9a52f632dbd7df3f9476e7431e109c14

Sharing

Copy URL Twitter E-mail

General

Target

9a52f632dbd7df3f9476e7431e109c14
Size

434KB
MD5

9a52f632dbd7df3f9476e7431e109c14
SHA1

7ab2e35049b75b01784407ab8add528070a53bca
SHA256

4b6e7413ef98f602642e6415724551011a2ad76463fdc250d4ffdf4b3bf3dd76
SHA512

b90635c02239381a6063a308345958b1b7ebfee22596f8e6e190295957d934bd995e135d31c29c8ac8e6b326a6a5bcba066e5a9b5c438a2759f661978aa8dbc3
SSDEEP

12288:+n/7F01QFIbHOgzq+TjhOdIFrmnC/JhcXH9q:8/cII7OsTjhOmpmnCxKX9q

Score

1^/10

Malware Config

Signatures

Files

9a52f632dbd7df3f9476e7431e109c14
.exe windows:4 windows x86 arch:x86

c9ee81909c9e2602227058599ee3b35e

Code Sign

55:60:bb:f9:1f:65:ba:a3:49:e6:f9:4d:f0:70:da:99
Certificate

Issuer

CN=zjnarkewffl

Not Before

05/12/2011, 20:44

Not After

28/03/2014, 22:00

Subject

CN=Kolity

32:17:d3:51:e4:8e:20:00:e8:1b:6e:93:5e:74:17:df:fd:e5:5f:f6
Signer

Actual PE Digest

32:17:d3:51:e4:8e:20:00:e8:1b:6e:93:5e:74:17:df:fd:e5:5f:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSysColor
GetParent
GetClientRect

ole32

CoReleaseServerProcess
CoUnmarshalInterface
StringFromIID
OleSetContainedObject
CoUnmarshalHresult
CoGetStdMarshalEx
BindMoniker

advapi32

RegEnumKeyA
RegDeleteKeyA
RegLoadKeyA

kernel32

MultiByteToWideChar
LoadLibraryA
LCMapStringA
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
GetStringTypeA
HeapReAlloc
LocalReAlloc
LocalFlags
GetStringTypeW
LocalFree
ResetEvent
GetPrivateProfileSectionA
SetFilePointer
GetModuleHandleA
GetProcAddress
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetFileType
SetHandleCount
GetStdHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hapauu
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9ee81909c9e2602227058599ee3b35e

Code Sign

55:60:bb:f9:1f:65:ba:a3:49:e6:f9:4d:f0:70:da:99Certificate

32:17:d3:51:e4:8e:20:00:e8:1b:6e:93:5e:74:17:df:fd:e5:5f:f6Signer

Headers

File Characteristics

Imports

user32

ole32

advapi32

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 4KB - Virtual size: 87KB

hapauu Size: 287KB - Virtual size: 286KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 2KB

55:60:bb:f9:1f:65:ba:a3:49:e6:f9:4d:f0:70:da:99
Certificate

32:17:d3:51:e4:8e:20:00:e8:1b:6e:93:5e:74:17:df:fd:e5:5f:f6
Signer

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 4KB - Virtual size: 87KB

hapauu
Size: 287KB - Virtual size: 286KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 2KB