98fa5f46a39de04045ce9c3264427a29

Sharing

Copy URL

Twitter E-mail

General

Target

98fa5f46a39de04045ce9c3264427a29
Size

81KB
MD5

98fa5f46a39de04045ce9c3264427a29
SHA1

65353dab0b28124bd221b90d81e92e96a2516fc1
SHA256

28086f10cb70478dd19efe123ba06114c4e96e5df0a1f8ca8b8f7866f3bc249d
SHA512

6b2938f0a39d5feb4b93e6e4256f9f1088de926b7320edb2e9e9861959fab1bc644eaa4735f109c78745ba4aa9d62ba0eb6c8edb5056f7ccf4e389626444f4ec
SSDEEP

1536:vJxde7rjpCZk0Q2tDf36onloX/F15l7vMRP+gLBqYVL:vJxE7rjpCO0VRxlot15xvM8gLBjL

Score

1^/10

Malware Config

Signatures

Files

98fa5f46a39de04045ce9c3264427a29
.exe windows:5 windows x86 arch:x86

db6ae8c2354513f1e410c39d3b1a73aa

Code Sign

36:e7:ba:57:f0:8b:90:b8:4d:ce:61:46:d9:b9:29:fd
Certificate

Issuer

CN=zzt inc

Not Before

13-01-2012 09:39

Not After

31-12-2039 23:59

Subject

CN=zzt inc

Extended Key Usages

ExtKeyUsageCodeSigning

d1:f4:7d:8d:fb:bb:04:56:29:48:47:fb:f7:72:9c:db:3a:ff:a1:f1
Signer

Actual PE Digest

d1:f4:7d:8d:fb:bb:04:56:29:48:47:fb:f7:72:9c:db:3a:ff:a1:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleOutputCharacterW
_lcreat
lstrcatA
WaitForDebugEvent
lstrcmpi
lstrlen
VirtualQueryEx
VirtualFreeEx
VirtualAllocEx
UnlockFileEx
TlsFree
TerminateThread
SetTimerQueueTimer
SetThreadLocale
SetSystemTimeAdjustment
SetSystemPowerState
SetProcessPriorityBoost
SetEnvironmentVariableW
SetComputerNameExW
SetCommBreak
SetCalendarInfoW
SearchPathA
ScrollConsoleScreenBufferA
RtlMoveMemory
ReadConsoleOutputCharacterW
ReadConsoleOutputAttribute
Process32First
PeekNamedPipe
OpenMutexW
OpenMutexA
OpenJobObjectW
OpenFileMappingW
MoveFileW
MoveFileExA
LockFile
LocalUnlock
LocalReAlloc
LocalAlloc
LoadResource
LoadLibraryW
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
InterlockedDecrement
GetWriteWatch
GetWindowsDirectoryA
GetTimeZoneInformation
GetThreadLocale
GetTempPathW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetQueuedCompletionStatus
GetProfileSectionW
GetProfileSectionA
GetProfileIntA
GetProcessIoCounters
GetProcessHeap
GetProcessAffinityMask
GetNumberOfConsoleMouseButtons
GetModuleFileNameA
GetMailslotInfo
GetLogicalDriveStringsW
GetFullPathNameA
GetFileType
GetDriveTypeA
GetDateFormatW
GetCurrentConsoleFont
GetConsoleAliasExesA
GetCommModemStatus
GetACP
FreeLibraryAndExitThread
FreeConsole
VirtualAlloc
FoldStringA
FindResourceA
FindFirstFileA
FillConsoleOutputCharacterW
EnumSystemLocalesA
EnumSystemCodePagesA
EnumDateFormatsA
EndUpdateResourceW
DuplicateHandle
DeviceIoControl
DeleteTimerQueue
CreateWaitableTimerA
CreateTapePartition
CreateNamedPipeA
CreateFileMappingW
CreateEventW
ConvertDefaultLocale
BuildCommDCBAndTimeoutsW
BuildCommDCBAndTimeoutsA
Beep
AreFileApisANSI
GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
GetModuleHandleA
GetProcAddress
ExitProcess
lstrcmpA

