c35e4093190cc4493b5958b471a125a7

Sharing

Copy URL Twitter E-mail

General

Target

c35e4093190cc4493b5958b471a125a7
Size

124KB
MD5

c35e4093190cc4493b5958b471a125a7
SHA1

3405f92258ab8ad217959c609d0370ce0986f5e8
SHA256

bd829f635541110fcb085986772fdb9ee42c4793bb578c8fa7848763b7249ba8
SHA512

e309a523e4dfb5817e879231daee05383d03635928aba97ee94db81d6456a4d174d887a0064424caca841b7c5edf65b15f583efed063970ef32a66542046a729
SSDEEP

3072:7AHaqQzTh+Ej7EZnD3XpTeCZbZvk+46eyemcr3ibd:7ihQzTwcYHdeC0qef7yb

Score

1^/10

Malware Config

Signatures

Files

c35e4093190cc4493b5958b471a125a7
.exe windows:6 windows x64 arch:x64

19d5fde8be25751c7946eb965b6f6eee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:fb:71:33:19:02:7f:3f:1f:1c:06:67:b3:c3:8c:a9
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

07/05/2017, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems\, Incorporated,OU=Acrobat DC,O=Adobe Systems\, Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:d8:f4:59:1b:a5:f9:c1:68:8b:bd:26:8f:73:e1:31:a7:42:40:47
Signer

Actual PE Digest

cd:d8:f4:59:1b:a5:f9:c1:68:8b:bd:26:8f:73:e1:31:a7:42:40:47

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

chrome_wow_helper.pdb

Imports

kernel32

VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
GetModuleHandleW
GetProcAddress
OpenProcess
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
GetCommandLineW
HeapAlloc
GetLastError
HeapFree
SetLastError
GetCurrentThreadId
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
GetStringTypeW
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LCMapStringW
LoadLibraryExW
HeapReAlloc
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

E
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19d5fde8be25751c7946eb965b6f6eee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

10:fb:71:33:19:02:7f:3f:1f:1c:06:67:b3:c3:8c:a9Certificate

Extended Key Usages

Key Usages

cd:d8:f4:59:1b:a5:f9:c1:68:8b:bd:26:8f:73:e1:31:a7:42:40:47Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

E Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

10:fb:71:33:19:02:7f:3f:1f:1c:06:67:b3:c3:8c:a9
Certificate

cd:d8:f4:59:1b:a5:f9:c1:68:8b:bd:26:8f:73:e1:31:a7:42:40:47
Signer

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

E
Size: 2KB - Virtual size: 2KB