1a02d9699f38b7fd970d7ae7013a2d504dd15cf7eba12018f13a91002cafb3c3[.]exe[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

1a02d9699f38b7fd970d7ae7013a2d504dd15cf7eba12018f13a91002cafb3c3.exe.bin
Size

883KB
MD5

2709f0e59f44dd28a343e86e5ce916a6
SHA1

7b51d86a42c6cb72bd75724c9c02a67ffb1bf726
SHA256

1a02d9699f38b7fd970d7ae7013a2d504dd15cf7eba12018f13a91002cafb3c3
SHA512

caa46e43acb07e696196dcf486a82db5ce23bc1ab41d0cdcce7702adda49ef5bc35269e96011bd408b51d4cfc52983937177044cbbba9aedf403d88063eb2d31
SSDEEP

24576:0NouStsPOf+2nVW4qnm5dVjPiV95ZyTup:qxGbVW4PMyTup

Score

1^/10

Malware Config

Signatures

Files

1a02d9699f38b7fd970d7ae7013a2d504dd15cf7eba12018f13a91002cafb3c3.exe.bin
.dll windows:4 windows x86 arch:x86

e741cd0919fe3a9d075f43a89ce7cb10

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/05/2007, 00:00

Not After

08/06/2010, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:d7:7b:79:97:d9:5c:65:22:6e:87:15:86:8b:53:de:e2:a2:93:e9
Signer

Actual PE Digest

74:d7:7b:79:97:d9:5c:65:22:6e:87:15:86:8b:53:de:e2:a2:93:e9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\installbuild\kalab\ess_4_0_400\build\apps\work\release\epfw\winnt32\eguiEpfw.pdb

Imports

mpr

WNetGetUserW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFindCertificateInStore
CertGetNameStringW

mfc80u

ord3221
ord2077
ord656
ord1536
ord4226
ord2651
ord3158
ord2155
ord6161
ord3756
ord591
ord1922
ord1474
ord4092
ord2080
ord1538
ord4228
ord3165
ord977
ord1555
ord3946
ord6751
ord283
ord6749
ord2161
ord2421
ord1921
ord4266
ord2366
ord1512
ord4274
ord4112
ord1573
ord4119
ord1545
ord3547
ord4313
ord6744
ord2310
ord3546
ord516
ord718
ord1388
ord6262
ord1924
ord1475
ord4093
ord2082
ord1561
ord4231
ord3223
ord5207
ord657
ord4714
ord2011
ord4730
ord4207
ord4184
ord4838
ord4861
ord4611
ord4791
ord5064
ord5066
ord5065
ord2012
ord1883
ord3082
ord6232
ord2461
ord385
ord630
ord563
ord753
ord359
ord607
ord3998
ord2648
ord1005
ord2942
ord356
ord354
ord5832
ord3828
ord721
ord524
ord526
ord3064
ord3126
ord2027
ord1318
ord3288
ord1958
ord4577
ord1006
ord5208
ord2422
ord3399
ord4948
ord3662
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord6272
ord4008
ord4032
ord566
ord757
ord3824
ord3677
ord314
ord6061
ord4109
ord2521
ord2426
ord5884
ord5723
ord6058
ord2468
ord5398
ord280
ord4755
ord330
ord589
ord6140
ord5829
ord4094
ord2085
ord3238
ord1946
ord1274
ord1053
ord3869
ord3395
ord1058
ord2365
ord4882
ord1220
ord3990
ord4100
ord6160
ord3983
ord5524
ord2261
ord2340
ord5484
ord1571
ord1416
ord2151
ord5711
ord6033
ord2260
ord3396
ord2121
ord2579
ord3674
ord261
ord3322
ord2981
ord3793
ord2870
ord754
ord1578
ord3301
ord1589
ord6115
ord6053
ord731
ord3342
ord2878
ord2861
ord5864
ord5981
ord4558
ord3985
ord2872
ord2490
ord5747
ord3877
ord1021
ord1784
ord6700
ord282
ord1479
ord2460
ord1906
ord5558
ord384
ord629
ord2740
ord1236
ord2713
ord4101
ord2282
ord3400
ord5414
ord860
ord1781
ord2860
ord5742
ord2489
ord5862
ord1864
ord1866
ord1637
ord1579
ord3306
ord736
ord5803
ord5965
ord5982
ord5851
ord530
ord4098
ord6001
ord5710
ord3435
ord3287
ord3661
ord4074
ord5983
ord1368
ord6251
ord5699
ord3752
ord5698
ord4743
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord1559
ord1630
ord741
ord3311
ord4234
ord1582
ord2086
ord587
ord2255
ord5633
ord3155
ord709
ord501
ord416
ord2297
ord642
ord1957
ord5519
ord3995
ord4117
ord5637
ord2081
ord3873
ord774
ord3281
ord502
ord6116
ord326
ord5635
ord1628
ord1549
ord2876
ord4230
ord3208
ord5584
ord1270
ord3483
ord602
ord347
ord2364
ord1556
ord2250
ord1476
ord651
ord3296
ord5727
ord3331
ord3157
ord3678
ord745
ord557
ord5867
ord2361
ord2083
ord4232
ord3224
ord3645
ord658
ord2952
ord1472
ord5178
ord5171
ord4206
ord1647
ord1894
ord4026
ord4729
ord1646
ord4884
ord1590
ord4255
ord5196
ord1079
ord2985
ord1662
ord2531
ord4347
ord5210
ord1661
ord2725
ord1925
ord1393
ord1542
ord2829
ord5911
ord4301
ord6721
ord2708
ord1271
ord6720
ord2856
ord5908
ord2534
ord1611
ord2640
ord1608
ord2527
ord3940
ord3712
ord1392
ord3713
ord6063
ord4238
ord3703
ord5148
ord2638
ord1899
ord3943
ord5067
ord4480
ord2788
ord6271
ord4256
ord2362
ord4179
ord5199
ord3176
ord1562
ord5609
ord3397
ord4716
ord4276
ord2311
ord3198
ord1591
ord777
ord5956
ord6086
ord5231
ord4574
ord5229
ord920
ord925
ord929
ord5869
ord927
ord3635
ord931
ord776
ord1785
ord2384
ord3204
ord2404
ord2388
ord605
ord2394
ord577
ord2392
ord896
ord2390
ord620
ord2407
ord293
ord2402
ord899
ord2386
ord572
ord2409
ord760
ord2397
ord900
ord2379
ord2381
ord2399
ord2169
ord1118
ord2163
ord1513
ord6273
ord4314
ord3796
ord1955
ord6275
ord3339
ord4961
ord1353
ord3189
ord3249
ord5327
ord6293
ord1178
ord265
ord266
ord5316
ord1172
ord6282
ord1176
ord762
ord764
ord5638
ord722

