aa6b6e439bed6fd6a0b159412741cc96

Sharing

Copy URL Twitter E-mail

General

Target

aa6b6e439bed6fd6a0b159412741cc96
Size

118KB
MD5

aa6b6e439bed6fd6a0b159412741cc96
SHA1

3222e7ac223b37ee4eb45f981af81e20a86df292
SHA256

6880c6133f6d8387bd6c08f32913af5fbc8fdf8ac5a3c3f38e523c743e836dbf
SHA512

a020202e908b5a8e81c2c1081f0d33c23a128c3da7823ce9d1bc7a5865d9cc7b4ecec4deded7e506a0efcab72a5d9bbf3b01848f6eb51821b537622f33d618d5
SSDEEP

1536:91P/M9UKVfxeUwxi5s/SxN/AbdonWR5FX9BbikbPExSu/MNQfSr71xLpsxBg:LHM9UKTe9asaxN2LXjbikbwf2nbwBg

Score

1^/10

Malware Config

Signatures

Files

aa6b6e439bed6fd6a0b159412741cc96
.exe windows:5 windows x86 arch:x86

99c41407424390e152ec9c7cd0696c1d

Code Sign

0b:98:7f:be:4f:8c:1c:ac:4f:91:e6:16:6b:30:f0:df
Certificate

Issuer

CN=we4ty6w46324

Not Before

27/01/2012, 14:14

Not After

31/12/2039, 23:59

Subject

CN=we4ty6w46324

Extended Key Usages

ExtKeyUsageCodeSigning

f5:50:6a:c7:69:13:cb:9d:c0:dd:af:a9:3a:49:aa:7d:4d:28:29:ad
Signer

Actual PE Digest

f5:50:6a:c7:69:13:cb:9d:c0:dd:af:a9:3a:49:aa:7d:4d:28:29:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasA
GetConsoleAliasesLengthA
GetConsoleFontSize
GetCurrentProcess
GetDateFormatA
GetDateFormatW
GetDefaultCommConfigW
GetExitCodeProcess
GetFileTime
GetLargestConsoleWindowSize
GetLastError
GetLongPathNameW
GetPrivateProfileIntA
GetPrivateProfileSectionA
GetPrivateProfileStructA
GetProcessHeap
GetProcessHeaps
GetProfileIntW
GetQueuedCompletionStatus
GetShortPathNameW
GetStartupInfoA
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetTimeFormatA
GetVersion
GlobalAlloc
GlobalFindAtomW
HeapCreate
IsBadHugeWritePtr
LoadLibraryExW
LockFile
MapUserPhysicalPages
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileWithProgressW
OpenMutexA
GetCalendarInfoA
FreeEnvironmentStringsA
OutputDebugStringA
PeekConsoleInputA
Process32First
Process32FirstW
QueryPerformanceFrequency
QueueUserWorkItem
ReadConsoleInputA
ReadConsoleOutputA
ReadConsoleOutputCharacterW
RtlUnwind
ScrollConsoleScreenBufferA
SetCommTimeouts
SetComputerNameW
SetConsoleMode
SetEnvironmentVariableW
SetFileApisToANSI
SetFileApisToOEM
SetFilePointerEx
SetLocaleInfoA
SetWaitableTimer
SystemTimeToTzSpecificLocalTime
TerminateJobObject
TryEnterCriticalSection
UpdateResourceW
VerLanguageNameA
VirtualAllocEx
VirtualLock
VirtualQueryEx
WaitForDebugEvent
WideCharToMultiByte
WriteConsoleA
WriteFileGather
_lopen
lstrcat
lstrcmp
lstrcmpiA
OpenProcess
GetACP
FormatMessageA
VirtualAlloc
FillConsoleOutputCharacterW
FileTimeToSystemTime
ExitThread
EscapeCommFunction
DosDateTimeToFileTime
DeviceIoControl
DeleteFileW
DebugActiveProcess
CreateTimerQueueTimer
CreateThread
CreateProcessW
CreatePipe
CreateMutexA
CreateEventA
CallNamedPipeW
BackupRead
AddAtomA
LoadLibraryW
GetProcAddress
LoadLibraryA
ExitProcess
OpenSemaphoreW

gdi32

GetStockObject

comdlg32

ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
PageSetupDlgA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorA
ChooseColorW

advapi32

RegOpenKeyExW

shlwapi

AssocQueryKeyW
AssocQueryStringA
ChrCmpIA
PathAddExtensionW
PathAppendA
PathBuildRootW
PathCommonPrefixA
PathCommonPrefixW
PathCompactPathExA
PathFindFileNameW
PathGetCharTypeW
PathGetDriveNumberW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsRootW
PathIsSameRootA
PathIsSystemFolderW
PathIsUNCServerW
PathMakePrettyA
PathMatchSpecA
PathParseIconLocationA
PathQuoteSpacesA
PathRelativePathToA
PathRemoveArgsW
PathRemoveExtensionW
PathRenameExtensionA
PathSearchAndQualifyA
PathSetDlgItemPathW
PathSkipRootA
PathStripToRootA
PathStripToRootW
PathUnExpandEnvStringsW
PathUndecorateA
PathUnmakeSystemFolderA
PathUnmakeSystemFolderW
SHCopyKeyA
ord16
SHDeleteEmptyKeyA
SHDeleteKeyW
SHDeleteValueA
SHEnumKeyExA
SHGetInverseCMAP
SHGetValueA
SHOpenRegStream2A
SHQueryInfoKeyW
SHRegCloseUSKey
SHRegDuplicateHKey
SHRegEnumUSKeyW
SHRegEnumUSValueW
SHRegGetBoolUSValueW
SHRegGetUSValueA
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegSetPathA
SHRegSetPathW
SHStrDupW
StrCSpnIW
StrChrIW
StrCmpIW
StrCmpNIA
StrCpyNW
StrCpyW
StrFormatKBSizeA
StrNCatW
StrPBrkW
StrRChrW
StrSpnA
StrSpnW
StrStrIW
StrToIntA
StrTrimW
UrlCanonicalizeW
UrlCompareA
UrlCreateFromPathA
UrlGetPartA
UrlHashW
UrlIsNoHistoryW
UrlIsOpaqueW
wnsprintfW
wvnsprintfA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ttt
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99c41407424390e152ec9c7cd0696c1d

Code Sign

0b:98:7f:be:4f:8c:1c:ac:4f:91:e6:16:6b:30:f0:dfCertificate

Extended Key Usages

f5:50:6a:c7:69:13:cb:9d:c0:dd:af:a9:3a:49:aa:7d:4d:28:29:adSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

shlwapi

Sections

.text Size: 7KB - Virtual size: 7KB

.ttt Size: 104KB - Virtual size: 104KB

.data Size: 512B - Virtual size: 152B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 261KB

0b:98:7f:be:4f:8c:1c:ac:4f:91:e6:16:6b:30:f0:df
Certificate

f5:50:6a:c7:69:13:cb:9d:c0:dd:af:a9:3a:49:aa:7d:4d:28:29:ad
Signer

.text
Size: 7KB - Virtual size: 7KB

.ttt
Size: 104KB - Virtual size: 104KB

.data
Size: 512B - Virtual size: 152B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 261KB