77d1929ff22a0c4d012bd4854f8f184c

Sharing

Copy URL Twitter E-mail

General

Target

77d1929ff22a0c4d012bd4854f8f184c
Size

250KB
MD5

77d1929ff22a0c4d012bd4854f8f184c
SHA1

174e1863bfbd6e1965c5c6b9b36ee1a965fe9762
SHA256

dc69f77b4cd67ce93cc2af6b1f9ec5bfe8e69e02b98be2b3ffeed7533f9669d3
SHA512

a09f1b4c48d6bec7cfa48c30cc388582783bb4d51b2a4804386b6a7e2ad059b4c97acdfa7c73ead1f61f5b075cdf63ccd8116162159592588b8d7d717355c3dd
SSDEEP

6144:2t/AKmmMsIHkARu050+v0E0BBAYBu1/F55EGcW9Pk:ooKmmMpHkAA05SE0BBXuZH5llk

Score

1^/10

Malware Config

Signatures

Files

77d1929ff22a0c4d012bd4854f8f184c
.exe windows:4 windows x86 arch:x86

8b8d4415f5ff01a15983fc5e031c14e7

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:ce:d0:f1:d0:34:e9:0d:bf:f6:98:f8:44:0c:e9:5d:83:bb:c6:29
Signer

Actual PE Digest

04:ce:d0:f1:d0:34:e9:0d:bf:f6:98:f8:44:0c:e9:5d:83:bb:c6:29

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
FatalAppExitA
GetDiskFreeSpaceA
lstrcpynW
GetHandleInformation
GetACP
ConnectNamedPipe
ReplaceFileA
FatalAppExitW
SetComputerNameA
SetErrorMode
GetEnvironmentStringsA
SleepEx
CreateSemaphoreA
SearchPathA
lstrlenW
GetCurrentProcess
HeapCreate
VirtualAlloc
GetLastError
GetShortPathNameW
OpenEventA
GetFullPathNameW
GetLocaleInfoW

user32

LoadMenuIndirectW
EnumChildWindows
UnregisterClassW
GetDC
DrawTextW
CreatePopupMenu
DrawIcon
GetClassLongW
GetSysColorBrush
SetWindowPos
InvalidateRect
UnregisterClassA
GetWindowLongW
PostQuitMessage
CreateDialogParamW
wvsprintfA
MonitorFromRect
PeekMessageA
CopyRect
GetWindowRect
FindWindowW
CopyIcon

gdi32

DPtoLP
GdiGetBatchLimit
IntersectClipRect
GetCharWidth32W
GetPath
RestoreDC
GetViewportExtEx
AddFontResourceA
ExtEscape
Escape
EnumICMProfilesW
SetTextAlign
SetStretchBltMode
GetTextAlign
GetAspectRatioFilterEx
GetBoundsRect

advapi32

RegQueryInfoKeyA
RegEnumValueA
ConvertSidToStringSidW
RegOpenKeyA
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW

urlmon

HlinkGoBack

inetcomm

EssSecurityLabelEncodeEx
MimeOleGetPropA
MimeEditIsSafeToRun
MimeOleSetBodyPropW
MimeOleSMimeCapRelease
MimeOleSMimeCapsFromDlg
HrGetDisplayNameWithSizeForFile
MimeOleSMimeCapInit

Sections

.e
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LWJhYO
Size: 1024B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.a
Size: 2KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cItrh
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fiNbxn
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d
Size: 1KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FbyuK
Size: 2KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tNIhR
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ca
Size: 2KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.S
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc1
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b8d4415f5ff01a15983fc5e031c14e7

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

04:ce:d0:f1:d0:34:e9:0d:bf:f6:98:f8:44:0c:e9:5d:83:bb:c6:29Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

urlmon

inetcomm

Sections

.e Size: 9KB - Virtual size: 9KB

.LWJhYO Size: 1024B - Virtual size: 39KB

.a Size: 2KB - Virtual size: 42KB

.cItrh Size: 4KB - Virtual size: 3KB

.fiNbxn Size: 1KB - Virtual size: 7KB

.d Size: 1KB - Virtual size: 26KB

.FbyuK Size: 2KB - Virtual size: 49KB

.tNIhR Size: 1KB - Virtual size: 34KB

.rsrc Size: 1024B - Virtual size: 592B

.Ca Size: 2KB - Virtual size: 25KB

.S Size: 1KB - Virtual size: 36KB

.rsrc1 Size: 212KB - Virtual size: 212KB

.reloc Size: 1024B - Virtual size: 796B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

04:ce:d0:f1:d0:34:e9:0d:bf:f6:98:f8:44:0c:e9:5d:83:bb:c6:29
Signer

.e
Size: 9KB - Virtual size: 9KB

.LWJhYO
Size: 1024B - Virtual size: 39KB

.a
Size: 2KB - Virtual size: 42KB

.cItrh
Size: 4KB - Virtual size: 3KB

.fiNbxn
Size: 1KB - Virtual size: 7KB

.d
Size: 1KB - Virtual size: 26KB

.FbyuK
Size: 2KB - Virtual size: 49KB

.tNIhR
Size: 1KB - Virtual size: 34KB

.rsrc
Size: 1024B - Virtual size: 592B

.Ca
Size: 2KB - Virtual size: 25KB

.S
Size: 1KB - Virtual size: 36KB

.rsrc1
Size: 212KB - Virtual size: 212KB

.reloc
Size: 1024B - Virtual size: 796B