aa8c6679f90a95b711c3bcfeb235a09e

Sharing

Copy URL Twitter E-mail

General

Target

aa8c6679f90a95b711c3bcfeb235a09e
Size

870KB
MD5

aa8c6679f90a95b711c3bcfeb235a09e
SHA1

ef75f0bbf48c0714ac5d77d8f6e2a5f400fd5de7
SHA256

0fe930b0919345d6f503d59462322d6d311435d320e6bced3b2f410bda89b543
SHA512

d895dc1a14fa5f99a9619e77efa7fb0bf48e5893e40c0ea6e685ab221037775e17f04da183d42f6b9d151e4fe43e37f8ef2e74ff95bf35a7e5b6a3004247d906
SSDEEP

12288:1aHrh6HC/wJkmGdRnSCcsJW+VGmLXbMpa6q9H5L3wcjRm/WDCc1buLbemN:1E6HCHjZcsorALZ1lAcF1Cc1buLbN

Score

1^/10

Malware Config

Signatures

Files

aa8c6679f90a95b711c3bcfeb235a09e
.exe windows:5 windows x86 arch:x86

b06841a84b5387f1feb70432f9668cfd

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:a6:9e:72:e3:8a:fe:48
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

08/12/2015, 18:56

Not After

08/12/2016, 18:56

Subject

CN=Super Click Interactive,O=Super Click Interactive,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:70:50:6e:a3:53:6c:56:8f:b5:01:5a:92:3c:85:eb:75:1e:6c:e9
Signer

Actual PE Digest

fa:70:50:6e:a3:53:6c:56:8f:b5:01:5a:92:3c:85:eb:75:1e:6c:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

debug.pdb

Imports

gdi32

DeleteObject
EnumObjects
SelectObject
CreateBitmap
CreateFontIndirectA
CreateFontA
CloseFigure
Chord
StrokePath
Polygon

kernel32

GetVersion
OutputDebugStringA
lstrcpynA
ExitProcess
GetModuleFileNameA
FreeLibrary
DeleteFileA
MapViewOfFile
CloseHandle
SetEnvironmentVariableA
DuplicateHandle
GetCurrentProcess
GetCurrentProcessId
CreateFileMappingA
GetEnvironmentVariableA
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
ResumeThread
CreateProcessA
GetCommandLineA
GetLastError
LoadLibraryA
lstrcmpiA
CreateFileA
FlushFileBuffers
WriteFile
SetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetModuleHandleA
ReadConsoleA
WriteConsoleA
GetStdHandle
GetFullPathNameA
SetErrorMode
CreateTimerQueue
BindIoCompletionCallback
Sleep
HeapSize
FreeEnvironmentStringsA
TlsFree
GetProcessId
TryEnterCriticalSection
SuspendThread
SetPriorityClass
GetProcessHandleCount
GetProcAddress
MultiByteToWideChar
GetVersionExA
ReleaseMutex
GetFileSize
CreateMutexA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
FormatMessageA
LocalFree
GetSystemTimeAsFileTime

user32

ShowWindow
EndPaint
BeginPaint
DrawTextA
RegisterClassA
PostMessageA
TranslateMessage
GetDC
AttachThreadInput
CreateWindowExA
SendMessageW
GetMessageA
GetWindowLongA
DispatchMessageA
DrawTextW
SendMessageA

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
OleInitialize

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDiskFreeSpaceExA
ord174
ShellExecuteExA
SHFileOperationA

msvcrt

rand
memset
srand
_pgmptr
__argc
__argv
__CxxFrameHandler
free
memmove
_ismbblead
__getmainargs
_cexit
_exit
realloc
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
malloc
_time64
atoi
_snprintf
_XcptFilter
memcpy

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b06841a84b5387f1feb70432f9668cfd

Code Sign

1b:e7:15Certificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

62:a6:9e:72:e3:8a:fe:48Certificate

Extended Key Usages

Key Usages

fa:70:50:6e:a3:53:6c:56:8f:b5:01:5a:92:3c:85:eb:75:1e:6c:e9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

comdlg32

ole32

shell32

msvcrt

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 7KB - Virtual size: 6KB

1b:e7:15
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

07
Certificate

62:a6:9e:72:e3:8a:fe:48
Certificate

fa:70:50:6e:a3:53:6c:56:8f:b5:01:5a:92:3c:85:eb:75:1e:6c:e9
Signer

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 7KB - Virtual size: 6KB