8d83028d4c87cd3ea801b8b9d24a04f3

Sharing

Copy URL Twitter E-mail

General

Target

8d83028d4c87cd3ea801b8b9d24a04f3
Size

338KB
MD5

8d83028d4c87cd3ea801b8b9d24a04f3
SHA1

c5a41b7cf7878d742390d6f896123c3d6d9933cb
SHA256

58efa6d3e1baf47919e9a197d84db71cf1ddf23f1329e28202f0213ee450097c
SHA512

aa7a7bf838db05b60b4dbb5e655f4eac7383d2a337427e92d76fe0e983d51abf925600c48bbf5eec9bc038146983dd9c6a7016b26293e6fc6ba4eb022cd15e21
SSDEEP

6144:wpaiirttcLkaVq72qCM0XgIANPypqkS38SbmIRt18quLQ:wgZBtcwaRY0XqnZ38SaatqqcQ

Score

1^/10

Malware Config

Signatures

Files

8d83028d4c87cd3ea801b8b9d24a04f3
.exe windows:4 windows x86 arch:x86

0abc21aa4d0f1f1f4c15cd9f04aa22a4

Code Sign

36:9b:0b:f2:08:cb:07:4b:b6:77:1e:60:12:30:78:6a
Certificate

Issuer

CN=deqnczxbfou

Not Before

18/06/2012, 21:24

Not After

31/12/2039, 23:59

Subject

CN=Jerani

4f:b6:d8:6c:ba:ce:20:62:4b:e8:82:6e:02:be:81:ee:f4:cf:73:dc
Signer

Actual PE Digest

4f:b6:d8:6c:ba:ce:20:62:4b:e8:82:6e:02:be:81:ee:f4:cf:73:dc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExA
GetSysColor
GetWindowPlacement
GetWindowTextLengthA
SendDlgItemMessageA
IsZoomed
ShowWindow
IsWindowVisible
GetTopWindow
GetDlgItem
FindWindowExA

advapi32

RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegRestoreKeyA
RegQueryMultipleValuesA
RegOverridePredefKey
RegUnLoadKeyA
RegDeleteKeyA
RegSetValueExA

kernel32

GetHandleInformation
ResetEvent
SuspendThread
GetCommandLineA
ResumeThread
GetStartupInfoA
GetComputerNameA
VirtualAlloc
GetModuleHandleA
DeleteFileA
CloseHandle
WriteProfileSectionA
WritePrivateProfileStringA
GetProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProfileSectionA
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
SetEvent

winspool.drv

EnumPrinterDataA
ConfigurePortA
AbortPrinter
AddJobA
DeletePrinterKeyA
DeleteFormA
ClosePrinter
AddPrinterA
ConnectToPrinterDlg
DeletePrinterDataA
AddFormA
DeletePrinter
AddPrinterConnectionA
DeletePrinterConnectionA
AdvancedDocumentPropertiesA

msvcrt

_controlfp
_exit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_XcptFilter
_except_handler3

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0abc21aa4d0f1f1f4c15cd9f04aa22a4

Code Sign

36:9b:0b:f2:08:cb:07:4b:b6:77:1e:60:12:30:78:6aCertificate

4f:b6:d8:6c:ba:ce:20:62:4b:e8:82:6e:02:be:81:ee:f4:cf:73:dcSigner

Headers

File Characteristics

Imports

user32

advapi32

kernel32

winspool.drv

msvcrt

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 316KB - Virtual size: 316KB

.data Size: 512B - Virtual size: 94KB

.rsrc Size: 5KB - Virtual size: 5KB

36:9b:0b:f2:08:cb:07:4b:b6:77:1e:60:12:30:78:6a
Certificate

4f:b6:d8:6c:ba:ce:20:62:4b:e8:82:6e:02:be:81:ee:f4:cf:73:dc
Signer

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 316KB - Virtual size: 316KB

.data
Size: 512B - Virtual size: 94KB

.rsrc
Size: 5KB - Virtual size: 5KB