29c3039267fdb2758c8325b26069d94b3edd79c1c4c828bda0450b965422f552

Target

29c3039267fdb2758c8325b26069d94b3edd79c1c4c828bda0450b965422f552
Size

1.4MB
MD5

a71294ac29535734df8d7ea8e30bef3b
SHA1

4d24ee41c7d2aecfebd5500adc3dc308ebf8e029
SHA256

29c3039267fdb2758c8325b26069d94b3edd79c1c4c828bda0450b965422f552
SHA512

978cf084bf6ecaf1df46e54645c6a87a9b1ca48d641405a7cdf2a411f2619455c66875e8de0f4fcaaaa4f96f81c5d6261511198f03d61f73211dc8cebeb148bb
SSDEEP

24576:9JSlxEJLbyy1BEEmuOdScyLmYBSnMVJKg3WtDI7h0:9JSlR8OdSPL4n6Isq072

Score

1^/10

Malware Config

Signatures

Files

29c3039267fdb2758c8325b26069d94b3edd79c1c4c828bda0450b965422f552
.exe windows:4 windows x86 arch:x86

c9c7ce43f588f2b74114dbcbffa5697f

Code Sign

51:60:ae:07:5c:f4:e7:8e:4c:9c:9f:88:d2:4c:71:c2
Certificate

Issuer

CN=WLGBMXCX

Not Before

16-01-2019 11:21

Not After

31-12-2039 23:59

Subject

CN=WLGBMXCX

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

01:08:fe:cc:0d:75:98:17:df:62:43:83:79:9a:b0:45:4c:14:3d:b1
Signer

Actual PE Digest

01:08:fe:cc:0d:75:98:17:df:62:43:83:79:9a:b0:45:4c:14:3d:b1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetModuleHandleW
InterlockedIncrement
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetStartupInfoA
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
EnterCriticalSection
CreateThread
Sleep
ExitProcess
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
TlsGetValue
LeaveCriticalSection
LocalAlloc
VirtualProtect
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
lstrcmpA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
GetCurrentProcessId
GetModuleFileNameA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetVersion
lstrlenA
MultiByteToWideChar
GetWindowsDirectoryA
GetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetProcessHeap
HeapAlloc
GetPrivateProfileStringA
CopyFileA
WritePrivateProfileStringA
CreateFileA
WriteFile
lstrcpyA
CreateProcessA
CloseHandle
SetLastError
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
GetTickCount
DeleteFileA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
ExitThread

user32

GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextW
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
BeginDeferWindowPos
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
CharUpperA
CharNextW
GetClipboardViewer
GetProcessWindowStation
IsCharLowerA
GetCaretBlinkTime
IsCharAlphaNumericW
GetMenu

gdi32

AddFontResourceA
DeleteColorSpace
CloseEnhMetaFile
AbortDoc
CreateCompatibleDC
GetEnhMetaFileA
FillPath
GetDCPenColor
CloseFigure
DeleteMetaFile
CreateMetaFileW
UnrealizeObject
GetStretchBltMode

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c9c7ce43f588f2b74114dbcbffa5697f

Code Sign

51:60:ae:07:5c:f4:e7:8e:4c:9c:9f:88:d2:4c:71:c2Certificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

01:08:fe:cc:0d:75:98:17:df:62:43:83:79:9a:b0:45:4c:14:3d:b1Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 60KB - Virtual size: 684KB

51:60:ae:07:5c:f4:e7:8e:4c:9c:9f:88:d2:4c:71:c2
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

01:08:fe:cc:0d:75:98:17:df:62:43:83:79:9a:b0:45:4c:14:3d:b1
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 60KB - Virtual size: 684KB