97924a4c4068cd58552aee99c4fdf73a

Sharing

Copy URL Twitter E-mail

General

Target

97924a4c4068cd58552aee99c4fdf73a
Size

444KB
MD5

97924a4c4068cd58552aee99c4fdf73a
SHA1

73dd6f8d04353f8913f79392a8c3a3fc0ddc9d6d
SHA256

09c67377d106de13cae83eeac44a0f1aabc0bfd0a58979377fcef3a5d6b9dec5
SHA512

8237bb9ac66f798536054514c3a801af8d050bc938b53605d785bbe4b81e31198ac2b4b73eb3ab4a119217314deb23911dd75b437b92b7eff961b646f1dec6e8
SSDEEP

12288:6n5iHiBNEio0QLrKeTQUz8itoSNfsrl7VAQ:65OO+jrcIJtoSemQ

Score

1^/10

Malware Config

Signatures

Files

97924a4c4068cd58552aee99c4fdf73a
.exe windows:4 windows x86 arch:x86

272a5dce554e869b4366147f6dc720c9

Code Sign

18:ed:d7:61:42:c1:21:9c:47:00:32:5f:2b:bd:5b:58
Certificate

Issuer

CN=mhpvpqwbrxr

Not Before

04/12/2011, 12:57

Not After

29/05/2019, 22:00

Subject

CN=Hifadure

a3:86:44:01:4a:0f:c1:c6:03:7e:30:55:c9:2d:1f:1b:5c:29:57:83
Signer

Actual PE Digest

a3:86:44:01:4a:0f:c1:c6:03:7e:30:55:c9:2d:1f:1b:5c:29:57:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DeferWindowPos
EndDialog
MoveWindow
GetWindowTextA

ole32

CoGetStandardMarshal
OleRegGetUserType
OleGetAutoConvert
CoUnmarshalHresult

oledlg

ord9

advapi32

RegDeleteValueA
RegNotifyChangeKeyValue

kernel32

LCMapStringW
LCMapStringA
MultiByteToWideChar
SetFilePointer
GetStringTypeA
SetEndOfFile
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetStringTypeW
ReadFile
SetHandleCount
HeapAlloc
WaitForSingleObject
LocalAlloc
LocalFree
LockFile
GetModuleHandleA
GetProcAddress
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
CloseHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xuhjh
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

272a5dce554e869b4366147f6dc720c9

Code Sign

18:ed:d7:61:42:c1:21:9c:47:00:32:5f:2b:bd:5b:58Certificate

a3:86:44:01:4a:0f:c1:c6:03:7e:30:55:c9:2d:1f:1b:5c:29:57:83Signer

Headers

File Characteristics

Imports

user32

ole32

oledlg

advapi32

kernel32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 5KB - Virtual size: 96KB

xuhjh Size: 299KB - Virtual size: 298KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 3KB

18:ed:d7:61:42:c1:21:9c:47:00:32:5f:2b:bd:5b:58
Certificate

a3:86:44:01:4a:0f:c1:c6:03:7e:30:55:c9:2d:1f:1b:5c:29:57:83
Signer

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 5KB - Virtual size: 96KB

xuhjh
Size: 299KB - Virtual size: 298KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 3KB