65feb94684e2f7bcecf6dd70a49ff379d6b7b40ca29f5c8c91bbd713c3c85046

Sharing

Copy URL Twitter E-mail

General

Target

65feb94684e2f7bcecf6dd70a49ff379d6b7b40ca29f5c8c91bbd713c3c85046
Size

4.0MB
MD5

c99ac5d097bf1fa3699195bc095330c7
SHA1

33cf0b110f4a0d481cffdfde38a27398d360f887
SHA256

65feb94684e2f7bcecf6dd70a49ff379d6b7b40ca29f5c8c91bbd713c3c85046
SHA512

e24e1dfe9b341a97cda0260edaa3869f0eb5fc32790ef0a0e62ad6730c5677182c51a72a8507c30f3a85732e96dc4bc024f4ab6fcae30e886028ca989af91c97
SSDEEP

49152:xENb86nlaQyEPViOjFvVY2/c5Wt8uWdJcDTwEx+jcIpCAKA0YeovOj4:Ab8vgdnjFNY2k5WGuWdJcDTwbcIpF

Score

1^/10

Malware Config

Signatures

Files

65feb94684e2f7bcecf6dd70a49ff379d6b7b40ca29f5c8c91bbd713c3c85046
.exe windows:5 windows x86 arch:x86

016abe10d9bdab2a9da549860f91bdfb

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:03:0e:85:51:d7:99:30:64:5e:10:2e:7b:63:60:b2
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

24/01/2017, 00:00

Not After

03/02/2019, 23:59

Subject

CN=Husdawg\, LLC,O=Husdawg\, LLC,L=El Dorado Hills,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:07:ff:46:83:dc:30:7a:02:a2:e4:d2:0f:d4:74:c8:e7:6f:c3:b8:26:77:81:63:32:ef:f8:72:f9:dd:bc:3c
Signer

Actual PE Digest

6b:07:ff:46:83:dc:30:7a:02:a2:e4:d2:0f:d4:74:c8:e7:6f:c3:b8:26:77:81:63:32:ef:f8:72:f9:dd:bc:3c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
LoadLibraryA
SetEvent
WaitForSingleObject
CreateEventW
SetThreadPriority
GetPrivateProfileIntW
GlobalAddAtomW
EncodePointer
GlobalFindAtomW
LocalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GlobalGetAtomNameW
OutputDebugStringA
GetThreadLocale
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
DeleteFileW
VerSetConditionMask
VerifyVersionInfoW
GetFileAttributesW
GetFileSize
FindClose
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
lstrcmpW
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
VirtualProtect
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
FindNextFileW
SetErrorMode
GetTempFileNameW
GetTempPathW
Sleep
GetProfileIntW
SearchPathW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CopyFileW
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
lstrcmpA
GlobalDeleteAtom
ReadFile
lstrcatW
GetWindowsDirectoryW
lstrcmpiW
InterlockedDecrement
GetCurrentThread
GetModuleFileNameW
GetCurrentThreadId
LoadLibraryExW
GetStringTypeW
GetCurrentProcessId
GetCPInfo
LCMapStringW
RtlUnwind
FindFirstFileW
GetTimeZoneInformation
GetLocalTime
GetCommandLineA
GetCommandLineW
ExpandEnvironmentStringsW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GlobalMemoryStatus
GetCurrentProcess
GetModuleHandleW
GetUserDefaultLCID
GetVersionExW
HeapQueryInformation
VirtualQuery
SetStdHandle
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
VirtualFree
VirtualAlloc
GetFileType
DeviceIoControl
CreateFileW
lstrcpyW
FreeLibrary
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
GetTickCount
OutputDebugStringW
lstrlenW
GetStdHandle
WritePrivateProfileStringW
GetPrivateProfileStringW
ExitProcess
GetACP
GetConsoleCP
TerminateProcess
GetConsoleMode
FindResourceExW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
WideCharToMultiByte
SuspendThread
ResumeThread
LocalFree
FormatMessageW
SetLastError
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetLastError
CreateMutexW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
SetThreadUILanguage
GetThreadUILanguage
CloseHandle