msvcr80

memset
memcpy
wcschr
free
malloc
_wcsicmp
realloc
_stricmp
_wcsnicmp
towupper
memmove
_snwprintf_s
swscanf_s
wcscpy_s
wcsncpy_s
strcat_s
wcscspn
wcscat_s
_vsnprintf_s
strchr
memmove_s
memcpy_s
strncmp
wcsstr
wcsncmp
strcpy_s
strncpy_s
_wtol
wcstoul
calloc
strtoul
wcsrchr
sprintf_s
_purecall
wcspbrk
qsort
bsearch
vswprintf_s
swprintf_s
_wcsupr_s
_wcsdup
_wtoi
_wcslwr_s
_time32
_itow_s
__CxxFrameHandler3
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

Sleep
LockResource
LoadResource
SizeofResource
FindResourceW
GetDateFormatW
GlobalHandle
SetEvent
ResetEvent
CreateEventW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
WriteFile
CreateFileW
GetCurrentProcessId
CloseHandle
GetCurrentProcess
GetCurrentThread
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
LoadLibraryW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
FileTimeToSystemTime
ReadFile
SetEndOfFile
SetFilePointer
GetFileSize
GetShortPathNameW
GetFileInformationByHandle
GetSystemTimeAsFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
GetDriveTypeW
QueryDosDeviceW
LocalFree
LocalAlloc
OpenProcess
LoadLibraryExW
GetEnvironmentVariableW
GetSystemDirectoryA
LoadLibraryA
GlobalAlloc
GlobalFree
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter

user32

LoadAcceleratorsW
LoadIconW
CheckMenuItem
DeleteMenu
MessageBoxW
MsgWaitForMultipleObjects
LoadImageW
PeekMessageW
GetScrollPos
ClientToScreen
GetKeyState
DrawFrameControl
DispatchMessageW
TranslateMessage
SetCursor
GetCursorPos
GetFocus
DestroyAcceleratorTable
RemoveMenu
IsWindowVisible
ReleaseCapture
DestroyCursor
SetCapture
SetRectEmpty
LoadCursorW
GetWindowLongW
DrawFocusRect
SetMenuDefaultItem
GetSubMenu
LoadMenuW
GetSystemMetrics
AppendMenuW
CreatePopupMenu
EnableMenuItem
PtInRect
InflateRect
SetRect
PostMessageW
IsWindow
TranslateAcceleratorW
BeginDeferWindowPos
DeferWindowPos
GetAsyncKeyState
EndDeferWindowPos
GetSysColorBrush
GetWindowRect
EnableWindow
SystemParametersInfoW
AdjustWindowRect
LockWindowUpdate
ScreenToClient
wsprintfW
SendMessageW
UpdateWindow
GetDC
FillRect
ReleaseDC
InvalidateRect
CopyRect
DrawTextW
GetClientRect
GetParent
DestroyIcon
GetNextDlgTabItem
SetForegroundWindow
GetSysColor

gdi32

DeleteDC
CreateDIBitmap
GetTextColor
GetTextExtentPoint32W
SelectObject
SetTextColor
DeleteObject
SetPixel
DPtoLP
GetBkColor
GetMapMode
LPtoDP
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsW
CreateSolidBrush
CreateRectRgnIndirect
GetCurrentObject
CreateFontIndirectW
GetObjectW

advapi32

RegDeleteKeyW
OpenThreadToken
OpenProcessToken
LookupAccountSidW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegDeleteKeyA

shell32

ExtractIconW
SHGetMalloc
SHGetDesktopFolder
ExtractIconExW

oleaut32

SysAllocString
VariantCopy
VariantChangeType
VariantInit

ws2_32

WSACleanup
gethostbyaddr
getservbyport
ntohs
inet_ntoa
WSAStartup
getservbyname
htons
WSAGetLastError
gethostbyname
inet_addr
WSASetLastError
socket
closesocket
htonl

Exports

Exports

RAEditExtProc
SetIOCtlExtProc

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e741cd0919fe3a9d075f43a89ce7cb10

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:eaCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

74:d7:7b:79:97:d9:5c:65:22:6e:87:15:86:8b:53:de:e2:a2:93:e9Signer

Headers

File Characteristics

PDB Paths

Imports

mpr

version

crypt32

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 144KB - Virtual size: 143KB

.reloc Size: 64KB - Virtual size: 60KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:ea
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

74:d7:7b:79:97:d9:5c:65:22:6e:87:15:86:8b:53:de:e2:a2:93:e9
Signer

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 144KB - Virtual size: 143KB

.reloc
Size: 64KB - Virtual size: 60KB