ac25e3c3a256ee2cc42ee5ad9796cea8

Sharing

Copy URL Twitter E-mail

General

Target

ac25e3c3a256ee2cc42ee5ad9796cea8
Size

92KB
MD5

ac25e3c3a256ee2cc42ee5ad9796cea8
SHA1

78b365b2dee59145dae59a5703914f5ff22dd3cc
SHA256

e1943ec2a7c52b78a5dae172c3c84c8af7ee4ef9b19eb7f3b5d3a4e26ae9640a
SHA512

4652057d4fe30feb2721e6544bcbe225f29cd7d4f8aae681bb472208d2b33fecc4da5134a3ac8d950e9891711ae72f1727e4d051701c79d524f10e9d2bc4362f
SSDEEP

1536:XXSAXSZoiLPjAgic7uCtFEo8fK2TvaHA8Cu/GmQtsswGwFWUbpzIanGJ1CDU98+E:yHHLPjAgic7uCjEo8zTaXCshs0JFzIaP

Score

1^/10

Malware Config

Signatures

Files

ac25e3c3a256ee2cc42ee5ad9796cea8
.exe windows:5 windows x86 arch:x86

e846e46fb75d8f8f824bd60d87469be7

Code Sign

b4:41:1e:48:ad:03:71:16
Certificate

Issuer

CN=An age of poverty from which lingering penance

Not Before

21/12/2010, 10:31

Not After

16/09/2013, 10:31

Subject

CN=An age of poverty from which lingering penance

f4:53:e1:81:7e:2b:9c:97:15:9c:01:00:71:93:7e:74:1f:e2:bd:77
Signer

Actual PE Digest

f4:53:e1:81:7e:2b:9c:97:15:9c:01:00:71:93:7e:74:1f:e2:bd:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRChrW
PathIsRelativeW
PathStripToRootW
PathIsUNCW
PathIsRootW
PathStripPathW
StrChrW

kernel32

CreateMutexA
GetFileSize
LoadLibraryA
GetCurrentThreadId
SetEvent
GetWindowsDirectoryW
ResetEvent
GetExitCodeThread
GetModuleHandleA
SwitchToThread
CloseHandle
GetCurrentThread
CreateEventA
GlobalDeleteAtom
GetCommandLineW
VirtualAlloc
WaitForSingleObject
GetProcAddress
IsBadReadPtr
VirtualProtect
VirtualProtectEx
VirtualFree
SleepEx
SystemTimeToFileTime
WaitForMultipleObjects
GetProfileIntW
GlobalLock
GetProfileStringW
LocalAlloc
LocalFree
LocalReAlloc
lstrlenW
lstrcatW
lstrcpynW
CreateThread
GlobalUnlock
GlobalSize
WriteProfileStringW
Sleep
lstrcmpW
GlobalReAlloc
GlobalFree
GlobalAlloc
GlobalCompact
GetThreadTimes
GetCurrentProcess
GetConsoleCP
GetSystemTime
GetCurrentProcessId
lstrcpyA
CreateEventW
GetStartupInfoA
lstrcpyW

user32

IsChild
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
MessageBoxA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetProcessDefaultLayout
LoadStringW
MessageBoxW
CreateWindowExW
LoadAcceleratorsW
GetMessageW
IsDialogMessageW
TranslateAcceleratorW
DispatchMessageW
SystemParametersInfoW
GetWindowRect
SetMenu
DestroyMenu
GetDlgItem
CreateDialogParamW
GetWindowLongW
SetWindowLongW
LoadMenuW
EnableWindow
GetClientRect
MapWindowPoints
OffsetRect
SetWindowPos
CheckMenuRadioItem
CheckMenuItem
SetDlgItemTextW
SendMessageW
InvalidateRect
LoadIconW
LoadCursorW
GetSysColorBrush
RegisterClassExW
CharNextW
SetCursor
SetFocus
SetWindowTextW
CheckRadioButton
GetSubMenu
MessageBeep
EndDialog
DialogBoxParamW
GetSysColor
CharNextA
GetClipboardData
OpenClipboard
TrackPopupMenuEx
EnableMenuItem
IsClipboardFormatAvailable
DefWindowProcW
ChildWindowFromPoint
ScreenToClient
PostQuitMessage
WinHelpW
DrawTextW
CallWindowProcW
CheckDlgButton
GetWindowTextW
SetDlgItemInt
InSendMessage
ShowCaret
GetMessageExtraInfo
GetProcessDefaultLayout
GetMenu
GetDlgCtrlID
GetWindowTextA
CloseClipboard
HideCaret
GetActiveWindow
GetKeyboardLayout
DestroyWindow
GetDesktopWindow

gdi32

SetTextColor
SetBkColor
SetBkMode

advapi32

RegDeleteValueW
RegCloseKey
RegEnumKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
DuplicateTokenEx
AllocateAndInitializeSid
ImpersonateSelf
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigW
StartServiceW
ChangeServiceConfig2W
QueryServiceConfig2W
ChangeServiceConfigW
RegQueryValueExW
LookupPrivilegeValueW
RegDeleteKeyW
InitiateSystemShutdownExW
RevertToSelf
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetUserNameW
CheckTokenMembership
IsValidSid
GetLengthSid
CopySid
RegOpenCurrentUser
OpenThreadToken
OpenProcessToken
GetTokenInformation
FreeSid
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
AdjustTokenPrivileges

ole32

CoCreateGuid
CoWaitForMultipleHandles
CoUninitialize
CoDisconnectObject
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetObject

Sections

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e846e46fb75d8f8f824bd60d87469be7

Code Sign

b4:41:1e:48:ad:03:71:16Certificate

f4:53:e1:81:7e:2b:9c:97:15:9c:01:00:71:93:7e:74:1f:e2:bd:77Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

ole32

Sections

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1.0MB

.text Size: 81KB - Virtual size: 80KB

.rsrc Size: 3KB - Virtual size: 3KB

b4:41:1e:48:ad:03:71:16
Certificate

f4:53:e1:81:7e:2b:9c:97:15:9c:01:00:71:93:7e:74:1f:e2:bd:77
Signer

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1.0MB

.text
Size: 81KB - Virtual size: 80KB

.rsrc
Size: 3KB - Virtual size: 3KB