user32

DrawFrameControl
DrawFocusRect
DlgDirSelectComboBoxExW
DdeInitializeW
DdeGetLastError
DdeAccessData
CreateWindowExW
CreateDialogParamW
CreateDialogParamA
CreateDesktopW
CountClipboardFormats
ChildWindowFromPointEx
CharToOemBuffW
CharPrevExA
CharNextW
ChangeDisplaySettingsExW
CallWindowProcA
BlockInput
AppendMenuW
LoadIconA
DrawMenuBar
DrawTextW
EndTask
EqualRect
FindWindowW
GetAltTabInfoA
GetAltTabInfoW
GetCaretPos
GetClassInfoA
GetClipCursor
GetCursorInfo
GetDialogBaseUnits
GetGUIThreadInfo
GetInputState
GetKeyboardLayoutList
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuStringW
GetMessageTime
GetNextDlgGroupItem
GetParent
GetPropA
GetShellWindow
GetSubMenu
GetWindow
GetWindowRect
HiliteMenuItem
IMPSetIMEA
InsertMenuA
IsCharAlphaW
IsDialogMessageA
IsDialogMessageW
IsWindowEnabled
LoadBitmapW
LoadMenuIndirectW
LoadStringA
LoadStringW
LockWindowUpdate
MapVirtualKeyA
MapVirtualKeyExW
MapWindowPoints
MonitorFromRect
OpenWindowStationA
RegisterClassExW
RegisterHotKey
SendIMEMessageExW
SendInput
SendMessageA
SendNotifyMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetDeskWallpaper
SetLastErrorEx
SetMenu
SetMenuItemBitmaps
wvsprintfA
WINNLSEnableIME
UserHandleGrantAccess
UnregisterClassW
UnregisterClassA
ToAscii
TileWindows
SwapMouseButton
ShowScrollBar
SetWindowTextW
SetWindowPlacement
SetWindowLongW
SetUserObjectSecurity
SetScrollInfo
SetMenuItemInfoW

gdi32

ChoosePixelFormat
CreateCompatibleDC
CreateDIBSection
CreatePolygonRgn
CreateScalableFontResourceA
EnableEUDC
EndFormPage
EndPage
EngBitBlt
EngComputeGlyphSet
EngCopyBits
EngGetPrinterDataFileName
EngLockSurface
EngReleaseSemaphore
EngTextOut
EnumICMProfilesW
EnumMetaFile
EnumObjects
EudcUnloadLinkW
ExtCreatePen
ExtSelectClipRgn
ExtTextOutW
FONTOBJ_pvTrueTypeFontFile
GdiAddGlsRecord
GdiArtificialDecrementDriver
GdiConvertBitmapV5
GdiConvertEnhMetaFile
GdiEntry11
GdiEntry9
GdiFullscreenControl
GdiGetLocalDC
GdiInitializeLanguagePack
GdiPlayDCScript
GdiPlayJournal
GdiPrinterThunk
GdiReleaseDC
GdiSetLastError
GetArcDirection
GetCharWidthInfo
GetCurrentPositionEx
GetDIBits
GetFontResourceInfoW
GetGraphicsMode
GetKerningPairsA
GetMetaFileBitsEx
AnyLinkedFonts
GetObjectType
GetPixel
GetRandomRgn
GetRasterizerCaps
GetRelAbs
GetStringBitmapA
GetSystemPaletteUse
GetTextCharset
GetTextFaceA
GetTextMetricsA
GetViewportOrgEx
GetWorldTransform
HT_Get8BPPFormatPalette
HT_Get8BPPMaskPalette
IntersectClipRect
InvertRgn
OffsetViewportOrgEx
OffsetWindowOrgEx
PATHOBJ_bEnum
PathToRegion
PlayEnhMetaFile
PolyBezier
PolyDraw
ResetDCA
STROBJ_bEnum
SelectClipPath
SetAbortProc
SetBitmapDimensionEx
SetBkColor
SetDCPenColor
SetDeviceGammaRamp
SetEnhMetaFileBits
SetMiterLimit
SetPixelV
SetPolyFillMode
SetStretchBltMode
SetTextColor
StretchDIBits
TextOutW
WidenPath
XFORMOBJ_iGetXform
XLATEOBJ_hGetColorTransform
XLATEOBJ_piVector
cGetTTFFromFOT
GetObjectA
GdiDeleteLocalDC
BeginPath

