1f8055c5c7b1a80288fd37f7ca125f582ffac6fa46fa7a73549ce110112db23e

Sharing

Copy URL

Twitter E-mail

General

Target

1f8055c5c7b1a80288fd37f7ca125f582ffac6fa46fa7a73549ce110112db23e
Size

1.2MB
MD5

4ad7e2c4b96c95be44534ffd546b29b5
SHA1

f2c72e5e84a0eee4041d35911d512b705a6fad73
SHA256

1f8055c5c7b1a80288fd37f7ca125f582ffac6fa46fa7a73549ce110112db23e
SHA512

a49d3008da955d459baf415ff1b764ece956c77e78755058b585c85fbe21bee405231078709f79b2716c96321d51121f66944165aaad068239df51795e274d27
SSDEEP

24576:NMr2R+wPCkP+dR117nn80wlab9TPxfarGid0FP7:+ryP9+V1jTw85arnd0FP7

Score

1^/10

Malware Config

Signatures

Files

1f8055c5c7b1a80288fd37f7ca125f582ffac6fa46fa7a73549ce110112db23e
.exe windows:5 windows x86 arch:x86

fc295b66f335df11b6143d432850087f

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

87:eb:b8:43:57:0c:67:55:41:80:33:df:99:13:f3:a9
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17-02-2015 00:00

Not After

17-02-2020 23:59

Subject

CN=Illustrate Limited,O=Illustrate Limited,POSTALCODE=IM4 4EW,STREET=18 Keeil Pharick Park,L=Glen Vine,ST=Isle of Man,C=GB,2.5.4.18=#1307494d3420344557

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:fd:58:07:f4:75:93:0f:53:2c:ed:bb:20:94:0c:ac:07:ec:12:08
Signer

Actual PE Digest

67:fd:58:07:f4:75:93:0f:53:2c:ed:bb:20:94:0c:ac:07:ec:12:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files (x86)\SpoonInstall\SpoonInstall.pdb

Imports

kernel32

GetCommandLineW
GetModuleFileNameW
GlobalLock
GlobalAlloc
MulDiv
GlobalUnlock
GlobalFree
QueryPerformanceCounter
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTime
GetTempFileNameW
GetTempPathW
SuspendThread
ResumeThread
FindResourceW
LoadResource
SizeofResource
LockResource
FreeLibrary
LoadLibraryW
GetDiskFreeSpaceW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetWindowsDirectoryW
OpenProcess
GetProcessId
CreateProcessW
lstrcmpiW
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
RtlUnwind
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetFileType
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
IsProcessorFeaturePresent
HeapSize
GetModuleHandleExW
ExitProcess
RaiseException
GetProcessHeap
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
HeapAlloc
DecodePointer
EncodePointer
HeapFree
GetProcAddress
GetVersionExW
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
ReleaseMutex
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
CreateMutexW
FindNextFileW
FindClose
FindFirstFileW
FlushFileBuffers
DeleteFileW
RemoveDirectoryW
CopyFileW
CreateDirectoryW
MoveFileExW
GetDriveTypeW
SetFileAttributesW
GetCurrentProcessId
CreateFileW
ReadFile
Sleep
WriteFile
SetFilePointer
GetFileSize
CloseHandle
CreateEventW
SetLastError
GetLastError
SetEvent
WaitForSingleObject
GetCurrentProcess

user32

DialogBoxParamW
RegisterClassExW
LoadIconW
GetWindowLongW
SetClassLongW
GetDlgItem
EndDialog
CallWindowProcW
DefWindowProcW
SetForegroundWindow
VkKeyScanW
IsChild
PostMessageW
UnregisterClassW
IsIconic
MapDialogRect
GetClassLongW
GetKeyState
SetWindowRgn
CreateDialogParamW
MoveWindow
MessageBoxW
DispatchMessageW
IsWindow
PeekMessageW
TranslateMessage
AllowSetForegroundWindow
SetActiveWindow
PostQuitMessage
GetWindowTextLengthW
ReleaseDC
GetDC
LoadImageW
MessageBeep
InvalidateRect
GetWindowTextW
SetWindowLongW
SetWindowPos
SendMessageW
SetWindowTextW
GetWindow
EndPaint
SetCursor
GetWindowRect
GetParent
LoadCursorW
WindowFromPoint
BeginPaint
SetLayeredWindowAttributes
ShowWindow
DrawIconEx
GetIconInfo
DestroyIcon
DrawFocusRect
FrameRect
TabbedTextOutW
GetTabbedTextExtentW
GetClientRect
GetDesktopWindow
GetSysColorBrush
ClientToScreen
DestroyWindow
SetTimer
ScreenToClient
TrackPopupMenu
SetCapture
KillTimer
GetSubMenu
GetFocus
ChildWindowFromPointEx
IsWindowEnabled
SetFocus
LoadMenuW
GetCursorPos
CreateWindowExW
ReleaseCapture
IsWindowVisible
EnableWindow
DestroyMenu
FillRect
DestroyCursor

gdi32

SetTextColor
GetTextExtentPoint32W
RoundRect
Rectangle
GetBkMode
MoveToEx
CreateRoundRectRgn
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
ExtTextOutW
CreatePen
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
LineTo
GetTextColor
BitBlt

advapi32

RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
InitiateShutdownW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ShellExecuteW
DuplicateIcon
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitialize

oleaut32

OleLoadPicture

msimg32

GradientFill

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ord14
ord15

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 951KB - Virtual size: 951KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc295b66f335df11b6143d432850087f

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

87:eb:b8:43:57:0c:67:55:41:80:33:df:99:13:f3:a9Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

67:fd:58:07:f4:75:93:0f:53:2c:ed:bb:20:94:0c:ac:07:ec:12:08Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

version

comctl32

Sections

.text Size: 187KB - Virtual size: 186KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 6KB - Virtual size: 20KB

.rsrc Size: 951KB - Virtual size: 951KB

.reloc Size: 11KB - Virtual size: 11KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

87:eb:b8:43:57:0c:67:55:41:80:33:df:99:13:f3:a9
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

67:fd:58:07:f4:75:93:0f:53:2c:ed:bb:20:94:0c:ac:07:ec:12:08
Signer

.text
Size: 187KB - Virtual size: 186KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 951KB - Virtual size: 951KB

.reloc
Size: 11KB - Virtual size: 11KB