e241f3473cee3a4c8b2c3d0defd1840c

Sharing

Copy URL Twitter E-mail

General

Target

e241f3473cee3a4c8b2c3d0defd1840c
Size

265KB
MD5

e241f3473cee3a4c8b2c3d0defd1840c
SHA1

f23a2d3b33ef92fbb0ad8eb24ebd7d713e076602
SHA256

4096ef698b204076d3d37d58fc5bdd6ffd92b4dbe30e8653052fb907116d2090
SHA512

ec4eb5e643acb4b07504f8b180b870941a2a8044c05595a7b0704c2b3d518450f4ca926a0f9d6c15aeedd971a76b3c90208cb1e436ea49a63cf20f7a68f55b2f
SSDEEP

6144:9y10V94IYgRADGdzRijVl4zEkt+0gwzg0CMMgwzS5VLp:9S0QIYgRmucBlibpC09hH5Np

Score

1^/10

Malware Config

Signatures

Files

e241f3473cee3a4c8b2c3d0defd1840c
.exe windows:4 windows x86 arch:x86

38499d52d16f14e93a99625b964a47ef

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:28:fb:50:97:58:ee:e2:52:be:32:74:1f:78:98:a1:94:37:28:57
Signer

Actual PE Digest

1c:28:fb:50:97:58:ee:e2:52:be:32:74:1f:78:98:a1:94:37:28:57

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
GetTempFileNameA
GetVolumeInformationW
QueryPerformanceCounter
CreateSemaphoreW
GetCurrentThreadId
CreateNamedPipeA
GetCurrentThread
GetNumberFormatA
CreateSemaphoreA
GlobalFindAtomW
SuspendThread
BeginUpdateResourceW
GetCurrentProcessId
GetLocaleInfoW
EnumCalendarInfoA
GetUserDefaultLangID
GetAtomNameA
GetEnvironmentVariableW
GetUserDefaultLCID
lstrcpynA
InitializeCriticalSection
OpenProcess
GetEnvironmentStringsW
GlobalGetAtomNameA
GetWindowsDirectoryA
SetComputerNameA
SearchPathW
GetProcAddress
GetEnvironmentStringsA
GetFileType
GetEnvironmentVariableA
GetCalendarInfoW
FindAtomA
ExitThread
OpenMutexA
CreateEventA
GetHandleInformation
FreeResource
GetTimeFormatW
GetExpandedNameA
SetLastError
lstrcatW
DuplicateHandle

user32

GetTopWindow
IsIconic
GetClassLongW
InsertMenuA
InvalidateRgn
MessageBoxA
CreateCaret
GetMenuItemInfoW
FlashWindow
DeleteMenu
SetMenu
GetClassInfoW
CreateAcceleratorTableA
CallWindowProcA
WinHelpW
CreateDesktopA
CharPrevA
MessageBeep
GetWindowLongW
CharLowerW
EnumDesktopWindows
GetKeyboardType
RegisterWindowMessageA
GetWindowTextLengthA
GetCapture
AdjustWindowRect
RegisterWindowMessageW
GetActiveWindow
GetDC
LoadMenuW
PeekMessageW
GetMessageA
RemoveMenu
GetKeyState
GetIconInfo
SetCapture

gdi32

GetBitmapBits
GetDeviceGammaRamp
CreateDCW
GetPolyFillMode
SetViewportExtEx
GetStretchBltMode
UpdateICMRegKeyW
CreateFontA
GetClipBox
DeleteDC
SetDeviceGammaRamp
CreatePatternBrush
TranslateCharsetInfo
RectVisible
CreateBitmap
SetDIBColorTable

advapi32

RegCreateKeyA
RegOpenKeyA
RegCreateKeyExW

shell32

SHGetFileInfoA

shlwapi

SHGetValueA

opengl32

glPolygonOffset
wglSetLayerPaletteEntries
glColor4iv
glMapGrid2d

oledlg

OleUIEditLinksA
OleUIPromptUserA
OleUIBusyA
OleUIUpdateLinksA
OleUIObjectPropertiesW

wsock32

socket
GetNameByTypeA
GetTypeByNameW
WSAAsyncGetServByPort
MigrateWinsockConfiguration
select

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.XNzgeD
Size: 1024B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WM
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Zolyr
Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JdnGF
Size: 1024B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zJngk
Size: 1024B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.I
Size: 1024B - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qVRsHP
Size: 1024B - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38499d52d16f14e93a99625b964a47ef

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

1c:28:fb:50:97:58:ee:e2:52:be:32:74:1f:78:98:a1:94:37:28:57Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

opengl32

oledlg

wsock32

Sections

.text Size: 11KB - Virtual size: 10KB

.XNzgeD Size: 1024B - Virtual size: 33KB

.WM Size: 1KB - Virtual size: 8KB

.Zolyr Size: 3KB - Virtual size: 28KB

.JdnGF Size: 1024B - Virtual size: 40KB

.data Size: 9KB - Virtual size: 8KB

.zJngk Size: 1024B - Virtual size: 48KB

.I Size: 1024B - Virtual size: 27KB

.qVRsHP Size: 1024B - Virtual size: 278KB

.rsrc Size: 228KB - Virtual size: 227KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

1c:28:fb:50:97:58:ee:e2:52:be:32:74:1f:78:98:a1:94:37:28:57
Signer

.text
Size: 11KB - Virtual size: 10KB

.XNzgeD
Size: 1024B - Virtual size: 33KB

.WM
Size: 1KB - Virtual size: 8KB

.Zolyr
Size: 3KB - Virtual size: 28KB

.JdnGF
Size: 1024B - Virtual size: 40KB

.data
Size: 9KB - Virtual size: 8KB

.zJngk
Size: 1024B - Virtual size: 48KB

.I
Size: 1024B - Virtual size: 27KB

.qVRsHP
Size: 1024B - Virtual size: 278KB

.rsrc
Size: 228KB - Virtual size: 227KB