b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d

Sharing

Copy URL

Twitter E-mail

General

Target

b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d
Size

313KB
MD5

fe1bc60a95b2c2d77cd5d232296a7fa4
SHA1

c07dfdea8da2da5bad036e7c2f5d37582e1cf684
SHA256

b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d
SHA512

266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89
SSDEEP

6144:nl578cxdGY87FohbnmM2i8ito7wTmCbL94KCT3OAmK:nl59zH8MiM2z+NLQBN

Score

1^/10

Malware Config

Signatures

Files

b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d
.exe windows:5 windows x86 arch:x86

604de9c4534997ea4f32f86753fab871

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

90:21:24:73:c7:06:f5:23:fe:84:bd:b9:a7:8a:01:f4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17-07-2017 00:00

Not After

17-07-2018 23:59

Subject

CN=DEMUS\, OOO,OU=IT,O=DEMUS\, OOO,POSTALCODE=410010,STREET=d. 84 of. 2\, ul.Tankistov,L=Saratov,ST=RU,C=RU,2.5.4.18=#1306343130303130

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54
Signer

Actual PE Digest

fb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
LoadLibraryA
lstrlenA
lstrcpyA
lstrcmpW
WriteFile
WriteConsoleInputW
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
UnhandledExceptionFilter
TerminateProcess
TerminateJobObject
Sleep
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetThreadExecutionState
SetPriorityClass
SetLastError
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ReleaseMutex
ReadConsoleOutputCharacterA
RaiseException
QueryPerformanceCounter
OutputDebugStringW
OutputDebugStringA
OpenEventW
MultiByteToWideChar
MoveFileExW
LocalFree
LocalAlloc
LoadLibraryW
LeaveCriticalSection
IsDebuggerPresent
InterlockedIncrement
InterlockedCompareExchange
InitializeCriticalSection
HeapReAlloc
HeapFree
HeapAlloc
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetSystemTime
GetStartupInfoA
GetProcessPriorityBoost
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleAliasExesLengthA
GetComputerNameW
FreeLibrary
FormatMessageW
FormatMessageA
ExitProcess
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateProcessW
CreateMutexA
CreateJobObjectA
CreateFileA
CloseHandle
CreateEventW
CreateEventA
InterlockedExchange

user32

SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SendMessageW
SendIMEMessageExW
RegisterDeviceNotificationW
RegisterClassW
PostMessageW
PeekMessageW
OpenWindowStationW
MessageBoxW
MessageBoxA
MessageBeep
MapDialogRect
LoadMenuA
LoadCursorW
KillTimer
IMPGetIMEW
GetWindowTextW
GetWindowRect
SetTimer
GetMenuItemID
GetKeyboardLayout
GetForegroundWindow
GetDlgItemTextW
GetDlgItem
GetDesktopWindow
EnumDesktopWindows
EndDialog
EnableMenuItem
DrawStateA
DispatchMessageW
DispatchMessageA
DialogBoxParamW
DestroyWindow
DestroyAcceleratorTable
DefWindowProcW
DdeQueryStringW
DdeGetLastError
CreateWindowExW
CreateDialogIndirectParamA
CreateAcceleratorTableW
SetWindowLongW
SetWindowTextW
ShowWindowAsync
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
wvsprintfW
IsWindowEnabled
LoadIconA
GetClipboardData
GetDlgCtrlID
GetOpenClipboardWindow
IsMenu
CreatePopupMenu
GetMenuItemCount
GetKBCodePage
GetMenuContextHelpId
GetFocus
GetInputState
GetShellWindow
GetAsyncKeyState
GetCapture
GetClipboardSequenceNumber
OemKeyScan
GetActiveWindow
CharUpperA
GetWindowDC
IsWindowUnicode
GetKeyboardType
EnumClipboardFormats
CopyIcon
GetMenuCheckMarkDimensions
EndMenu
GetListBoxInfo
ReleaseCapture
GetMessageExtraInfo
GetWindowLongW
CharToOemW
CharLowerW
BroadcastSystemMessageA
GetWindowContextHelpId

gdi32

SelectObject
SetBrushOrgEx
SetDCBrushColor
SetICMMode
SetPixelV
CancelDC
PathToRegion
CloseFigure
GetBkColor
AbortDoc
FlattenPath
GetObjectType
PlayMetaFileRecord
RealizePalette
WidenPath
SaveDC
BeginPath
SetMetaRgn
UnrealizeObject
AbortPath
EndPage
CreateMetaFileA
AddFontResourceA
SwapBuffers
OffsetWindowOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextCharset
GetMetaRgn
GetKerningPairsW
GetCurrentObject
GetCharWidth32A
GdiSwapBuffers
GdiStartPageEMF
GdiQueryTable
GdiGradientFill
GdiComment
GdiCleanCacheDC
FixBrushOrgEx
EngGradientFill
EngDeletePath
DescribePixelFormat
DeleteObject
DeleteDC
CreatePolygonRgn
CreateICA
CreateHatchBrush
CreateEllipticRgn
CreateDIBSection
CreateDCW
ChoosePixelFormat
AngleArc
BRUSHOBJ_pvAllocRbrush
GetTextColor

advapi32

RegEnumValueW
RegOpenKeyW
StartServiceCtrlDispatcherW
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetEntriesInAclW
ReportEventW
RegisterServiceCtrlHandlerExW
RegisterEventSourceW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
OpenServiceW
OpenSCManagerW
InitializeSecurityDescriptor
GetUserNameW
FreeSid
DeregisterEventSource
DeleteService
CreateServiceW
CloseServiceHandle

shell32

Shell_NotifyIconW
ShellExecuteExA
SHPathPrepareForWriteW
SHLoadNonloadedIconOverlayIdentifiers
SHInvokePrinterCommandW
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetSettings
SHGetPathFromIDListW
SHGetMalloc
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolderW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteExW

shlwapi

StrChrW
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIA
StrRStrIW
StrStrIA
StrChrA

comctl32

InitCommonControlsEx

msvcrt

__p__commode
__p__fmode
__set_app_type
__setusermatherr
_abnormal_termination
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_iob
_mbscmp
_mbscpy
_mbsicmp
_mbsinc
_mbslwr
_mbsnbcmp
_mbsnbicmp
_snwprintf
_vsnwprintf
_wcsicmp
_wcsnicmp
exit
fwprintf
iswctype
memmove
setlocale
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsrchr
_XcptFilter
__getmainargs

imm32

ImmDisableIME

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

604de9c4534997ea4f32f86753fab871

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

90:21:24:73:c7:06:f5:23:fe:84:bd:b9:a7:8a:01:f4Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

fb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

msvcrt

imm32

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 424B

.rsrc Size: 3KB - Virtual size: 2KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

90:21:24:73:c7:06:f5:23:fe:84:bd:b9:a7:8a:01:f4
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

fb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54
Signer

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 424B

.rsrc
Size: 3KB - Virtual size: 2KB