f46f5252825e565befcc9c42c2aec2645ad8414051f22e849e7a94324a178f9b

Sharing

Copy URL Twitter E-mail

General

Target

f46f5252825e565befcc9c42c2aec2645ad8414051f22e849e7a94324a178f9b
Size

2.3MB
MD5

ec598b604a3b589cd7f36f937326913e
SHA1

4682ccaed9863312d1c9669a583b20e89dcf1220
SHA256

f46f5252825e565befcc9c42c2aec2645ad8414051f22e849e7a94324a178f9b
SHA512

c08c76518090db271ac06bd32f2c2106f9addc53829ff57c41268e2e8d6cec8a9bcd174b786496ddb2d64b69f969fa7f24f472a356d1cebaf63e9d54c6ab0300
SSDEEP

49152:mCSC79c+1YYzelQ3r1okwNRBQHoeSK7ox3TMp6vHZGCFEFWLuhAy:mCSC79cmYCelcr1okGQIeSq

Score

1^/10

Malware Config

Signatures

Files

f46f5252825e565befcc9c42c2aec2645ad8414051f22e849e7a94324a178f9b
.exe windows:5 windows x86 arch:x86

89bec4e1ecb2aa5cd0077a4492a0324f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:da:9d:e8:d3:02:ac:c5:cd:d5:ab:42:eb:56:38:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/03/2013, 00:00

Not After

22/04/2015, 23:59

Subject

CN=AVG Technologies,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AVG Technologies,L=Brno,ST=Jihomoravsky kraj,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:55:75:39:eb:d2:fe:88:25:ec:e7:4d:3a:2b:ee:ed:c8:3c:b5:41
Signer

Actual PE Digest

ff:55:75:39:eb:d2:fe:88:25:ec:e7:4d:3a:2b:ee:ed:c8:3c:b5:41

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Dev\Dev\ScriptHelper\1.0.0\ScriptHelper\Release\ScriptHelper.pdb

Imports

kernel32

WaitForSingleObject
Sleep
CreateEventW
CreateThread
CloseHandle
GlobalHandle
GlobalFree
LoadLibraryExW
FreeLibrary
SetLastError
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
InterlockedIncrement
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GetCurrentProcess
WaitForMultipleObjects
lstrcmpiW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SetEvent
SetEnvironmentVariableA
GetLocaleInfoW
GetConsoleOutputCP
WriteConsoleA
SizeofResource
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
GetCommandLineW
WriteFile
CreateFileW
DeleteFileW
CreateProcessW
OpenEventW
InterlockedCompareExchange
QueryPerformanceCounter
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
FlushInstructionCache
CreateFileA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetModuleFileNameW
OutputDebugStringW
DebugBreak
lstrlenA
GetVersionExW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
HeapCreate
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetFullPathNameA
GetFullPathNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetSystemDirectoryA
LocalSize
DeleteFileA
FindNextFileA
RemoveDirectoryA
FindFirstFileA
CreateDirectoryA
MoveFileExW
ReadFile
CopyFileW
SetFileAttributesW
GetWindowsDirectoryW
RemoveDirectoryW
GetFileAttributesW
SetFilePointer
SetDllDirectoryW
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
ExitProcess
GetStdHandle
GetFileType
WriteConsoleW
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedExchange
ReleaseMutex
OpenMutexW
CreateMutexW
DeviceIoControl
TerminateThread
AreFileApisANSI
GetSystemTime
GetTempPathA
GetCurrentProcessId
lstrlenW
SetStdHandle
InterlockedDecrement
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingW
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
FlushFileBuffers
GetFileAttributesA
FormatMessageA
GetSystemTimeAsFileTime
UnlockFileEx
GetTickCount
LockFile
GetEnvironmentVariableW
GetFileSize
LocalAlloc
LocalFree
ExpandEnvironmentStringsW
GetTempFileNameW
FindFirstFileW
HeapAlloc
HeapFree
CreateDirectoryW
GetProcessHeap
OpenProcess
LoadLibraryW
FormatMessageW
GetExitCodeProcess
TerminateProcess
GetEnvironmentVariableA
GetTempPathW
CopyFileA
FindClose
Process32FirstW
ProcessIdToSessionId
GetSystemInfo
Process32NextW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
UnlockFile

