33f0950c9f963060e6cf8e24b159534f2aa2ae48a241affb9f8b6764a73ed787

Sharing

Copy URL Twitter E-mail

General

Target

33f0950c9f963060e6cf8e24b159534f2aa2ae48a241affb9f8b6764a73ed787
Size

302KB
MD5

add8f01b216dce62b21d9fea8335dfd6
SHA1

2d41277f7c91f4d389c5dc6bb0dcb5a93735dddb
SHA256

33f0950c9f963060e6cf8e24b159534f2aa2ae48a241affb9f8b6764a73ed787
SHA512

4e23ebc9ce47db26938198e38892b8f20ff704761b0382e82b5c62b9ba6bc42d6719c368bf054ab61f11fed0c7fe8f8182296d8d9dc9bf9dee3375b0e04ef773
SSDEEP

6144:Kpb809Dqp24+G3HxUlMjC0v8uJp+O0Qox7tGqjBcHUV6:S/deAyRUz0pJp+O0Q07tGqjBu

Score

1^/10

Malware Config

Signatures

Files

33f0950c9f963060e6cf8e24b159534f2aa2ae48a241affb9f8b6764a73ed787
.exe windows:5 windows x86 arch:x86

2299a3e6c5ee96e3c5c14ddb97e1508b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2f:74:d1:59:83:9b:91:1d:b6:f1:df:f9:91:e7:08:93
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/06/2015, 00:00

Not After

03/06/2018, 23:59

Subject

CN=Atom Security OOO,OU=development,O=Atom Security OOO,POSTALCODE=630090,STREET=Academician Koptyuga Prospect\, 4\,office 158,L=Novosibirsk,ST=nso,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:f6:01:ba:95:2d:ae:45:18:85:84:cb:59:5b:cf:c8:9a:98:dc:d2
Signer

Actual PE Digest

9e:f6:01:ba:95:2d:ae:45:18:85:84:cb:59:5b:cf:c8:9a:98:dc:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
WSAStartup
WSCEnumProtocols
WSCDeinstallProvider
WSCInstallProvider
WSCGetProviderPath
WSACleanup
inet_addr
gethostbyname
inet_ntoa
socket
htons
WSACreateEvent
WSAEventSelect
connect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket

rpcrt4

UuidCreate

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
MultiByteToWideChar
InterlockedDecrement
LoadLibraryW
ExpandEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
GetLocalTime
DeleteCriticalSection
MoveFileExW
MoveFileW
CopyFileA
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
MoveFileExA
MoveFileA
CreateFileW
GetTempPathW
GetTempPathA
ExpandEnvironmentStringsA
GetVersionExA
CloseHandle
GetCurrentProcess
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
WideCharToMultiByte
GetSystemTime
lstrlenA
FindFirstFileA
DeleteFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
WriteConsoleW
FlushFileBuffers
CreateFileA
HeapReAlloc
GetStringTypeW
LCMapStringW
SetEndOfFile
GetProcessHeap
LocalFree
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
SetStdHandle
GetSystemTimeAsFileTime
IsValidCodePage
GetOEMCP
GetACP
RtlUnwind
RaiseException
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
WriteFile
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
Sleep
HeapSize
ExitProcess
GetCPInfo
QueryPerformanceCounter

user32

wvsprintfA

advapi32

OpenProcessToken
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegCreateKeyExA
RegRestoreKeyA
RegSaveKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceW
CloseServiceHandle
QueryServiceConfigW

ole32

StringFromGUID2

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2299a3e6c5ee96e3c5c14ddb97e1508b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2f:74:d1:59:83:9b:91:1d:b6:f1:df:f9:91:e7:08:93Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

9e:f6:01:ba:95:2d:ae:45:18:85:84:cb:59:5b:cf:c8:9a:98:dc:d2Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 227KB - Virtual size: 226KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 10KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2f:74:d1:59:83:9b:91:1d:b6:f1:df:f9:91:e7:08:93
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

9e:f6:01:ba:95:2d:ae:45:18:85:84:cb:59:5b:cf:c8:9a:98:dc:d2
Signer

.text
Size: 227KB - Virtual size: 226KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 10KB - Virtual size: 9KB