ccf66b9c8fc68839f434cb82580e58dc

Sharing

Copy URL Twitter E-mail

General

Target

ccf66b9c8fc68839f434cb82580e58dc
Size

339KB
MD5

ccf66b9c8fc68839f434cb82580e58dc
SHA1

ce893ef4247d1ffc4789275efb19e45724a2051a
SHA256

4b38424fcde75109858300be6488bfb8cab76d2daad79fc5234044591cd9b842
SHA512

0895e2813d6a273ac1c24f3f7ecbc0ef2b4e0c252c6c3939cf8a12ccc134195b9ef7796e309829bd7b8d579a56c972dab5e366e41d3dbb27da9346ebe0bd834e
SSDEEP

6144:W/FYWolEtENGk+evbgNYz0vKbGoEFvw2IjSm9wFvC:qFZolqkJ+YAvKbGlo2IjUa

Score

1^/10

Malware Config

Signatures

Files

ccf66b9c8fc68839f434cb82580e58dc
.exe windows:6 windows x86 arch:x86

a5a22cd37df8c0d135df23ae73405403

Code Sign

33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:90:42:fb:34:f9:ca:f3:16:cb:3b:fe:dc:40:a9:bc:ad:d3:b6:61:30:8f:49:1d:50:0b:81:07:31:05:00:fe
Signer

Actual PE Digest

c9:90:42:fb:34:f9:ca:f3:16:cb:3b:fe:dc:40:a9:bc:ad:d3:b6:61:30:8f:49:1d:50:0b:81:07:31:05:00:fe

Digest Algorithm

sha256

PE Digest Matches

false

69:87:3d:bf:f2:c1:e6:44:ad:bc:ab:53:ff:af:cb:b6:ad:99:0a:4a
Signer

Actual PE Digest

69:87:3d:bf:f2:c1:e6:44:ad:bc:ab:53:ff:af:cb:b6:ad:99:0a:4a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\Target\x86\ship\dw\x-none\dwtrig20.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
RegOpenKeyExA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
EqualSid
CreateWellKnownSid
CopySid
AddAccessDeniedAce
AddAccessAllowedAce
OpenProcessToken

kernel32

InitializeCriticalSectionEx
GetShortPathNameA
LoadResource
SizeofResource
FindResourceW
IsWow64Process
MultiByteToWideChar
lstrcmpiW
GlobalFree
GlobalAlloc
GetSystemWindowsDirectoryW
CreateProcessW
Sleep
GetLastError
CloseHandle
GetShortPathNameW
GetLongPathNameW
GetFileAttributesW
lstrlenW
SetLastError
WideCharToMultiByte
IsValidCodePage
CreateMutexA
OpenMutexA
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
LocalAlloc
LocalFree
GetCurrentThread
QueryPerformanceCounter
WaitForSingleObjectEx
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwind
RaiseException
EncodePointer
FreeLibrary
LoadLibraryExW
GetThreadTimes
VirtualProtect
HeapSize
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetCommandLineW
GetACP
GetStringTypeW
GetFileType
HeapReAlloc
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
GetSystemInfo
VirtualQuery
LoadLibraryExA
CreateEventW
WaitForSingleObject
SetEvent
GetSystemTimeAsFileTime
ResetEvent

ole32

StringFromIID
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString
LoadTypeLi

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5a22cd37df8c0d135df23ae73405403

Code Sign

33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9bCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

c9:90:42:fb:34:f9:ca:f3:16:cb:3b:fe:dc:40:a9:bc:ad:d3:b6:61:30:8f:49:1d:50:0b:81:07:31:05:00:feSigner

69:87:3d:bf:f2:c1:e6:44:ad:bc:ab:53:ff:af:cb:b6:ad:99:0a:4aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 9KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 7KB

33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9b
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

c9:90:42:fb:34:f9:ca:f3:16:cb:3b:fe:dc:40:a9:bc:ad:d3:b6:61:30:8f:49:1d:50:0b:81:07:31:05:00:fe
Signer

69:87:3d:bf:f2:c1:e6:44:ad:bc:ab:53:ff:af:cb:b6:ad:99:0a:4a
Signer

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 9KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 7KB