bf88b75e73d51b0bbad6ebd27b5b35f1

Sharing

Copy URL Twitter E-mail

General

Target

bf88b75e73d51b0bbad6ebd27b5b35f1
Size

273KB
MD5

bf88b75e73d51b0bbad6ebd27b5b35f1
SHA1

504b0e5036f958ed4e3b559ef7f41a41f572d653
SHA256

c0c5d039748e8802e2514e0f27882ec795952acbb8247cf1d0651aa59b5030f4
SHA512

fd73c31adf33f4dddb11ea51eb6ad65420036422073a2a1aac328f2055ec918d8527db13b9a2b87910a3d6722f6780a7eaada95e435cc6a1bbce7b84bf25ef8f
SSDEEP

6144:NubbaPjNn340lxz3gDNH3/UD8VIRmVLbe1:N0baPpI0/zwF3c8te

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ev0ga.exe

Files

bf88b75e73d51b0bbad6ebd27b5b35f1
.zip
ev0ga.exe
.exe windows:4 windows x86 arch:x86

ea7a05a4ca04d69b2e04af9285219afa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetModuleHandleA
LoadLibraryA

user32

ShowWindow
GetWindowRect
SetWindowPos
BeginPaint
DefWindowProcW
DeleteMenu

gdi32

CreateRectRgn
CreateFontIndirectA

oleaut32

SafeArrayCreate
SysAllocString

msvcrt

__getmainargs
_controlfp
_except_handler3
__set_app_type
__p__fmode
strcmp
_exit
__p__commode
exit
_acmdln
_XcptFilter
_initterm
__setusermatherr
_adjust_fdiv

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 830B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
heh.cmd
hsbca.exe
.exe windows:5 windows x86 arch:x86

825ffa1681774bafd98831d67eea6775

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

89:2d:47:1e:30:7b:e6:39:c0:89:15:10:ea:c9:15:70
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

13/03/2009, 00:00

Not After

12/03/2012, 23:59

Subject

CN=Alexander Avdonin,O=Alexander Avdonin,POSTALCODE=195067,STREET=Menshikovsky pr. 3-25,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:cf:1b:88:6b:42:b0:2e:b4:8a:c2:de:76:ed:1b:68:da:07:58:91
Signer

Actual PE Digest

f8:cf:1b:88:6b:42:b0:2e:b4:8a:c2:de:76:ed:1b:68:da:07:58:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
SetPriorityClass
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetPriorityClass
Sleep
GetVersionExW
GetExitCodeProcess
lstrcpynW
ExitProcess
GetModuleFileNameW
CompareStringW
SetCurrentDirectoryW
lstrcmpiW
CloseHandle
LocalFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrcpyW
LocalAlloc
LocalLock
TerminateProcess
GetFileAttributesW
lstrlenW

user32

WaitForInputIdle
MessageBoxW

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExW
CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

ord176

comctl32

ord17

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea7a05a4ca04d69b2e04af9285219afa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

oleaut32

msvcrt

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 4KB - Virtual size: 830B

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 240KB - Virtual size: 237KB

825ffa1681774bafd98831d67eea6775

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

89:2d:47:1e:30:7b:e6:39:c0:89:15:10:ea:c9:15:70Certificate

Extended Key Usages

Key Usages

f8:cf:1b:88:6b:42:b0:2e:b4:8a:c2:de:76:ed:1b:68:da:07:58:91Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 848B

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 4KB - Virtual size: 830B

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 240KB - Virtual size: 237KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

89:2d:47:1e:30:7b:e6:39:c0:89:15:10:ea:c9:15:70
Certificate

f8:cf:1b:88:6b:42:b0:2e:b4:8a:c2:de:76:ed:1b:68:da:07:58:91
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 848B

.rsrc
Size: 25KB - Virtual size: 25KB