advapi32

RegOpenKeyExW

shell32

SHEmptyRecycleBinW
Shell_NotifyIconA
Shell_NotifyIcon
ShellHookProc
ShellExecuteExW
ShellExecuteEx
ShellAboutA
SHQueryRecycleBinA
SHPathPrepareForWriteA
SHLoadNonloadedIconOverlayIdentifiers
SHLoadInProc
SHIsFileAvailableOffline
SHInvokePrinterCommandA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconA
ExtractIconEx
ExtractIconW
FindExecutableA
SHAppBarMessage
SHBindToParent
SHBrowseForFolderA
SHBrowseForFolderW
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHGetPathFromIDListA
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceExW
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetMalloc
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoTaskMemRealloc
CoUnmarshalInterface
CreateAntiMoniker
CreateBindCtx
CreateDataCache
CreateFileMoniker
CreateItemMoniker
CreateObjrefMoniker
CreateStdProgressIndicator
CreateStreamOnHGlobal
DoDragDrop
GetConvertStg
GetHGlobalFromStream
GetRunningObjectTable
HACCEL_UserMarshal
HACCEL_UserSize
HBITMAP_UserMarshal
HBITMAP_UserUnmarshal
HBRUSH_UserMarshal
HBRUSH_UserSize
HDC_UserSize
HENHMETAFILE_UserFree
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserSize
HICON_UserFree
HICON_UserMarshal
HMETAFILE_UserMarshal
HMETAFILE_UserUnmarshal
HWND_UserSize
IsAccelerator
OleBuildVersion
OleCreateDefaultHandler
OleCreateEx
OleCreateFromData
OleCreateFromDataEx
OleCreateLinkFromData
OleDoAutoConvert
OleDuplicateData
OleFlushClipboard
OleGetAutoConvert
OleGetIconOfClass
OleInitialize
OleLoad
OleLoadFromStream
OleLockRunning
OleMetafilePictFromIconAndLabel
OleNoteObjectVisible
OleQueryLinkFromData
OleRegGetMiscStatus
OleRun
OleTranslateAccelerator
OpenOrCreateStream
ProgIDFromCLSID
PropVariantCopy
ReadClassStg
ReadStringStream
SNB_UserFree
SetDocumentBitStg
StgCreatePropSetStg
StgOpenStorage
StgOpenStorageEx
StgPropertyLengthAsVariant
StringFromGUID2
UpdateDCOMSettings
UtConvertDvtd16toDvtd32
UtConvertDvtd32toDvtd16
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserUnmarshal
CoSetCancelObject
CoRevertToSelf
CoQueryProxyBlanket
CoQueryAuthenticationServices
CoLockObjectExternal
CoInstall
CoGetMarshalSizeMax
CoGetInstanceFromIStorage
CoGetClassVersion
CoGetClassObject
CoDeactivateObject
CoCopyProxy
CLSIDFromProgIDEx
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
CoQueryClientBlanket

shlwapi

StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIW
StrStrA
StrStrIA

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ddd
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db6ae8c2354513f1e410c39d3b1a73aa

Code Sign

36:e7:ba:57:f0:8b:90:b8:4d:ce:61:46:d9:b9:29:fdCertificate

Extended Key Usages

d1:f4:7d:8d:fb:bb:04:56:29:48:47:fb:f7:72:9c:db:3a:ff:a1:f1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 14KB - Virtual size: 13KB

.ddd Size: 60KB - Virtual size: 59KB

.data Size: 512B - Virtual size: 116B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

36:e7:ba:57:f0:8b:90:b8:4d:ce:61:46:d9:b9:29:fd
Certificate

d1:f4:7d:8d:fb:bb:04:56:29:48:47:fb:f7:72:9c:db:3a:ff:a1:f1
Signer

.text
Size: 14KB - Virtual size: 13KB

.ddd
Size: 60KB - Virtual size: 59KB

.data
Size: 512B - Virtual size: 116B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB