768379213b807b9b0cdfd32dd6c323fb

Sharing

Copy URL

Twitter E-mail

General

Target

768379213b807b9b0cdfd32dd6c323fb
Size

395KB
MD5

768379213b807b9b0cdfd32dd6c323fb
SHA1

be83cef7aebfcd347de1dd53fc608abce3a06f89
SHA256

12ba51c59db1345e2155a8c9733f00b84ac121340fba825b5e4cff0f2168852d
SHA512

b72187914cc414decdc6d4d8aab2da0d4708f8849cb7dde295e3a681d8c1ceff43347533ed82dac6abfc41ad499711bbf62166389b200a5c1c21efac48c8c9ab
SSDEEP

6144:MmtbifwfkKRsQLx1EnyyKznm9+B9AHKyjVrTLkkP7qcXvxZzchEEhL7:MofkKRPnEnyyKzo5j1QkjqcpWvn

Score

1^/10

Malware Config

Signatures

Files

768379213b807b9b0cdfd32dd6c323fb
.exe windows:5 windows x86 arch:x86

92a26591846774ed4b16c8a8e6ebe46f

Code Sign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:a4:4f:c5:32:66:b3
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/08/2011, 13:30

Not After

11/08/2012, 19:05

Subject

CN=Antanda\, LLC,O=Antanda\, LLC,L=Irvine,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d0:74:50:dd:b6:08:b8:90:50:30:7e:fa:c4:95:3d:dc:2d:df:0b:c1
Signer

Actual PE Digest

d0:74:50:dd:b6:08:b8:90:50:30:7e:fa:c4:95:3d:dc:2d:df:0b:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersAddresses

kernel32

GetLastError
WaitForSingleObject
CloseHandle
OpenMutexW
SizeofResource
GetModuleHandleW
LockResource
LoadResource
FindResourceW
InterlockedDecrement
GetProcAddress
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InterlockedIncrement
SetEvent
GetEnvironmentVariableW
ReadFile
Sleep
GetExitCodeProcess
GetVersionExW
GetTempPathW
GetSystemInfo
WriteFile
SetEndOfFile
CreateFileA
InitializeCriticalSectionAndSpinCount
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
GetStartupInfoW
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapSize
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetLocaleInfoA
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

PostThreadMessageW

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92a26591846774ed4b16c8a8e6ebe46f

Code Sign

03:01Certificate

Key Usages

27:a4:4f:c5:32:66:b3Certificate

Extended Key Usages

Key Usages

d0:74:50:dd:b6:08:b8:90:50:30:7e:fa:c4:95:3d:dc:2d:df:0b:c1Signer

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

iphlpapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 244KB - Virtual size: 244KB

.reloc Size: 9KB - Virtual size: 9KB

03:01
Certificate

27:a4:4f:c5:32:66:b3
Certificate

d0:74:50:dd:b6:08:b8:90:50:30:7e:fa:c4:95:3d:dc:2d:df:0b:c1
Signer

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 244KB - Virtual size: 244KB

.reloc
Size: 9KB - Virtual size: 9KB