjectSecurity
GetSystemMenu
ShowCaret
DrawIcon
SetCursorPos
LoadKeyboardLayoutW
EnumPropsA
SetDlgItemInt
OpenWindowStationW
SetInternalWindowPos
GetDlgItemInt
CloseClipboard
MapVirtualKeyExW
EnumPropsExW
DrawTextA
CharUpperBuffA
GetWindowModuleFileNameW
GetAncestor
DlgDirSelectExA
GetMonitorInfoW
GetMenu
RegisterDeviceNotificationA
IsCharAlphaNumericA
LoadMenuA
SetWindowContextHelpId
IsMenu
ToUnicode
ToAsciiEx
SetPropW
GetClipboardData
OemToCharW
GetScrollInfo
SetClassWord
SetPropA
DefFrameProcW
RegisterWindowMessageW
DefDlgProcA
LoadKeyboardLayoutA
PostThreadMessageW
EmptyClipboard
GetMenuDefaultItem
SetCursorContents
RegisterClassW
GetRawInputDeviceInfoA

kernel32

SetFileShortNameA
MoveFileA
FindFirstVolumeMountPointA
FreeConsole
SetFileShortNameW
GetEnvironmentVariableW
SetCommTimeouts
GetNamedPipeHandleStateW
EnumUILanguagesA
GetEnvironmentVariableA
FileTimeToSystemTime
FreeEnvironmentStringsW
HeapFree
PulseEvent
GetPrivateProfileSectionA
SetThreadUILanguage
GetCommandLineA
CreateNamedPipeA
MulDiv
ExpandEnvironmentStringsA
FlushConsoleInputBuffer
FlushFileBuffers
ReplaceFileA
GetPrivateProfileSectionW
QueryPerformanceCounter
GetFileAttributesA
RegisterWaitForSingleObject
RegisterWowExec
HeapLock
IsBadHugeReadPtr
CopyFileExA
SetThreadContext
GetConsoleInputExeNameA
lstrcmpA
IsValidCodePage
GetProfileStringW
FindFirstVolumeMountPointW
TlsGetValue
GetProcessTimes
GetSystemPowerStatus
GetAtomNameA
CreateFileMappingW
GetProcessIoCounters
PrivMoveFileIdentityW
GetStdHandle
PeekConsoleInputW
SetComputerNameW
CloseHandle
SetFileApisToOEM
CompareFileTime
FindFirstChangeNotificationA
InterlockedCompareExchange
WritePrivateProfileSectionW
MoveFileWithProgressA
SetFileValidData
IsProcessInJob
CreateFileA
CreateNamedPipeW
GetTempPathW
FormatMessageW
AddConsoleAliasA
EnumSystemGeoID
CreateProcessA
GlobalFlags
SetFileAttributesA
ReadConsoleInputExW
SetCriticalSectionSpinCount
GetVolumeInformationA
WriteConsoleW
ReadDirectoryChangesW
GlobalUnlock
SetTimeZoneInformation
LocalLock
GetHandleInformation
GetDiskFreeSpaceA
CreateDirectoryA
BuildCommDCBAndTimeoutsW
lstrcpynW
SetVolumeLabelW
RaiseException
SetLastError
GetProcessPriorityBoost
GlobalFindAtomA
LCMapStringA
WriteFileEx
SetProcessPriorityBoost
GetExitCodeProcess
FindFirstVolumeA
DeleteTimerQueueEx
VirtualUnlock
ResetEvent
GetVolumePathNameW
EnumSystemLanguageGroupsA
GetCurrentThread
FindNextVolumeW
LocalFlags
GetModuleHandleW
EndUpdateResourceW
SetTapeParameters
GetBinaryTypeW
GetConsoleAliasesA
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
SearchPathA
GetVolumePathNamesForVolumeNameA
DebugBreak
InterlockedExchangeAdd
GetSystemDirectoryW
GetStringTypeA
lstrcpynA
GetConsoleProcessList
GetMailslotInfo
GetThreadPriorityBoost
RtlMoveMemory
FindResourceExW
FindResourceExA
GetCurrentProcess
GetVersion
GetNamedPipeInfo
LoadLibraryExA
VirtualUnlock
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shlwapi

