986dcb628ed2e77ddee7db43e7367ac1

Sharing

Copy URL Twitter E-mail

General

Target

986dcb628ed2e77ddee7db43e7367ac1
Size

2.0MB
MD5

986dcb628ed2e77ddee7db43e7367ac1
SHA1

4717b1d80cdc95bee4ee1a300093ae27f9db40f6
SHA256

e3d76dd7216dc83378b7ddfb7138501e737dd26dda397cce6e6f896530151ef8
SHA512

36cf65855a43aa92534c6bd4bcea590bdd496d1b8e9f129ad5c6c7345507a32f1e8989c3c55e1f6e0fdc097aae49a42c163d5d43f7bb7eeca2ab378a32146147
SSDEEP

49152:iIT9xdfdBCz15jm0dndm3Qpet4O8b8ITDnlHPb/F/:rxhvUddnoQPR

Score

1^/10

Malware Config

Signatures

Files

986dcb628ed2e77ddee7db43e7367ac1
.exe windows:6 windows x86 arch:x86

3ead75fe025e8005b5a171d21360f869

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:fb:71:33:19:02:7f:3f:1f:1c:06:67:b3:c3:8c:a9
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

07/05/2017, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems\, Incorporated,OU=Acrobat DC,O=Adobe Systems\, Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

37:4f:c5:83:15:44:fd:ad:c0:55:a8:c4:8e:e2:ed:98:46:7c:2b:e4
Signer

Actual PE Digest

37:4f:c5:83:15:44:fd:ad:c0:55:a8:c4:8e:e2:ed:98:46:7c:2b:e4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AcroRd32Exe.pdb

Imports

kernel32

QueryPerformanceCounter
HeapSetInformation
ReleaseSemaphore
GetSystemTimeAsFileTime
CreateSemaphoreW
AddAtomW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetErrorMode
GetTempPathW
LockResource
FindResourceExW
OpenProcess
lstrcmpW
lstrcmpA
LocalAlloc
GetSystemDirectoryW
GetFileAttributesW
FindFirstFileW
FindClose
GetCurrentDirectoryW
MultiByteToWideChar
QueryInformationJobObject
SetDllDirectoryW
FindResourceW
LoadLibraryW
LoadLibraryA
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
IsProcessInJob
ProcessIdToSessionId
GetExitCodeProcess
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
OutputDebugStringA
SetCurrentDirectoryW
GetCommandLineW
lstrlenW
GetTickCount
Sleep
OpenMutexW
GetVolumeInformationW
LocalFree
GetModuleHandleW
CreateThread
GetCurrentProcessId
GetCurrentProcess
CreateEventW
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetEnvironmentVariableA
SetEndOfFile
ReadConsoleW
OutputDebugStringW
GetTimeZoneInformation
WriteConsoleW
CreateMutexW
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitNamedPipeW
CreateNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
GetFileType
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
GetProcAddress
MulDiv
SetFilePointerEx
SetStdHandle
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LoadLibraryExA
DeleteFileW
SetFilePointer
ReleaseMutex
DuplicateHandle
TerminateProcess
ResumeThread
CreateProcessW
GetProcessId
AssignProcessToJobObject
SetInformationJobObject
ExpandEnvironmentStringsW
GetVersionExW
GetNativeSystemInfo
WideCharToMultiByte
GetCPInfoExW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetLocaleInfoW
GetLongPathNameW
GetEnvironmentVariableW
GetDriveTypeW
GetFileInformationByHandle
GetFileSize
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
GetCurrentThread
TerminateThread
VirtualProtectEx
WriteProcessMemory
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetProfileStringW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
UnregisterWaitEx
RegisterWaitForSingleObject
TerminateJobObject
DebugBreak
CreateJobObjectW
VirtualAllocEx
VirtualQueryEx
GetStartupInfoW
GetThreadContext
VirtualFree
SignalObjectAndWait
VirtualFreeEx
SearchPathW
VirtualQuery
ReadProcessMemory
SuspendThread
WaitForMultipleObjects
ExitThread
GetTempFileNameW
CreateDirectoryW
GetProcessTimes
GetExitCodeThread
MoveFileExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateDirectoryExW
GlobalSize
FlushFileBuffers
FindNextFileW
VirtualProtect
FlushInstructionCache
GlobalHandle
GetStringTypeW
EncodePointer
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetFullPathNameW
GetFileAttributesExW
GetSystemInfo
VirtualAlloc
GetModuleHandleExW

