b8ab6b0ada1c4c95e045b287abafa1b8

Sharing

Copy URL Twitter E-mail

General

Target

b8ab6b0ada1c4c95e045b287abafa1b8
Size

379KB
MD5

b8ab6b0ada1c4c95e045b287abafa1b8
SHA1

ef8a9bb49f8ec09c16fff05aaf3a6978bbe93257
SHA256

165b6c459b21d572ccaa457b873d2b5a73044d6111bfd807fb934f3634d08d51
SHA512

c3afd6417fa12fff7869af2d1397e0676a4b9bad3546329976776544c4cd7939530de14d78a9517c399eb49e72f476fc56c4d59bae8308dbead92000ab63df87
SSDEEP

6144:gqIPvOSzmzpIKXKxPzwlcVtlKhte47r6u2hsBuXwVLdKPKIFf+ml4V9:oPvbmzpIKcPsUurHKjcuXw5dZe2V9

Score

1^/10

Malware Config

Signatures

Files

b8ab6b0ada1c4c95e045b287abafa1b8
.exe windows:5 windows x86 arch:x86

0542be18a96b02f713789b2abc3429b8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:a0:f0:15:08:a5:d7:56:2f:13:3d:be:a3:af:e3:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/12/2014, 00:00

Not After

22/12/2015, 23:59

Subject

CN=Tile Count,O=Tile Count,L=Los Angeles,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:f3:f5:5b:b4:0f:33:12:78:e5:6d:82:3c:13:79:9f:dc:1f:1d:9c
Signer

Actual PE Digest

6d:f3:f5:5b:b4:0f:33:12:78:e5:6d:82:3c:13:79:9f:dc:1f:1d:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
GetComputerNameW
ReleaseMutex
CreateMutexW
Sleep
CopyFileW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
CreateWaitableTimerW
SetWaitableTimer
SetErrorMode
GetCommandLineW
InterlockedCompareExchange
GetCurrentThreadId
InterlockedExchange
lstrlenA
SetEndOfFile
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEvent
WaitForMultipleObjects
GetExitCodeProcess
OpenProcess
CreateEventW
MoveFileExW
DeleteFileW
GetModuleFileNameW
WaitForSingleObject
CreateProcessW
GetModuleHandleW
GetProcAddress
GetVersionExW
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
SetFileTime
WideCharToMultiByte
LocalFileTimeToFileTime
MultiByteToWideChar
GetCurrentDirectoryW
ReadFile
SystemTimeToFileTime
SetFilePointer
HeapDestroy
LocalAlloc
GetFileAttributesW
WriteFile
CreateFileW
CloseHandle
FindResourceExW
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
WriteConsoleW
ReadConsoleW
SetStdHandle
GetStartupInfoW
InitializeSListHead
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedDecrement
LocalFree
GetCurrentProcess
GetCurrentProcessId
QueryPerformanceCounter
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
GetFileType
GetStdHandle
GetCurrentThread
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
FreeLibrary
CreateDirectoryW
LoadLibraryW
IsValidLocale
GetLocaleInfoW
IsDebuggerPresent
OutputDebugStringW
GetSystemTimeAsFileTime
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
CreateThread
ExitThread
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW

user32

PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
MessageBoxW
LoadStringW
CharNextW

advapi32

QueryServiceConfigW
RegisterServiceCtrlHandlerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
SetServiceStatus
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegQueryInfoKeyW
StartServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
IsValidSid
LookupAccountNameW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountSidW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptExportKey
CryptDuplicateKey
CryptGenKey
CryptImportKey
CryptAcquireContextW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemAlloc
CoReleaseServerProcess
CoAddRefServerProcess

oleaut32

SysAllocStringLen
VarUI4FromStr
VariantClear
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathAppendW
PathRemoveArgsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRenameExtensionW
PathStripPathW
PathUnquoteSpacesW
PathCombineW

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

winhttp

WinHttpCrackUrl
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW

iphlpapi

GetUdpTable
GetTcpTable

wsock32

ntohs

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0542be18a96b02f713789b2abc3429b8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

48:a0:f0:15:08:a5:d7:56:2f:13:3d:be:a3:af:e3:d1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6d:f3:f5:5b:b4:0f:33:12:78:e5:6d:82:3c:13:79:9f:dc:1f:1d:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

winhttp

version

psapi

iphlpapi

wsock32

Sections

.text Size: 278KB - Virtual size: 277KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 13KB - Virtual size: 13KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

48:a0:f0:15:08:a5:d7:56:2f:13:3d:be:a3:af:e3:d1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6d:f3:f5:5b:b4:0f:33:12:78:e5:6d:82:3c:13:79:9f:dc:1f:1d:9c
Signer

.text
Size: 278KB - Virtual size: 277KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 13KB - Virtual size: 13KB