GetMenuPosFromID
PathRemoveArgsA
PathIsUNCW
PathCommonPrefixW
PathRemoveBlanksA
PathIsDirectoryEmptyW
PathCanonicalizeW
AssocQueryStringByKeyW

ole32

PropSysAllocString
OleBuildVersion
GetDocumentBitStg
IIDFromString
CoReactivateObject
StgOpenStorageOnILockBytes

comdlg32

CommDlgExtendedError
GetFileTitleA
FindTextA
PageSetupDlgA
LoadAlterBitmap
ReplaceTextW
GetOpenFileNameA

oleaut32

VarUI8FromI8
VarBstrCmp
VarUI2FromI2
VarDiv

shell32

SHLoadInProc
CheckEscapesW
RealShellExecuteExA
SHGetFolderPathA
SHGetFileInfoW
SHBindToParent

winspool.drv

GetFormW

advapi32

QueryTraceW
PrivilegedServiceAuditAlarmA
GetEffectiveRightsFromAclW
LsaLookupPrivilegeDisplayName
DuplicateToken
GetCurrentHwProfileA
LsaGetRemoteUserName

gdi32

SetBitmapAttributes
GdiCreateLocalMetaFilePict
EudcUnloadLinkW
GetCharWidthFloatA
CreateMetaFileA
GetWorldTransform
NamedEscape

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

wtsapi32

WTSTerminateProcess
WTSSendMessageA

ws2_32

WSCDeinstallProvider
select
WSAResetEvent
ioctlsocket
WSAAddressToStringW
ntohl
WSAStartup

comctl32

CreatePropertySheetPage
ImageList_EndDrag
MakeDragList
ImageList_SetImageCount
FlatSB_SetScrollPos
DrawStatusTextW

