9b4e771d688b41d520441ca8c56bc47d

Sharing

Copy URL Twitter E-mail

General

Target

9b4e771d688b41d520441ca8c56bc47d
Size

26KB
MD5

9b4e771d688b41d520441ca8c56bc47d
SHA1

68b8e75fdfa6c22604540fb4121beee9fec06738
SHA256

4a291b8f65527e765a646a915999984d5cd9c1a828cd7610ec78e196b3dab954
SHA512

d01c17a4dcf20704715e8461311892ecfda8822685d8202a74a909faaf202d88ab5d71590a36c167be614de147137e65fe81454b7e2f24d524293cc24ddf3d00
SSDEEP

384:wvjrFUHRnvjTnaBDdhbKg5Zq6dtynrjkfdAH+hh4WWieZWQ:wvFUdPcJ5KEZLtOk1Aehhde

Score

1^/10

Malware Config

Signatures

Files

9b4e771d688b41d520441ca8c56bc47d
.exe windows:5 windows x86 arch:x86

3cbaaa8ef1c07e79f7ba227ee91740d0

Code Sign

20:f8:ce:24:1c:6c:01:4d:b8:69:44:13:b0:2a:6a:59
Certificate

Issuer

CN=235235623562

Not Before

21/02/2012, 04:52

Not After

31/12/2039, 23:59

Subject

CN=235235623562

Extended Key Usages

ExtKeyUsageCodeSigning

13:cc:d8:b7:ce:84:e8:a5:a4:78:42:f2:c2:f3:91:09:9c:ef:df:78
Signer

Actual PE Digest

13:cc:d8:b7:ce:84:e8:a5:a4:78:42:f2:c2:f3:91:09:9c:ef:df:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
GetSystemInfo
GetSystemPowerStatus
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVolumePathNameA
GlobalAddAtomA
GlobalHandle
GlobalLock
HeapCompact
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
IsValidCodePage
LoadResource
LocalUnlock
LockResource
MoveFileW
MoveFileWithProgressA
MoveFileWithProgressW
OpenFileMappingW
OpenWaitableTimerA
QueryDosDeviceW
ReadConsoleOutputCharacterW
ReleaseSemaphore
RtlFillMemory
RtlUnwind
RtlZeroMemory
ScrollConsoleScreenBufferA
SetCommConfig
SetComputerNameExA
SetConsoleActiveScreenBuffer
GetShortPathNameW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDefaultCommConfigW
SetEnvironmentVariableW
SetErrorMode
SetFilePointer
SetFilePointerEx
SetLastError
SetPriorityClass
SetProcessShutdownParameters
SetTapePosition
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SystemTimeToFileTime
Toolhelp32ReadProcessMemory
TryEnterCriticalSection
VerifyVersionInfoA
WaitForSingleObject
WaitNamedPipeW
WriteConsoleOutputAttribute
WriteFile
WritePrivateProfileSectionA
WriteProcessMemory
_lcreat
_lopen
lstrcatW
lstrcmpW
lstrcpyn
lstrcpynW
GetShortPathNameA
GetProfileStringW
GetProfileSectionA
GetProcessTimes
GetProcessHeaps
GetPrivateProfileStructA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
GetNumberFormatW
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetLargestConsoleWindowSize
GetFullPathNameA
GetFileAttributesW
GetFileAttributesExA
GetDriveTypeA
GetCurrentThreadId
GetCurrencyFormatA
GetConsoleMode
GetConsoleFontSize
GetConsoleDisplayMode
GetConsoleCP
GetComputerNameExW
GetComputerNameExA
GetCommState
GetModuleHandleA
GetCommModemStatus
GetAtomNameA
GetACP
FoldStringA
FlushInstructionCache
FindResourceA
FindNextFileW
FindNextFileA
FindNextChangeNotification
FillConsoleOutputCharacterA
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumSystemLanguageGroupsW
EnumSystemLanguageGroupsA
EnumSystemCodePagesA
EnumLanguageGroupLocalesA
EnumDateFormatsExW
EnterCriticalSection
DnsHostnameToComputerNameA
DeleteFiber
CreateTimerQueue
CreateSemaphoreW
CreateMutexA
CreateJobObjectW
CreateFileW
CreateFileA
CreateDirectoryW
CreateDirectoryExA
CreateConsoleScreenBuffer
ConvertThreadToFiber
ConnectNamedPipe
CommConfigDialogA
CancelDeviceWakeupRequest
BindIoCompletionCallback
BackupRead
AllocateUserPhysicalPages
AddConsoleAliasW
GetProcAddress
SetConsoleTitleA

