99a6de420fa86f0e0a84e67cf970dfd7bc5289cf9ede1e93b56dd548ed1c59d1

Sharing

Copy URL

Twitter E-mail

General

Target

99a6de420fa86f0e0a84e67cf970dfd7bc5289cf9ede1e93b56dd548ed1c59d1
Size

869KB
MD5

a1e7945e74bf923ae4f1026788efea0a
SHA1

3163f414709ba341f28eeefe1f7dd5e0bb610c8a
SHA256

99a6de420fa86f0e0a84e67cf970dfd7bc5289cf9ede1e93b56dd548ed1c59d1
SHA512

683b3fd54564253b534be552cf8e03b1779aae084c7af992f601e20c3a252b7356e9fa7af74852b9063178fca6c82257b503166361b84610a0cb000a04d8d201
SSDEEP

12288:ExK4t1ZCpDXFBRE7loUE8ie4nleGW7OKywcuto0IjxkJy09MvTno1p93VCIsfGKi:Ert1YpDDa7GtreqfiTZIyR6no1P3V6m5

Score

1^/10

Malware Config

Signatures

Files

99a6de420fa86f0e0a84e67cf970dfd7bc5289cf9ede1e93b56dd548ed1c59d1
.exe windows:5 windows x86 arch:x86

408e6cee44c7a044cb2484a4e5d22d7a

Code Sign

02:8e:c2:2a:ba:d3:14:a6
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

20-11-2015 22:46

Not After

13-10-2016 23:17

Subject

CN=Spiral Media,O=Spiral Media,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01-01-2014 07:00

Not After

30-05-2031 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1d:e8:c8:2d:2c:aa:c6:0d:1e:9f:f7:22:2b:ee:fe:ed:50:87:d2
Signer

Actual PE Digest

19:1d:e8:c8:2d:2c:aa:c6:0d:1e:9f:f7:22:2b:ee:fe:ed:50:87:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

debug.pdb

Imports

kernel32

GetCurrentProcessId
CreateFileMappingA
GetEnvironmentVariableA
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
ResumeThread
CreateProcessA
GetCommandLineA
LoadLibraryA
lstrcmpiA
CreateFileA
FlushFileBuffers
WriteFile
SetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetModuleHandleA
ReadConsoleA
WriteConsoleA
GetStdHandle
GetFullPathNameA
SetErrorMode
GetCurrentThreadId
GetCurrentProcess
DeleteCriticalSection
GetProcessVersion
OpenThread
SetCriticalSectionSpinCount
ExitThread
DeleteFiber
CreateFiber
GetProcessIoCounters
ReleaseMutex
GetFileSize
CreateMutexA
MultiByteToWideChar
GetVersionExA
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
FormatMessageA
LocalFree
GetSystemTimeAsFileTime
DuplicateHandle
SetEnvironmentVariableA
CloseHandle
MapViewOfFile
DeleteFileA
FreeLibrary
GetModuleFileNameA
ExitProcess
lstrcpynA
OutputDebugStringA
GetVersion
GetProcAddress
HeapFree
GetLastError

user32

DrawTextW
PostMessageA
SendMessageA
GetMessageA
CreateWindowExA
DispatchMessageA
TranslateMessage
GetWindowLongA
BeginPaint
EndPaint
ShowWindow
SendMessageW
DrawTextA
GetDC
RegisterClassA

gdi32

SelectClipRgn
GetArcDirection
Arc
CreateFontA
CreateFontIndirectA
CreateBitmap
SelectObject
EnumObjects
DeleteObject
PolyBezier
LineDDA
SetMiterLimit
PolylineTo

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

msvcrt

memmove
_ismbblead
__getmainargs
_cexit
_exit
__argc
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_pgmptr
srand
??2@YAPAXI@Z
rand
realloc
atoi
_snprintf
??3@YAXPAX@Z
memcpy
free
malloc
_time64
__CxxFrameHandler
__argv
_XcptFilter
memset

ole32

CoTaskMemFree
CoGetObject
CoInitializeEx
OleInitialize
CoCreateInstance

shell32

SHFileOperationA
SHGetDiskFreeSpaceExA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteExA

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

408e6cee44c7a044cb2484a4e5d22d7a

Code Sign

02:8e:c2:2a:ba:d3:14:a6Certificate

Extended Key Usages

Key Usages

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

19:1d:e8:c8:2d:2c:aa:c6:0d:1e:9f:f7:22:2b:ee:fe:ed:50:87:d2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

msvcrt

ole32

shell32

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 7KB - Virtual size: 6KB

02:8e:c2:2a:ba:d3:14:a6
Certificate

1b:e7:15
Certificate

07
Certificate

19:1d:e8:c8:2d:2c:aa:c6:0d:1e:9f:f7:22:2b:ee:fe:ed:50:87:d2
Signer

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 7KB - Virtual size: 6KB