0a0ae5d804271f56c1fa5e1e695cc514

Target

0a0ae5d804271f56c1fa5e1e695cc514
Size

1.0MB
MD5

0a0ae5d804271f56c1fa5e1e695cc514
SHA1

e8d307b58856cd38c5b43f576a5dfd451f29b11c
SHA256

50119da56e84ae4baa207a9391a0143fe5aa66c212aeba08e2d6d864af0a0d83
SHA512

27d1a4cb2e8a62ea02191db8171d66d2cd485cae7649be03a65e5bf936d6d92e98a888d33b3c4826f47eae26b3e45cd8efeca7b73626ae9913b055fd2b5bfe11
SSDEEP

12288:Mi94bywx1Dj5+h7ZCn0P5T7lHDbIi9dszYjN5HbPiLsptcyx7tbFEujtgDi:MHx13SZW0x5j5dsYnHeYpuyx7tx/tgDi

Score

1^/10

Malware Config

Signatures

Files

0a0ae5d804271f56c1fa5e1e695cc514
.exe windows:5 windows x86 arch:x86

919a9aec1eff347967bff351784e8b43

Code Sign

7e:f3:00:91:52:fb:26:96:43:26:de:50:92:ec:72:ca
Certificate

Issuer

CN=XZZOXJSC

Not Before

25-12-2018 12:03

Not After

31-12-2039 23:59

Subject

CN=XZZOXJSC

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

80:46:ef:19:43:31:7f:72:58:68:45:3d:53:a2:87:1e:56:b4:37:f2:6a:a5:20:49:a4:9b:8e:f0:d3:e3:b3:9a
Signer

Actual PE Digest

80:46:ef:19:43:31:7f:72:58:68:45:3d:53:a2:87:1e:56:b4:37:f2:6a:a5:20:49:a4:9b:8e:f0:d3:e3:b3:9a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetTickCount
GetTimeFormatA
GetUserDefaultLCID
GetVersion
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GetCommandLineA
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
IsDebuggerPresent
GetDateFormatW
LoadLibraryW
LocalAlloc
LocalFree
MoveFileW
MultiByteToWideChar
OpenEventW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiW
lstrlenA
lstrlenW
GetCPInfo
FreeLibrary
FormatMessageW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitProcess
DuplicateHandle
DeleteFileW
DeleteFileA
CreateProcessW
CreateMutexW
CreateFileW
CreateFileA
CreateEventW
CreateDirectoryW
GetCurrentProcessId
LoadLibraryA
GetCurrentProcess
CopyFileW
GlobalHandle
CloseHandle

user32

IsCharUpperW
GetMenuItemCount
CharUpperW
wsprintfA
UpdateWindow
SystemParametersInfoA
SetTimer
SetCursor
SendMessageA
ReleaseDC
PostMessageA
LoadStringA
LoadCursorA
KillTimer
GetParent
GetDlgItem
GetDC

gdi32

BeginPath
CreateMetaFileW

advapi32

AccessCheck
AllocateAndInitializeSid
FreeSid
GetLengthSid
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
OpenProcessToken
OpenThreadToken
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RevertToSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegOpenKeyExW
AddAccessAllowedAce

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

919a9aec1eff347967bff351784e8b43

Code Sign

7e:f3:00:91:52:fb:26:96:43:26:de:50:92:ec:72:caCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

80:46:ef:19:43:31:7f:72:58:68:45:3d:53:a2:87:1e:56:b4:37:f2:6a:a5:20:49:a4:9b:8e:f0:d3:e3:b3:9aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 4KB - Virtual size: 1.0MB

7e:f3:00:91:52:fb:26:96:43:26:de:50:92:ec:72:ca
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

80:46:ef:19:43:31:7f:72:58:68:45:3d:53:a2:87:1e:56:b4:37:f2:6a:a5:20:49:a4:9b:8e:f0:d3:e3:b3:9a
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 4KB - Virtual size: 1.0MB