c43f9c8a2161ca860f43e39151dc3891

Sharing

Copy URL

Twitter E-mail

General

Target

c43f9c8a2161ca860f43e39151dc3891
Size

695KB
MD5

c43f9c8a2161ca860f43e39151dc3891
SHA1

e85b0e2cafaff7ce36e2d992687a65d607029e02
SHA256

5079b6083c9bc0a463ebc24cf8df8d2012b89d80a02b2e38dc82d966db93c2d6
SHA512

84a99906c916223189c23895011632d24c9bfe7ac8c1a69b1d1c99a9c50851837f7414363f341bcd47ec2ce24558566a51fb0629d8b056f3420d382ab72e1f7c
SSDEEP

12288:+u09edC/Nq/vkkzojl/TBMB+zEJ3J1KFixkfNm2m0p:pookIwbO3J1KFiANml0p

Score

1^/10

Malware Config

Signatures

Files

c43f9c8a2161ca860f43e39151dc3891
.exe windows:4 windows x86 arch:x86

68b3d1e93ebffcddd2d3e4bb63b9ef3e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:b9:12:c7:b2:e2:52:f9:f5:7d:ec:fa:ae:e1:52:c5
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/06/2015, 00:00

Not After

04/06/2016, 23:59

Subject

CN=PROSTOR,O=PROSTOR,POSTALCODE=614000,STREET=ul. Ekaterininskaya 96,L=Perm,ST=Perm region,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:e8:82:b5:f0:09:15:d8:08:d4:ab:f5:dd:52:18:88:b1:53:c0:1f
Signer

Actual PE Digest

13:e8:82:b5:f0:09:15:d8:08:d4:ab:f5:dd:52:18:88:b1:53:c0:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shlwapi

PathUndecorateA
SHRegCreateUSKeyW
StrCSpnW
UrlUnescapeA
PathIsFileSpecA
PathGetArgsA
StrRetToStrA
SHSetValueA
StrNCatA
PathRemoveBlanksW
UrlCompareW
PathIsDirectoryA
PathIsContentTypeW
StrToIntA

ole32

CoRevokeMallocSpy
CoFileTimeNow
IsEqualGUID
StgOpenPropStg
OleQueryCreateFromData

comdlg32

ChooseColorA
ChooseFontA
ReplaceTextW
PrintDlgExW
WantArrows
LoadAlterBitmap
ChooseFontW
FindTextA

oleaut32

SafeArrayAllocDescriptorEx
VarCyInt
VarR4FromUI4

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDList
SHPathPrepareForWriteW
StrRChrA
StrRChrW
ShellExecuteEx
SHGetPathFromIDListA
PrintersGetCommand_RunDLLW
SHFreeNameMappings

winspool.drv

DocumentPropertiesA
QueryRemoteFonts
QueryColorProfile
DeletePortW
WaitForPrinterChange
FlushPrinter
DeviceMode
PerfCollect
EnumJobsW
PerfOpen
GetSpoolFileHandle
AbortPrinter
DeletePrinterIC
SetPortA

advapi32

WmiQueryAllDataMultipleA
TreeResetNamedSecurityInfoW
SaferiChangeRegistryScope
GetTrusteeFormW
LsaQueryTrustedDomainInfoByName
CryptEnumProvidersA
CredUnmarshalCredentialA
CryptHashData
LsaSetInformationPolicy
StartTraceW
LsaGetSystemAccessAccount
GetServiceKeyNameA
RegEnumValueA
RegisterEventSourceW
WmiQueryAllDataW

gdi32

GdiStartPageEMF
GetCharWidthI
GdiConvertPalette
STROBJ_bEnumPositionsOnly
GetTextCharsetInfo
CreateMetaFileW
GetTextExtentExPointA
FlattenPath
GetTextExtentPointW
EnumFontFamiliesW
GetFontLanguageInfo
GetEUDCTimeStampExW
ExtEscape
PtVisible
MaskBlt
CopyMetaFileA
GetCharWidthW
UnrealizeObject
GetPixel
CreateDCW
GetClipRgn
EngDeleteSurface

version

VerFindFileW
VerQueryValueW
VerLanguageNameW
VerLanguageNameA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerFindFileA
VerQueryValueA
VerInstallFileW