user32

ReleaseDC
GetDC
MsgWaitForMultipleObjects
RegisterClipboardFormatW
PeekMessageW
DispatchMessageW
TranslateMessage
DdeDisconnect
SystemParametersInfoW
AllowSetForegroundWindow
PostThreadMessageW
GetDesktopWindow
GetThreadDesktop
GetProcessWindowStation
CloseWindowStation
CreateDesktopW
CreateWindowStationW
GetUserObjectInformationW
GetActiveWindow
SetTimer
RegisterClassW
SetWindowPos
SetDlgItemTextW
GetAsyncKeyState
EnableWindow
SetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetParent
EnumChildWindows
FindWindowExW
SetWindowsHookExW
UnhookWindowsHookEx
CreateIconFromResourceEx
GetWindowInfo
GetAncestor
GetRawInputDeviceInfoW
GetRawInputDeviceList
SendDlgItemMessageW
LoadIconW
LoadCursorW
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
GetClipboardOwner
GetClipboardViewer
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
GetClipboardFormatNameA
GetClipboardFormatNameW
EmptyClipboard
IsClipboardFormatAvailable
GetPriorityClipboardFormat
GetOpenClipboardWindow
CloseWindow
IsWindowEnabled
SetActiveWindow
GetMessageW
PostQuitMessage
GetWindowDC
BeginPaint
EndPaint
SetFocus
GetFocus
CallWindowProcW
GetClassInfoExW
IsChild
MoveWindow
CreateDialogIndirectParamW
SetCapture
ReleaseCapture
CreateAcceleratorTableW
DestroyAcceleratorTable
InvalidateRect
InvalidateRgn
RedrawWindow
GetClientRect
SetWindowContextHelpId
SetCursor
ClientToScreen
ScreenToClient
MapWindowPoints
GetSysColor
FillRect
LoadBitmapW
IsDialogMessageW
MapDialogRect
MonitorFromWindow
GetMonitorInfoW
UpdateWindow
DdeConnect
DdeAddData
DdeCreateDataHandle
DdeGetData
EnumThreadWindows
SetForegroundWindow
IsWindowVisible
DdeFreeStringHandle
DdeCreateStringHandleW
DdeNameService
DdeUninitialize
DdeInitializeW
FindWindowW
FindWindowA
SetWindowLongW
ShowWindow
SendNotifyMessageW
RegisterWindowMessageA
SetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenInputDesktop
MessageBoxW
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
RegisterWindowMessageW
UserHandleGrantAccess
GetWindow
GetClassNameW
EnumWindows
SetParent
GetWindowLongW
GetWindowTextW
IsWindow
GetSystemMetrics
BringWindowToTop
GetGUIThreadInfo
GetWindowThreadProcessId
GetPropW
SetPropW
GetForegroundWindow
CharNextW
GetDlgItem
EndDialog
DialogBoxParamW
UnregisterClassW
SendMessageW
DdeClientTransaction

advapi32

CryptGenKey
RegOpenKeyExA
RegQueryValueExA
FreeSid
EqualSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
ReportEventW
RegisterEventSourceW
CloseEventLog
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenThreadToken
AccessCheck
CopySid
DuplicateTokenEx
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
MapGenericMask
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
CreateProcessAsUserW
SetThreadToken
GetAce
GetKernelObjectSecurity
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
CreateWellKnownSid
AddAce
GetAclInformation
SetEntriesInAclW
GetSecurityInfo
RevertToSelf
RegDisablePredefinedCache
CreateRestrictedToken
DuplicateToken
LookupPrivilegeValueW
CheckTokenMembership
SaferiIsExecutableFileType
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGetHashParam
CryptSetProvParam
CryptGetProvParam
CryptGenRandom
CryptGetUserKey
CryptImportKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashA
CryptSignHashW
ImpersonateAnonymousToken
GetUserNameW

shlwapi

ord219
PathIsUNCServerShareW
PathAddBackslashW
UrlCanonicalizeW
PathCreateFromUrlW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathCanonicalizeW
AssocQueryStringW
UrlGetPartW
PathIsDirectoryW
PathRemoveBackslashW
PathIsRelativeW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
SHDeleteKeyW
UrlIsW
PathIsURLW

Exports

Exports

AcroRd32IsBrokerProcess

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ead75fe025e8005b5a171d21360f869

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

10:fb:71:33:19:02:7f:3f:1f:1c:06:67:b3:c3:8c:a9Certificate

Extended Key Usages

Key Usages

37:4f:c5:83:15:44:fd:ad:c0:55:a8:c4:8e:e2:ed:98:46:7c:2b:e4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 277KB - Virtual size: 277KB

.data Size: 17KB - Virtual size: 32KB

.rsrc Size: 625KB - Virtual size: 624KB

.reloc Size: 61KB - Virtual size: 61KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

10:fb:71:33:19:02:7f:3f:1f:1c:06:67:b3:c3:8c:a9
Certificate

37:4f:c5:83:15:44:fd:ad:c0:55:a8:c4:8e:e2:ed:98:46:7c:2b:e4
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 277KB - Virtual size: 277KB

.data
Size: 17KB - Virtual size: 32KB

.rsrc
Size: 625KB - Virtual size: 624KB

.reloc
Size: 61KB - Virtual size: 61KB