msvcrt

memset

advapi32

RegOpenKeyExW

oleaut32

VarDecFromDisp
VarDecFromI4
VarDecFromR8
VarDecMul
VarEqv
VarFix
VarFormat
VarFormatFromTokens
VarI1FromDate
VarI1FromDec
VarI1FromI2
VarI1FromR4
VarI1FromR8
VarI1FromUI1
VarI2FromBool
VarI2FromCy
VarI2FromUI1
VarI4FromBool
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromR8
VarI4FromStr
VarIdiv
VarNeg
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarR4FromDec
VarR4FromI4
VarR4FromR8
VarR4FromUI2
VarR4FromUI4
VarR8FromDisp
VarR8FromI4
VarR8FromUI2
VarR8Pow
VarUI1FromDate
VarUI1FromI2
VarUI1FromI4
VarUI1FromUI2
VarUI4FromBool
VarUI4FromDec
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToSystemTime
VectorFromBstr
VarDecFix
VarDecAdd
VarDecAbs
VarDateFromUI1
VarDateFromI4
VarDateFromI2
VarDateFromDisp
VarDateFromBool
VarCyMul
VarCyInt
VarCyFromUI2
VarCyFromUI1
VarCyFromR4
VarCyFromI4
VarCyFromDate
VarCyFromBool
VarCat
VarBstrFromUI4
VarBstrFromR8
VarBstrFromI2
VarBstrFromI1
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarBstrCat
VarBoolFromUI1
VarBoolFromI2
VarBoolFromDisp
SystemTimeToVariantTime
SysStringLen
SysStringByteLen
SysReAllocStringLen
SetErrorInfo
SafeArraySetIID
SafeArrayPutElement
SafeArrayGetRecordInfo
SafeArrayGetElemsize
SafeArrayDestroyDescriptor
SafeArrayCreateVectorEx
SafeArrayCreateVector
SafeArrayCreate
SafeArrayCopy
RevokeActiveObject
QueryPathOfRegTypeLi
OleLoadPictureEx
OleCreatePropertyFrameIndirect
OleCreateFontIndirect
OaBuildVersion
LoadTypeLibEx
LoadTypeLi
LoadRegTypeLi
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LHashValOfNameSysA
LHashValOfNameSys
GetErrorInfo
GetActiveObject
DosDateTimeToVariantTime
DispGetParam
DispGetIDsOfNames
CreateErrorInfo
CreateDispTypeInfo
BstrFromVector
BSTR_UserMarshal
BSTR_UserFree
SafeArrayCopyData

imm32

ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmConfigureIMEA
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmGetIMCLockCount
ImmUnlockIMC
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cbaaa8ef1c07e79f7ba227ee91740d0

Code Sign

20:f8:ce:24:1c:6c:01:4d:b8:69:44:13:b0:2a:6a:59Certificate

Extended Key Usages

13:cc:d8:b7:ce:84:e8:a5:a4:78:42:f2:c2:f3:91:09:9c:ef:df:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 8KB - Virtual size: 8KB

.text1 Size: 2KB - Virtual size: 1KB

.text2 Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 120B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

20:f8:ce:24:1c:6c:01:4d:b8:69:44:13:b0:2a:6a:59
Certificate

13:cc:d8:b7:ce:84:e8:a5:a4:78:42:f2:c2:f3:91:09:9c:ef:df:78
Signer

.text
Size: 8KB - Virtual size: 8KB

.text1
Size: 2KB - Virtual size: 1KB

.text2
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 120B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB