ca881e82998c4d9dcc487765bb606216

Sharing

Copy URL Twitter E-mail

General

Target

ca881e82998c4d9dcc487765bb606216
Size

1.9MB
MD5

ca881e82998c4d9dcc487765bb606216
SHA1

4226a9684cc15a66ba7c451b8a1a342b0fdfb8cd
SHA256

6300db9c81fc0d8ab7e009f2612e228c2f563d1be0bf02c180f291401d8db98e
SHA512

3bbff4576d558068ff8d28cea4372b9a53b5d8ad2f06cf956f8b44b1419ba68e62ff8f2b2553226358ea7851fcef2ecf57d701e9b76a91466b5eb6e6031935cc
SSDEEP

24576:uE3ySt7ERZed2HXlgTcojTih4ywx/2B5z3H+zSm7UbuRKT08bOvhMPdqQQEn+Xsa:Rbt7Gd4JQsT0pmZ4TpT6XBOE

Score

1^/10

Malware Config

Signatures

Files

ca881e82998c4d9dcc487765bb606216
.exe windows:5 windows x86 arch:x86

8ddc96159935a763b7fbeb1712d5b188

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:73:a6:51:cc:71:a1:be:1e:53:15:2e
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/04/2018, 08:01

Not After

25/04/2019, 08:01

Subject

SERIALNUMBER=1187746374661,CN=AeroAdmin LLC,O=AeroAdmin LLC,STREET=Ulitsa Konstantina Simonova\, dom 5\, korpus 1\, kvartira 16,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c16657567656e652e73406165726f61646d696e2e636f6d,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:b7:74:ee:59:e3:5e:c6:06:26:16:89
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

28/02/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 002-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:92:54:00:e5:71:04:e4:09:1c:26:d0:cc:cd:df:bd:f8:dc:6b:4b
Signer

Actual PE Digest

23:92:54:00:e5:71:04:e4:09:1c:26:d0:cc:cd:df:bd:f8:dc:6b:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\hg_clone\source\Output\AeroAdmin.pdb

Imports

kernel32

TlsFree
OpenProcess
TerminateProcess
UnmapViewOfFile
CreateFileMappingW
WaitForSingleObject
CreateEventW
GetConsoleWindow
SetThreadExecutionState
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFree
GlobalUnlock
GlobalLock
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GlobalAlloc
GetGeoInfoW
GetUserGeoID
GetCommandLineW
WTSGetActiveConsoleSessionId
AttachConsole
SetUnhandledExceptionFilter
SetErrorMode
ProcessIdToSessionId
DeleteFileW
GetTickCount
GetFileSize
CreateFileW
FreeLibrary
GetModuleFileNameW
LoadLibraryW
WideCharToMultiByte
RaiseException
ReadFile
WriteFile
GetProcAddress
PostQueuedCompletionStatus
Sleep
CloseHandle
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetLastError
TlsAlloc
InterlockedExchangeAdd
FindNextFileA
FindFirstFileExA
ReadConsoleW
HeapSize
GetTimeZoneInformation
SetFilePointerEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleFileNameA
HeapReAlloc
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
VirtualQuery
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
OpenFileMappingW
GetModuleHandleW
MapViewOfFile
InitializeSListHead
ResetEvent
SetEndOfFile
SetFilePointer
SetFileTime
GetFileAttributesExW
RemoveDirectoryW
MoveFileW
FindClose
FindNextFileW
FindFirstFileW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetLogicalDriveStringsW
LoadResource
LockResource
FindResourceW
GetUserDefaultUILanguage
GetFileAttributesW
GetComputerNameW
HeapFree
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
FormatMessageA
CreateDirectoryW
InterlockedCompareExchange
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetEvent
SleepEx
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
VerifyVersionInfoW
CompareFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetCurrentDirectoryW
GetThreadTimes
DeviceIoControl
SetPriorityClass
GetVersionExW
HeapAlloc
GetProcessHeap

user32

CreatePopupMenu
InsertMenuW
TrackPopupMenu
DestroyMenu
FindWindowW
GetSystemMetrics
RegisterClassExW
CreateWindowExW
LoadImageW
SetWindowTextW
PostMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DefWindowProcW
SetCursor
SetClassLongW
wsprintfW
ExitWindowsEx
ChangeDisplaySettingsW
LockWorkStation
SendInput
GetDC
ReleaseDC
GetWindowLongW
MapWindowPoints
DrawMenuBar
InsertMenuItemW
CreateMenu
GetMenuBarInfo
LoadIconW
SetWindowLongW
GetDCEx
CreateIconIndirect
GetIconInfo
GetCursorInfo
DestroyCursor
SetForegroundWindow
ShowWindow
PostQuitMessage
DestroyWindow
TranslateMessage
PeekMessageW
GetWindowDC
EnumDisplayMonitors
GetUserObjectInformationW
OpenInputDesktop
CloseWindowStation
GetCursorPos
DispatchMessageW
LoadCursorW
UnhookWindowsHookEx
SetProcessWindowStation
MapVirtualKeyW
CloseDesktop
SetThreadDesktop
OpenDesktopW
GetClipboardData
EnumDisplaySettingsW
EnumDisplayDevicesW
mouse_event
SendMessageW
SystemParametersInfoW
EnableWindow
GetDlgItem
GetWindowRect
GetAsyncKeyState
InvalidateRect
SetMenu
AdjustWindowRect
SetFocus
SetWindowPos
EnableMenuItem
GetSystemMenu
GetWindowTextW
GetClientRect
ScreenToClient
MoveWindow
OpenWindowStationW
CallNextHookEx
BroadcastSystemMessageW
SetWindowsHookExW
FillRect
SetWindowTextA
GetWindowTextA
MessageBoxW
IsDlgButtonChecked
GetMenu
DrawEdge
DrawTextExW
DrawFrameControl
GetParent
GetKeyboardState
ToAscii
SetScrollPos
ShowScrollBar
SetScrollRange
HideCaret
ShowCaret
MessageBeep
DrawTextW
SetCaretPos
RegisterClassW
BeginPaint
EndPaint
GetFocus
UpdateWindow
GetScrollPos
GetScrollRange
CreateCaret
DestroyCaret
GetWindowPlacement
DrawIconEx
DestroyIcon
GetDesktopWindow
GetMonitorInfoW

gdi32

CreatePen
CreateDIBitmap
CreatePatternBrush
CreateCompatibleBitmap
GetDeviceCaps
GetStockObject
CreateFontW
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
SetBkMode
CreateFontIndirectW
TextOutW
SetTextColor
Rectangle
GetTextMetricsW
GetROP2
SetROP2
GetTextExtentPoint32W
ExtTextOutW
SetBkColor
SetBrushOrgEx
CreateBitmap
GetBitmapBits
GetObjectW
RestoreDC
SaveDC
GetDIBits
DeleteDC

advapi32

LookupPrivilegeValueW
GetTokenInformation
CryptAcquireContextW
CryptGenRandom
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
StartServiceW
DeleteService
OpenServiceW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
CryptReleaseContext
OpenProcessToken
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
SetSecurityInfo
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
LookupAccountSidW

shell32

SHGetFolderPathW
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderPathW
ord47
ShellExecuteExW
CommandLineToArgvW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantClear
SysStringLen
SysFreeString
SysAllocString

ws2_32

freeaddrinfo
bind
listen
accept
getpeername
ntohl
getaddrinfo
getsockopt
WSASetLastError
WSASocketW
recv
select
WSAGetLastError
send
socket
closesocket
ioctlsocket
setsockopt
gethostname
inet_ntoa
gethostbyname
WSACleanup
WSAStartup
shutdown
WSARecv
WSASend
connect

urlmon

URLDownloadToFileW

winmm

timeEndPeriod
timeBeginPeriod
waveOutClose
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutOpen
waveInClose
waveInUnprepareHeader
waveInReset
waveInStart
waveInOpen
waveInGetDevCapsW
waveInGetNumDevs
waveInAddBuffer
waveInPrepareHeader

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

iphlpapi

GetBestInterface
GetAdaptersAddresses

netapi32

NetApiBufferFree
NetWkstaTransportEnum

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

gdiplus

GdipCloneImage
GdiplusShutdown
GdipDisposeImage
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipSaveImageToStream

msimg32

AlphaBlend

comctl32

InitCommonControlsEx
ord17

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 467KB - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ddc96159935a763b7fbeb1712d5b188

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

3b:73:a6:51:cc:71:a1:be:1e:53:15:2eCertificate

Extended Key Usages

Key Usages

13:b7:74:ee:59:e3:5e:c6:06:26:16:89Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

23:92:54:00:e5:71:04:e4:09:1c:26:d0:cc:cd:df:bd:f8:dc:6b:4bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

urlmon

winmm

wtsapi32

userenv

iphlpapi

netapi32

mpr

gdiplus

msimg32

comctl32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 202KB - Virtual size: 201KB

.data Size: 467KB - Virtual size: 681KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 51KB - Virtual size: 51KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

3b:73:a6:51:cc:71:a1:be:1e:53:15:2e
Certificate

13:b7:74:ee:59:e3:5e:c6:06:26:16:89
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

23:92:54:00:e5:71:04:e4:09:1c:26:d0:cc:cd:df:bd:f8:dc:6b:4b
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 202KB - Virtual size: 201KB

.data
Size: 467KB - Virtual size: 681KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 51KB - Virtual size: 51KB