user32

GetDC
MoveWindow
ReleaseDC
ScreenToClient
GetClientRect
InvalidateRgn
RedrawWindow
LoadStringW
ClientToScreen
SetCapture
IsChild
GetParent
GetClassNameW
CharUpperW
CharNextW
SetWindowLongW
GetWindowLongW
DestroyWindow
GetSysColor
DefWindowProcW
UnregisterClassW
SendMessageW
SetWindowPos
ShowWindow
SetTimer
KillTimer
SendDlgItemMessageW
GetDlgItem
SetWindowRgn
IsWindow
SetForegroundWindow
keybd_event
EndDialog
InvalidateRect
SetWindowContextHelpId
FindWindowW
PostMessageW
PostThreadMessageW
TranslateMessage
GetMessageW
DispatchMessageW
GetActiveWindow
SystemParametersInfoW
MapDialogRect
ReleaseCapture
CreateDialogIndirectParamW
DialogBoxIndirectParamW
GetSystemMetrics
EnumWindows
wsprintfW
SetLayeredWindowAttributes
UnregisterClassA
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
GetKeyboardState

gdi32

CreateRoundRectRgn
CombineRgn
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
CreateRectRgn

advapi32

GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
OpenProcessToken
RegQueryValueExW
ConvertStringSidToSidW
LookupPrivilegeValueW
LookupAccountSidW
RegEnumValueW
RegFlushKey
AdjustTokenPrivileges
RegLoadKeyW
RegUnLoadKeyW
GetTokenInformation
CreateProcessAsUserW
DuplicateTokenEx
CheckTokenMembership
CreateWellKnownSid
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
CryptEncrypt
CryptCreateHash
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
SetEntriesInAclW
FreeSid
RegSetKeySecurity
CryptGetHashParam
CryptAcquireContextW

shell32

SHGetFolderPathW
ord680
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
OleUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoUninitialize
CoSuspendClassObjects
CoTaskMemRealloc
OleInitialize
CoTaskMemAlloc

oleaut32

GetActiveObject
RegisterTypeLi
UnRegisterTypeLi
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree

wtsapi32

WTSEnumerateSessionsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

userenv

CreateEnvironmentBlock

sensapi

IsNetworkAlive

shlwapi

UrlUnescapeW
PathFileExistsW
PathFileExistsA

rpcrt4

IUnknown_Release_Proxy
NdrOleFree
NdrOleAllocate
NdrCStdStubBuffer2_Release
RpcStringFreeW
UuidToStringW
NdrStubCall2
NdrStubForwardingFunction
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy

crypt32

CryptProtectData

wininet

DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
FindNextUrlCacheEntryW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89bec4e1ecb2aa5cd0077a4492a0324f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

01:da:9d:e8:d3:02:ac:c5:cd:d5:ab:42:eb:56:38:dbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ff:55:75:39:eb:d2:fe:88:25:ec:e7:4d:3a:2b:ee:ed:c8:3c:b5:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wtsapi32

version

userenv

sensapi

shlwapi

rpcrt4

crypt32

wininet

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.orpc Size: 512B - Virtual size: 177B

.rdata Size: 478KB - Virtual size: 478KB

.data Size: 18KB - Virtual size: 27KB

.rsrc Size: 115KB - Virtual size: 114KB

.reloc Size: 112KB - Virtual size: 111KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

01:da:9d:e8:d3:02:ac:c5:cd:d5:ab:42:eb:56:38:db
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ff:55:75:39:eb:d2:fe:88:25:ec:e7:4d:3a:2b:ee:ed:c8:3c:b5:41
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.orpc
Size: 512B - Virtual size: 177B

.rdata
Size: 478KB - Virtual size: 478KB

.data
Size: 18KB - Virtual size: 27KB

.rsrc
Size: 115KB - Virtual size: 114KB

.reloc
Size: 112KB - Virtual size: 111KB