e1ff6f6d1b5467e5612ab36cd323a568

Sharing

Copy URL Twitter E-mail

General

Target

e1ff6f6d1b5467e5612ab36cd323a568
Size

295KB
MD5

e1ff6f6d1b5467e5612ab36cd323a568
SHA1

a366e44e5fe5b5b03e3ba9a50c1043f444829626
SHA256

adc112ba540e234ee93301c23a3c729e517884eb5eaffcb20006f7c75ad856a9
SHA512

1c837facd385a8074570f7ac2ff6da16a09ddd74ab16991806b923b372709db88490db13b088c59fe17be76687b0dcf67eb53aef4ea925d4efb8999131a722bf
SSDEEP

6144:L+0zjlZyo4nqnN/lzlcXSzpPXMphsGSCjvmuY9dK5aAxymA:qupw9qnN/XcJGGNI9H

Score

1^/10

Malware Config

Signatures

Files

e1ff6f6d1b5467e5612ab36cd323a568
.exe windows:5 windows x86 arch:x86

c4c350d8bca3993e132ebc72dfe93ab7

Code Sign

ae:48:3a:07:84:f2:61:bd
Certificate

Issuer

CN=MarryGodforbidtheboywastheverystaffofmy

Not Before

06/09/2011, 13:05

Not After

02/06/2014, 13:05

Subject

CN=MarryGodforbidtheboywastheverystaffofmy

55:06:d5:86:3e:b6:ce:12:4f:bc:ae:e4:0c:cc:10:b5:aa:51:9b:56
Signer

Actual PE Digest

55:06:d5:86:3e:b6:ce:12:4f:bc:ae:e4:0c:cc:10:b5:aa:51:9b:56

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
LoadLibraryA
GetLongPathNameW
GetComputerNameA
SetThreadPriority
GlobalDeleteAtom
GetExitCodeProcess
CreateMutexA
lstrcpyA
GetSystemDirectoryA
GetLastError
GetStartupInfoA
GetCurrentProcessId
OpenJobObjectA
CloseHandle
GetCurrentDirectoryA
BeginUpdateResourceA
Module32First
GetTempFileNameA
GetCurrentProcess
GetCurrentThreadId
GetProcAddress
IsBadReadPtr
VirtualProtect
VirtualProtectEx
VirtualFree
VirtualAlloc
FreeLibrary
CreateEventW
WaitForMultipleObjects
lstrcpyW
AddAtomA

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 278KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4c350d8bca3993e132ebc72dfe93ab7

Code Sign

ae:48:3a:07:84:f2:61:bdCertificate

55:06:d5:86:3e:b6:ce:12:4f:bc:ae:e4:0c:cc:10:b5:aa:51:9b:56Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 102KB

.text Size: 278KB - Virtual size: 961KB

.rsrc Size: 13KB - Virtual size: 12KB

ae:48:3a:07:84:f2:61:bd
Certificate

55:06:d5:86:3e:b6:ce:12:4f:bc:ae:e4:0c:cc:10:b5:aa:51:9b:56
Signer

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 102KB

.text
Size: 278KB - Virtual size: 961KB

.rsrc
Size: 13KB - Virtual size: 12KB