user32

MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
HideCaret
InvertRect
CreateMenu
DestroyCursor
GetWindowRgn
DrawTextW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
UnhookWindowsHookEx
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
EndPaint
BeginPaint
SetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
SubtractRect
DefWindowProcW
GetMessageTime
GetMessagePos
LoadMenuW
GetClassNameW
UpdateWindow
GetLastActivePopup
GetWindowLongW
IsCharLowerW
IsWindowEnabled
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetWindowRect
RedrawWindow
SetWindowRgn
DrawStateW
GetFocus
IsWindowVisible
DrawFrameControl
DrawEdge
RegisterWindowMessageW
MapDialogRect
GetParent
SetWindowContextHelpId
PostQuitMessage
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
DrawTextExW
EnableWindow
CreateAcceleratorTableW
LoadIconW
PostMessageW
LoadAcceleratorsW
GetClientRect
FillRect
IsIconic
SendMessageW
GetSystemMetrics
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
DrawIcon
KillTimer
SetTimer
InvalidateRect
SetWindowPos
LoadBitmapW
SetRect
UnregisterClassW
ToUnicodeEx
RegisterClipboardFormatW
UpdateLayeredWindow
GetForegroundWindow
GetUpdateRect
GetDC
SetClassLongW
DestroyAcceleratorTable
ModifyMenuW
SetMenuDefaultItem
GrayStringW
GetMenuDefaultItem
GetMenuItemInfoW
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
DestroyMenu
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
WaitMessage
PostThreadMessageW
IsClipboardFormatAvailable
FrameRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
MessageBoxW
GetMonitorInfoW
EnumDisplayMonitors
EnumDisplayDevicesW
wsprintfW
GetWindowThreadProcessId
GetWindow
EnumWindows
CharUpperBuffW
UnionRect
SetCursorPos
NotifyWinEvent
WindowFromPoint
GetSystemMenu
GetAsyncKeyState
CharUpperW
IsZoomed
TrackMouseEvent
LoadImageW
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromPoint
SetParent
SetLayeredWindowAttributes
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
ReleaseCapture
SetCapture
CharNextW
RealChildWindowFromPoint
DeleteMenu
SystemParametersInfoW
CopyImage
LoadCursorW
IntersectRect
SetRectEmpty
SendDlgItemMessageA
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
ClientToScreen
ReleaseDC
GetWindowDC
TabbedTextOutW
CallWindowProcW
GetKeyNameTextW

gdi32

GetTextMetricsW
CreateBitmap
DeleteObject
GetStockObject
SetBkColor
SetTextColor
CreatePatternBrush
Escape
CreateCompatibleDC
GetObjectW
BitBlt
ExcludeClipRect
CreatePen
Rectangle
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
DeleteDC
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
Polyline
MoveToEx
TextOutW
GetDeviceCaps
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetMapMode
SetRectRgn
DPtoLP
CreatePolygonRgn
ExtTextOutW
CreateSolidBrush
PatBlt
GetRgnBox
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
ChoosePixelFormat
SetPixelFormat
GetNearestPaletteIndex
GetSystemPaletteEntries
Polygon
EnumFontFamiliesExW
SelectObject
GetTextExtentPoint32W
GetTextColor
LPtoDP
ExtFloodFill
SetPaletteEntries
GetBkColor
Ellipse
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
GetTextFaceW
FillRgn
FrameRgn
GetBoundsRect
CopyMetaFileW
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
CreateDCW

oleaut32

SafeArrayDestroy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
SysAllocString
VariantCopy
SysAllocStringLen
SysFreeString
SysStringLen

ole32

CoTaskMemAlloc
OleDuplicateData
ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoTaskMemFree
OleUninitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateGuid
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
CoRevokeClassObject
CoInitializeEx

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHAppBarMessage
SHGetFileInfoW
ShellExecuteW
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetDesktopFolder

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW

msi

ord205
ord70

wininet

InternetOpenUrlW
InternetQueryDataAvailable
HttpOpenRequestW
InternetReadFile
InternetCloseHandle
HttpAddRequestHeadersW
HttpSendRequestExW
InternetGetLastResponseInfoW
InternetWriteFile
HttpEndRequestW
InternetOpenW
InternetSetFilePointer
HttpQueryInfoW
HttpSendRequestW
InternetSetStatusCallbackW
InternetConnectW

iphlpapi

IcmpCreateFile
IcmpSendEcho

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comctl32

InitCommonControlsEx

shlwapi

StrFormatKBSizeW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
StrCatW

uxtheme

IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeParentBackground
DrawThemeText
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
IsAppThemed

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Exports

Exports

Configure
Detect
GetSystemInformation

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

016abe10d9bdab2a9da549860f91bdfb

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

3b:03:0e:85:51:d7:99:30:64:5e:10:2e:7b:63:60:b2Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

6b:07:ff:46:83:dc:30:7a:02:a2:e4:d2:0f:d4:74:c8:e7:6f:c3:b8:26:77:81:63:32:ef:f8:72:f9:dd:bc:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

oleaut32

ole32

shell32

version

advapi32

msi

wininet

iphlpapi

msimg32

winspool.drv

comctl32

shlwapi

uxtheme

oledlg

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 460KB - Virtual size: 459KB

.data Size: 27KB - Virtual size: 53KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 165KB - Virtual size: 164KB

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

3b:03:0e:85:51:d7:99:30:64:5e:10:2e:7b:63:60:b2
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

6b:07:ff:46:83:dc:30:7a:02:a2:e4:d2:0f:d4:74:c8:e7:6f:c3:b8:26:77:81:63:32:ef:f8:72:f9:dd:bc:3c
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 460KB - Virtual size: 459KB

.data
Size: 27KB - Virtual size: 53KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 165KB - Virtual size: 164KB