Exports

Exports

P;��n��8�}�k)y��n��I�踦��C�~±�V�Ͻ��R�o�=��R*��bk�įt��}E��i��Ƚ\�:S�m�N�򤗛�nv� T��9W��\=p(!��u�8��.��d��x��&Bk�g�P��Ǎ�2�ꭜ��4�6�%� ұ� 䣬��'N�흾o�H)��0�Ҋ��2=�еT��t·��P�.l��Ooz�>�Z��UkKm/��H��(j�ޯ+�#F=�;�k�Z�$�1��j�¿��>Uv_)�gHUY�^��J1�H�zy��O��Cֱ0�^;��a�l�hr��$�� Ŝ�4�&O�0��j��;�~� sr�>�q��t��܋�G� �2�*YY��⒞r�#ſ��t�T�� .��)��wU�h�h�װs)�g�>��k� VT�G ��+|H'��x8��j݊��KyJC}��Hn��H�k�nDG{amiyȫU��z��P��P��"P��sX�I*��)�5`��s�o�|�35� ��ʗ]�?��Z�Ѯ��:W�Dk�K��zg��U%�T\RB�k5��r r�u�� r/��ql��`� ��m��qd��1�fx$��-ܢG�)C��l��N�,*��Jwu�'vi�U��YT�갿��P�P�^N��J��q��#l��´b�,��rA�6Ϭ�v/�S��*��#Ul��6�l�.N �1�� i�%rۈ6~oB��N�S\<^��>E� �鈊=i_ ��آ��#�ho8ޅ0�ĉ��% {�4$�,P��4׵�ʩ�0&��⟷�Yh^I��?��V�ǉ8=M{'��Hhbs��J��ރ�M$��E�'�$�g�{��%ٴDVYwq�%��tYq�IF�cyz"��(m�� JNǑE��)z �9��cŖ|%�ۜF]� ��*.�)_��-I��fՄ��[��b��KǪC`X�̧�?��*�x��z��vZ^O'_�hG9��m��R��anT�E~��"��e��޾�$:�zwDm��~��!��E�j�[]�&_��Ե�ʘ_-'�.��댶M}ڵ��g�]�S�F�-^>M�;v�%� ��c6,��oZ.�j^e��T[:�7� �K�#s��h5�2KD��d�PR �s��ݦ3�c��B,'��9�֖*7\��1�]I��q�/��1��Q��^�ª�v��'��J��9/��vp}�@��F��\np;?��=�{�X��mv��t�,�&7[)[�M(�z�^��=��W��k� A��*䳆G��W��$��M�DC(3I<�10c��@��پ�o��Ü�=�*�L�z&��J��d��tq"ʢ*��cA✿�{�N?�U�0*��>��<�;P��q��=��6��Rs��[��m��Ќ_֬Ov��ޒ��u��n��l߀��h��i��W�c�9��n��b��e��6��0':�a�T�Q�Jz��~vD�p�u�v�"H�Ӻ�y$q-�S�VWd��k��K<��^͖;��[fvp@�� M�(��?��O��:�4��4 ~�Ś��]#A�>^��(xz��׮�J��0�L�B+�� ͏8q�aVhi��]nɧbٞҦe�D��/��=��4�2߄K%ˉN,��[��z�r�4��Xo�j*�M��A�Q��2p��$k~�ʯ"�q��Z}�r��$��z��R��u��+-�f�ځ��|�t��,��p4L�c��%ѳ�X�7m�'VCY=�"2�,~�i ��F9w��p]��ǳ��ߝ��v0�u��>��Z9��/�W�͈��JZ4&0��R��Vz�I�Q��s��΃��\}z�g��h��l�Qb�w��Vq��̇Xiw�I�� ك|˛��T`��Y��=�Į�jEl��W��-��5�hr{�>�t2�6��d��J�x�q�Y�ʮgߴ��N� ��#��Z� ,�5 ��%�f�#_J�L��0�*��s�v�`p��B��>D��8�g�dL��x$�C)��S�)��v�"��O��Mft ��M�%�t��9=%�$��d(�b >��$�W��B��uh�RQ9.g��E��X��6��{��u��9P�N��f�\b��I�=�O�X�#��2�� o-(�<��C ��[`a=�x��B;��2JH�Q�|�C6 x�Bգ��i�ϯ%��uzm�#)3��ń\�r$�Z��1s/^�� (h��Ef&p��%��O �/��\ؠ�� Bq��S�.�X�� ~��0�� ;�O�I��д��Q1˼H��$��U&� ��Ũ��=��ۿ��,}��B�2Cu��O��4#] � 3NP>8��`�(Y�JO�@،2X�ʦ�3��<�Ǘ�z�4��}z��@��_bx��Vp��V�F��)o�r�s(7�5)�Ҿ}�Yߗ�a�eI� �BOd�c��O��yݭT䈐��[eC|UN��:��5��h�ݬBd��g�4�� s �0a�p�A,��Q �/Y�8��d�"�|"�Y��V�/�u�ؖ<��vi;�#�/��\W�҂@�:��0u��Wz�g©sX�f�I��^|!7��i,� e�%��M痓��z�(�x:�T,�� jc�h��4)�KRɡ�A�T�Ɂڊ�E(��sC͞�i̳ �;l��Ƭ��V��S<R�y��O[�C�e��eC��J[.8�8��^�P��1�*^Ƿz�<m_N��x }��z�^ut�'d��w��4?�i�3r :��6o�#��A

Sections

CODE
Size: 443KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e54d218a815f922fea04b4acc7a0fee8

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

9c:39:5a:86:d9:1d:a6:3b:ac:9c:ef:69:4a:77:2b:43Certificate

Extended Key Usages

Key Usages

da:08:0b:a9:ba:1a:8e:b9:20:20:d7:48:34:20:66:a9:68:cc:54:8aSigner

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

ole32

comdlg32

oleaut32

shell32

winspool.drv

advapi32

gdi32

version

wtsapi32

ws2_32

comctl32

Exports

Exports

Sections

CODE Size: 443KB - Virtual size: 444KB

DATA Size: 9KB - Virtual size: 16KB

.idata Size: 10KB - Virtual size: 12KB

.text0 Size: 17KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 4KB

.text1 Size: 70KB - Virtual size: 72KB

.reloc Size: 6KB - Virtual size: 8KB

.rsrc Size: 35KB - Virtual size: 34KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

9c:39:5a:86:d9:1d:a6:3b:ac:9c:ef:69:4a:77:2b:43
Certificate

da:08:0b:a9:ba:1a:8e:b9:20:20:d7:48:34:20:66:a9:68:cc:54:8a
Signer

CODE
Size: 443KB - Virtual size: 444KB

DATA
Size: 9KB - Virtual size: 16KB

.idata
Size: 10KB - Virtual size: 12KB

.text0
Size: 17KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 4KB

.text1
Size: 70KB - Virtual size: 72KB

.reloc
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 35KB - Virtual size: 34KB