d532b7d141beb99d06db3cced2e4980c

Sharing

Copy URL Twitter E-mail

General

Target

d532b7d141beb99d06db3cced2e4980c
Size

262KB
MD5

d532b7d141beb99d06db3cced2e4980c
SHA1

1b20b41bc37bf4768a296777537b9d6404878ad6
SHA256

135e5b847a98d4e327f4bdb77f253135489e0a4242fa1a42a923d3be6cea4976
SHA512

b99d90cd85532fc1b11688626f2057ec96ed1c919c3b9d05f22d9907d4e5693c015b5bb6071b959280791113a422f1d27cb1c3bfbf7e6344edb9a22b43c5d1cc
SSDEEP

6144:Yu3VnNfnusEV1cx1dgF6t7qSu97q4444444EGW9:Yu311nusEV1cxbgMtgGGW9

Score

1^/10

Malware Config

Signatures

Files

d532b7d141beb99d06db3cced2e4980c
.exe windows:5 windows x86 arch:x86

e42646af54f7999fc51fc06c9287d5ec

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:05:0b:7d:84:6e:75:57:ab:26:3a:ea:a9:94:9f:10
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/04/2013, 00:00

Not After

02/04/2015, 23:59

Subject

CN=sahiram,OU=tech,O=sahiram,POSTALCODE=333031,STREET=kulhariyo ka bas\, teh chirwa,L=pilani,ST=rajasthan,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:99:11:47:f3:06:f4:1d:02:e9:5b:7f:5d:f5:4c:81:35:fe:78:09
Signer

Actual PE Digest

df:99:11:47:f3:06:f4:1d:02:e9:5b:7f:5d:f5:4c:81:35:fe:78:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
VirtualAlloc
VirtualProtect
GetFileSize
FindFirstFileW
CompareFileTime
GetSystemTimeAsFileTime
WriteFile
ReadFile
CreateFileW
FindClose
FindNextFileW
DeleteFileW
ExitProcess
GetTempFileNameW
CreateProcessW
GetTickCount
GetCurrentThread
Sleep
GetModuleFileNameW
MultiByteToWideChar
GetTempPathW
GlobalFree
GetShortPathNameW
GetCurrentProcessId
OpenFileMappingA
CreateThread
ExpandEnvironmentStringsW
GetCurrentProcess
LocalFree
VirtualFree
TerminateProcess
GetLastError
DecodePointer
HeapDestroy
HeapCreate
lstrlenW
lstrlenA
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
RtlUnwind
GlobalUnlock
GlobalAlloc
GetModuleHandleW
GlobalLock
GetSystemInfo
GlobalMemoryStatusEx
GetProcAddress
SetWaitableTimer
LoadLibraryW
InterlockedDecrement
GetNativeSystemInfo
GetEnvironmentVariableW
CloseHandle
CreateWaitableTimerW
CancelWaitableTimer
WaitForSingleObject
CreateFileMappingA
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
GetLocaleInfoW
HeapFree
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
EncodePointer
GetStdHandle

user32

ReleaseDC
GetForegroundWindow
GetDesktopWindow
GetWindowInfo
wsprintfW
MessageBoxW
GetLastInputInfo
GetSystemMetrics
GetDC

gdi32

DeleteDC
StretchBlt
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

GetTokenInformation
ConvertSidToStringSidA
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

ws2_32

inet_ntoa
WSAStartup
WSACleanup
gethostbyname
ntohl
inet_addr

winhttp

WinHttpReadData
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpSetTimeouts
WinHttpReceiveResponse

gdiplus

GdipLoadImageFromStreamICM
GdiplusStartup
GdipCloneImage
GdipGetImageEncoders
GdipDisposeImage
GdipLoadImageFromStream
GdipSaveImageToStream
GdipFree
GdiplusShutdown
GdipAlloc
GdipGetImageEncodersSize

shlwapi

StrCmpIW
StrRChrW

Exports

Exports

?sfjRRg43@@YAPA_WPAK@Z

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e42646af54f7999fc51fc06c9287d5ec

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

da:05:0b:7d:84:6e:75:57:ab:26:3a:ea:a9:94:9f:10Certificate

Extended Key Usages

Key Usages

df:99:11:47:f3:06:f4:1d:02:e9:5b:7f:5d:f5:4c:81:35:fe:78:09Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

winhttp

gdiplus

shlwapi

Exports

Exports

Sections

.text Size: 195KB - Virtual size: 195KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 5KB - Virtual size: 16KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 8KB - Virtual size: 8KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

da:05:0b:7d:84:6e:75:57:ab:26:3a:ea:a9:94:9f:10
Certificate

df:99:11:47:f3:06:f4:1d:02:e9:5b:7f:5d:f5:4c:81:35:fe:78:09
Signer

.text
Size: 195KB - Virtual size: 195KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 8KB - Virtual size: 8KB