784ed731517a1daa1528caff6cc4cd06

Sharing

Copy URL

Twitter E-mail

General

Target

784ed731517a1daa1528caff6cc4cd06
Size

276KB
MD5

784ed731517a1daa1528caff6cc4cd06
SHA1

d6e0cc3736187e2a0dc2b18cabd7bb0f15172a65
SHA256

404c4fc2b5b9c6781b8915d599d47a2d21db4f1e3e879b3a374cb692132559ce
SHA512

cfba25f05341a5619f57c7d6c9c0933c28ad8aa58c69262b417b77a13710be7ab6bb1853998ee5927ea5e67394f7cd6038a62256d7286368ec884132f78713f8
SSDEEP

6144:W/FYWolEtENGk+evbgNYz0vKbGoEFvwE35:qFZolqkJ+YAvKbGloE35

Score

1^/10

Malware Config

Signatures

Files

784ed731517a1daa1528caff6cc4cd06
.exe windows:6 windows x86 arch:x86

a5a22cd37df8c0d135df23ae73405403

Code Sign

33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30-03-2016 19:21

Not After

30-06-2017 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28-10-2015 20:31

Not After

28-01-2017 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:2f:af:c2:d4:f5:4d:42:27:c3:4d:76:5f:ee:25:c7:11:c7:87:9e:bc:14:6d:c7:4f:5f:2e:0c:8e:e0:97:00
Signer

Actual PE Digest

7c:2f:af:c2:d4:f5:4d:42:27:c3:4d:76:5f:ee:25:c7:11:c7:87:9e:bc:14:6d:c7:4f:5f:2e:0c:8e:e0:97:00

Digest Algorithm

sha256

PE Digest Matches

false

c0:c2:f6:f3:c0:73:0f:3a:a6:be:83:95:5f:d8:ed:6e:21:8d:3b:06
Signer

Actual PE Digest

c0:c2:f6:f3:c0:73:0f:3a:a6:be:83:95:5f:d8:ed:6e:21:8d:3b:06

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\Target\x86\ship\dw\x-none\dwtrig20.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
RegOpenKeyExA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
EqualSid
CreateWellKnownSid
CopySid
AddAccessDeniedAce
AddAccessAllowedAce
OpenProcessToken

kernel32

InitializeCriticalSectionEx
GetShortPathNameA
LoadResource
SizeofResource
FindResourceW
IsWow64Process
MultiByteToWideChar
lstrcmpiW
GlobalFree
GlobalAlloc
GetSystemWindowsDirectoryW
CreateProcessW
Sleep
GetLastError
CloseHandle
GetShortPathNameW
GetLongPathNameW
GetFileAttributesW
lstrlenW
SetLastError
WideCharToMultiByte
IsValidCodePage
CreateMutexA
OpenMutexA
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
LocalAlloc
LocalFree
GetCurrentThread
QueryPerformanceCounter
WaitForSingleObjectEx
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwind
RaiseException
EncodePointer
FreeLibrary
LoadLibraryExW
GetThreadTimes
VirtualProtect
HeapSize
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetCommandLineW
GetACP
GetStringTypeW
GetFileType
HeapReAlloc
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
GetSystemInfo
VirtualQuery
LoadLibraryExA
CreateEventW
WaitForSingleObject
SetEvent
GetSystemTimeAsFileTime
ResetEvent

ole32

StringFromIID
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString
LoadTypeLi

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5a22cd37df8c0d135df23ae73405403

Code Sign

33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9bCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

7c:2f:af:c2:d4:f5:4d:42:27:c3:4d:76:5f:ee:25:c7:11:c7:87:9e:bc:14:6d:c7:4f:5f:2e:0c:8e:e0:97:00Signer

c0:c2:f6:f3:c0:73:0f:3a:a6:be:83:95:5f:d8:ed:6e:21:8d:3b:06Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 9KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 7KB

33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9b
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7c:2f:af:c2:d4:f5:4d:42:27:c3:4d:76:5f:ee:25:c7:11:c7:87:9e:bc:14:6d:c7:4f:5f:2e:0c:8e:e0:97:00
Signer

c0:c2:f6:f3:c0:73:0f:3a:a6:be:83:95:5f:d8:ed:6e:21:8d:3b:06
Signer

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 9KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 7KB