wtsapi32

WTSSendMessageW
WTSLogoffSession
WTSUnRegisterSessionNotification
WTSSetSessionInformationW
WTSRegisterSessionNotification
WTSEnumerateServersA
WTSEnumerateServersW
WTSOpenServerW
WTSEnumerateProcessesW
WTSShutdownSystem
WTSCloseServer
WTSVirtualChannelPurgeInput

ws2_32

WSARecvFrom
WSACloseEvent
shutdown
WSCUnInstallNameSpace
WSCUpdateProvider
WSALookupServiceNextA
WSANSPIoctl
WSAUnhookBlockingHook
WSACancelBlockingCall
WSAGetLastError
getaddrinfo
WSCDeinstallProvider
socket
WSAEnumProtocolsA
getservbyname
WSAEnumNameSpaceProvidersW
gethostname
WSAGetServiceClassInfoA
getsockname
getnameinfo

comctl32

GetEffectiveClientRect
ImageList_Destroy
LBItemFromPt
FlatSB_ShowScrollBar
ImageList_SetIconSize
ImageList_GetIcon
ImageList_Create
UninitializeFlatSB
ImageList_LoadImage
CreateToolbarEx
PropertySheetA
MenuHelp
ImageList_GetImageRect
ImageList_Read
ImageList_SetFlags
InitializeFlatSB
ImageList_DragEnter
ImageList_Duplicate

kernel32

CreateToolhelp32Snapshot
GetTickCount
GetVersion
LoadLibraryExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

