8b6804499b121381d7082f5dc859524d

Sharing

Copy URL Twitter E-mail

General

Target

8b6804499b121381d7082f5dc859524d
Size

249KB
MD5

8b6804499b121381d7082f5dc859524d
SHA1

7a5a0d37b691a3c948e2f69af4db8a43e5c0751a
SHA256

11a8a15c711b13fd21d5a61fe07e877610e97d29c49a005dba64f48b218795aa
SHA512

9e9c17c35baae7bf302aeee2b97c91d311f7107031518f5089db7ebb487aaa93e0e67a9be45262b4237e12a7c17003523345104cf7eadac895d73c1c199c58b0
SSDEEP

3072:nP7jfU7pooooooS4wWwKVAYw9MjqiZE4Opi/h3lZGvwPDvWO1aS+C5UeT/eBjjpv:nHfU7o4wkiWlKHARJT8tN

Score

1^/10

Malware Config

Signatures

Files

8b6804499b121381d7082f5dc859524d
.exe windows:5 windows x86 arch:x86

01e1b3bf28f5225e2223c7beed0d5c43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Cebbel Mihzi,O=Tot Ruszeszijki Surh,L=Qiewlot,ST=Puzweklod,C=RU

Not Before

11/07/2015, 16:07

Not After

10/07/2016, 16:07

Subject

CN=Kethavaso Ficaov,O=Tot Ruszeszijki Surh,L=Qiewlot,ST=Puzweklod,C=RU

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d8:81:77:de:a5:84:89:ca:f9:51:d7:66:7d:66:de:c4:66:1d:3f:61
Signer

Actual PE Digest

d8:81:77:de:a5:84:89:ca:f9:51:d7:66:7d:66:de:c4:66:1d:3f:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FreeLibrary
HeapDestroy
HeapSize
HeapReAlloc
WideCharToMultiByte
FindResourceExW
CreateFileA
WaitNamedPipeA
SetNamedPipeHandleState
CreateEventW
CreateThread
SetEvent
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
ReleaseMutex
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
DeviceIoControl
SetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
RaiseException
ReadFile
InitializeCriticalSectionAndSpinCount
DecodePointer
UnhandledExceptionFilter
lstrlenA
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
GetFileType
GetOEMCP
GetACP
GetFileSize
FlushFileBuffers
WriteFile
CreateFileW
LockResource
GetCPInfo
LoadResource
SizeofResource
FindResourceW
HeapFree
GetProcessHeap
HeapAlloc
MultiByteToWideChar
GetCurrentProcess
IsWow64Process
Sleep
WaitForSingleObject
CloseHandle
TerminateProcess
GetLastError
GetLongPathNameW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
TlsAlloc
IsValidCodePage
GetStdHandle
LCMapStringW
GetStartupInfoW
TlsFree
RtlUnwind
GetCommandLineW
ExitThread
GetModuleHandleExW
ExitProcess
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TlsGetValue
LoadLibraryExW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetStringTypeW
TlsSetValue

user32

RegisterClassExW
CreateWindowExW
LoadCursorW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
SetTimer
DefWindowProcW
KillTimer
PostQuitMessage
ShowWindow
UpdateWindow
LoadIconW

advapi32

CryptReleaseContext
CryptCreateHash
RegDeleteKeyW
StartServiceCtrlDispatcherW
StartServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
ChangeServiceConfigW
DeleteService
ControlService
CloseServiceHandle
ChangeServiceConfig2W
QueryServiceStatus
OpenServiceW
CreateServiceW
OpenSCManagerW
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
LookupAccountSidW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptAcquireContextW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc
OleRun

oleaut32

LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
GetErrorInfo

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01e1b3bf28f5225e2223c7beed0d5c43

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

d8:81:77:de:a5:84:89:ca:f9:51:d7:66:7d:66:de:c4:66:1d:3f:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 856B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

d8:81:77:de:a5:84:89:ca:f9:51:d7:66:7d:66:de:c4:66:1d:3f:61
Signer

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 856B