39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655[.]exe[.]old

Sharing

Copy URL Twitter E-mail

General

Target

39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655.exe.old
Size

65KB
MD5

89081f2e14e9266de8c042629b764926
SHA1

730c1b9e950932736fc4b02cbdb4e4e891485ac2
SHA256

39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655
SHA512

bbb5aa4d8e7a011daff71774ee9c74fa4d14627de1c25e0437c879bd1cd137223d5c2fb20fd101a511a95e59d91ea884b0947229ee67e40a4a24350573fb9e54
SSDEEP

768:aQ1PWoWzXyjJsTKJUniYs1pdLn4nDT622YuYDIhscWTJqLPNofEDy9nAXmIEHbKa:aQ5WDziX+nD0LWT6FYZDgs5ULPIJEYp

Score

1^/10

Malware Config

Signatures

Files

39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655.exe.old
.exe windows:5 windows x86 arch:x86

c9febdea3218b92a46f739082f26471e

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:d4:ce:11:6b:13:1d:af:8d:78:4c:6f:ab:2e:a1:f1
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/05/2019, 00:00

Not After

12/05/2020, 23:59

Subject

SERIALNUMBER=10904381,CN=ORDARA LTD,O=ORDARA LTD,L=Andover,ST=Hampshire,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1307416e646f766572,1.3.6.1.4.1.311.60.2.1.2=#130948616d707368697265,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:18:81:0f:cf:d6:77:9d:0a:cf:54:aa:c0:7d:19:37:02:cb:30:ac
Signer

Actual PE Digest

72:18:81:0f:cf:d6:77:9d:0a:cf:54:aa:c0:7d:19:37:02:cb:30:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetLastError
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetProcAddress
WaitForSingleObject
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
GetCurrentProcess
GetModuleHandleA
GetLocalTime
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapFree
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
CreateFileA
SetStdHandle
FlushFileBuffers
HeapSize
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
SetEndOfFile
GetProcessHeap
ReadFile
CreateFileW

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shlwapi

PathFileExistsA

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9febdea3218b92a46f739082f26471e

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

5a:d4:ce:11:6b:13:1d:af:8d:78:4c:6f:ab:2e:a1:f1Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

72:18:81:0f:cf:d6:77:9d:0a:cf:54:aa:c0:7d:19:37:02:cb:30:acSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 3KB

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

5a:d4:ce:11:6b:13:1d:af:8d:78:4c:6f:ab:2e:a1:f1
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

72:18:81:0f:cf:d6:77:9d:0a:cf:54:aa:c0:7d:19:37:02:cb:30:ac
Signer

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 3KB