�� 2' R�z��C��a�� -g4��N��<��L��ك �O]p�D�N�Z�E��d��n� w�D �9O��B��+�N��D��= B�]�� F�ʬ�a%�� F��P O`��1_ʈ�X�Ζ�b�N�Z�l��" u��?A��`D��a�@u��q��Zr@;9��@6�􂉄�;�z��'WL-t!8�`��O�W1�K�Dӥ�6�Әw�j|�<�Z�:��Jeb4�p��*�}�t��@Q�-��8ݢ��v��PGv�lň��s~ߕ>P�C�$t��V��QO��KSglNHe�� .X��X��6�FnLęP�p]�0g�u��h �`��i�C�(&5J]E�K�P�aTu�I��@�� 3y"<uӃ��H��{��K��]E�$��m�EA7��}55L+��Z�e��L$)&a�<8e�>�'�Qkޢ��~#��o�(�@��.��kR�Fj��t�^��}C��&��n��4��O+iz��aX��4m��C�15I%Tö~b�9h]� 2��k{�d�I�"�[�8�ʃ�l��I�6�탈�Q��R�5_�R�-��_�c��`u�KMg��G��s=>��$&� �8��l�/�qQjb�M��-P=�w*��՞[�Ys�{l�̔��k��|�D��K��]�Hp��JI�6 ��T��B�6�q��B�+1�x��b�7-?*B��6|􃇩�J�r��s�t.G�N5��Y��,�g��0?4��S��)��f�I�z��d�HASC��zd��4��AU,T��g��w��b�� Q|�^�OY9H�Hg�GH�|��]5*��?@$��jZ##��B�k Y�bcXvfs�K��zj�6��&w�)�t�=� ''�"u��+y Y�.��d�;�^�C�:�,��}�V�&�D�u��v@2�Ir{�m䔃&cn�U�3 �� d�Hǖ=�$��( �/tF��%�� 5��Z�s,��q��̀�ڲ |��Z��#6ދ|��!Bryd�K&-��G��-��D�&Ȱ�a��b�ӛ#/k/E!0 �<y�3�y��5�&*�ۘ�MV�'��;WggR�LFx]j�QZr�� і�;˟΢��W��i�Dv�=E�r7�-E��Wc+Y�`xGrm��+��~xqLZ�*�:�+�r�"M��E�s3��?S��o@2�d�p]�䗏��*�zƳ�ͱ��2��g+��^0ʸW�i۷�6vh�'�`ߜ�/�|��ko�QOD|�"��μ�W��*':h\�k��~7�n��LK2�G�N3pM��̄�s�1d�ͬ�0*�ʆ��+�� L�A�4>� ��-�m�Ģ_�`��2#�uΗ� %@�4F&&</>�1��P ��YPV%ܵb5�L�n}��1�g u��7��P��|ڼ�/G1z$}��Մ��>��D,]�y��7��ɑ��9��^ ��еz5�T��AP&��Țj�a��3��Uq?�5��Fh�bl�5x2��q��B�|�Hj��8�*Ҳ�|ԅo��Q��c�I�o44��z!�掉�� R�J$fn'^A<�br�� f��@>�}�3̇��}"�P�!��A`iQǔЃ�\<��/W��-�2��{��Y+b�E��Ͳ�N��D�@%�I1�J��y��"�Y�c$[*��VG?p�ج_�xn4��^�Y_��+�!)�{�ve(1��zf��*J��5�k�"�W�X&s~�QYoj�ox�RR%��?��=`2�8V��;��˃hC�O�3 Vb?� �K �C�I��^Q?+%L�E�R� |DB��a�ݪ�U��^bM�#-k�`��2BK�wN��ϳY�? �37F��u��a�F��)�``q��޵��U0*��]�"T�k�ٚ1�]K��6�F��^�e�hX56��Ū�0��̭��hP��6M�1P�%׬��G�� U��k��W� �-��P�.QW͇�1��o��l45�%�� N��7x�.ԓ��`��\�໖x!Z�7]��m�+��Ǖ��I2DG��+Q�9��&7V��>��n#��D��氕�V��H�Of�$�'B2��)~��i�2�diIa�#Oe��x��Q�.�L�Px�V8�f�c뵗Mt��k��H�L%F+>�5Q�R��<�v�H��8�D;�O靁U�c��Q�c��&�/g�ҟ��2�r8��/��*�œe<��(��q~w�a{��$;ج?v"��Ey��K=Q�*��.�� gۏ �}\>VH��< ��WxU��kTi��&��.|OzX�s��'��e'g��`�-A䎡h\��<��ek�m�vv�)[\��L6��l�h5�x��&�J��1k�Տh��W-O��p �o �<LԳ.�ʛ��!\D�li�0�� k��pGb�˄�%�fz{��d+u��Cb&��5|ȱk�b��n��G{u��L�� u�b�l�qSJ��d ��ɠ��`/6�x�,�Ɍ��r1Z��KW��~��A��1�)c@,��{׏\d��m`�U�T�R�q��[�-��LA+S�͚\��ޔ��s�@_��c�%MoG_�Sj��n߫m��^rKl~ ͸G��F��D��Ҋ�kLt��vBg�R-W��#+�=�j��t�|ں��@o��gr�MK��XS+a|��>��M$.�y&�`#I4��xIu�l�لa�� Y�D��c`��ܢ}~|^%(=��r2#j�v��WMߒ�kC>i#�p�Qv|Jyߟ�5�)*�

Sections

CODE
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68b3d1e93ebffcddd2d3e4bb63b9ef3e

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

01Certificate

Key Usages

81:b9:12:c7:b2:e2:52:f9:f5:7d:ec:fa:ae:e1:52:c5Certificate

Extended Key Usages

Key Usages

13:e8:82:b5:f0:09:15:d8:08:d4:ab:f5:dd:52:18:88:b1:53:c0:1fSigner

Headers

File Characteristics

Imports

shlwapi

ole32

comdlg32

oleaut32

shell32

winspool.drv

advapi32

gdi32

version

wtsapi32

ws2_32

comctl32

kernel32

Exports

Exports

Sections

CODE Size: 438KB - Virtual size: 437KB

DATA Size: 11KB - Virtual size: 11KB

BSS Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.text Size: 15KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 24B

.text Size: 64KB - Virtual size: 63KB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 150KB - Virtual size: 150KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

01
Certificate

81:b9:12:c7:b2:e2:52:f9:f5:7d:ec:fa:ae:e1:52:c5
Certificate

13:e8:82:b5:f0:09:15:d8:08:d4:ab:f5:dd:52:18:88:b1:53:c0:1f
Signer

CODE
Size: 438KB - Virtual size: 437KB

DATA
Size: 11KB - Virtual size: 11KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 24B

.text
Size: 64KB - Virtual size: 63KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 150KB - Virtual size: 150KB