186b16a81a4742afd8bd53590ff2e705

Target

186b16a81a4742afd8bd53590ff2e705
Size

1.1MB
MD5

186b16a81a4742afd8bd53590ff2e705
SHA1

3ec4410a8598ef780b2eb4ac5f0dc3113619f0f5
SHA256

6d6089fee5f86170c5b3485a626cc6073631d09004f298da7b690b12a9482086
SHA512

6ba11e6a2dd9fa4db11acb39f7cf7924f0a3bc720592891f0293cf1f2b002c06c052717cb129182f39fbba32196b96f392ada1fb664933121ec0ccf16478b16f
SSDEEP

24576:0HtrdKYVVSrqGDohJ3STZG8vIn/sCBGnWsY03++:0HtV7GwBSTc8An/4YJ+

Score

1^/10

Malware Config

Signatures

Files

186b16a81a4742afd8bd53590ff2e705
.exe windows:5 windows x86 arch:x86

fa2d21c960425e9ec6378d6769bb3c1a

Code Sign

6c:af:80:8f:23:19:67:73:bd:42:61:17:c1:db:be:38
Certificate

Issuer

CN=TCBPXRFI

Not Before

19-02-2019 16:40

Not After

31-12-2039 23:59

Subject

CN=TCBPXRFI

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:a9:94:85:d2:02:86:8d:32:82:f3:42:5b:eb:e1:7f:9e:e1:9d:c4:a0:a1:db:3c:c1:1f:93:44:2c:0d:ca:88
Signer

Actual PE Digest

0b:a9:94:85:d2:02:86:8d:32:82:f3:42:5b:eb:e1:7f:9e:e1:9d:c4:a0:a1:db:3c:c1:1f:93:44:2c:0d:ca:88

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
MapViewOfFile
GetShortPathNameA
OpenEventA
OpenFileMappingA
OpenProcess
OutputDebugStringA
PulseEvent
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadIdealProcessor
SetThreadUILanguage
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TerminateThread
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WriteProfileStringW
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
GetProcessHeap
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoW
CloseHandle
GetLocaleInfoA
GetLastError
GetFullPathNameA
GetFileType
GetFileTime
GetFileSizeEx
GetFileSize
GetFileAttributesExA
GetFileAttributesA
GetExitCodeThread
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeW
GetDateFormatW
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetCommMask
GetCommConfig
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FormatMessageA
FlushFileBuffers
FindResourceA
FindNextChangeNotification
FindFirstFileA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateThread
CreateSemaphoreW
CreateProcessA
CreateMutexA
CreateMailslotA
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringW
CompareStringA
MultiByteToWideChar

user32

SetForegroundWindow
SetMenu
SetMenuItemBitmaps
SetPropA
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
SystemParametersInfoA
TabbedTextOutA
UnhookWindowsHookEx
ValidateRect
WinHelpA
wsprintfA
wvsprintfA
WindowFromDC
LoadCursorFromFileA
GetClipboardData
InSendMessage
IsMenu
DestroyIcon
CharLowerW
GetMenuContextHelpId
VkKeyScanA
CountClipboardFormats
IsCharAlphaA
IsCharAlphaNumericA
GetProcessWindowStation
IsWindowUnicode
GetKeyboardLayout
VkKeyScanW
GetActiveWindow
GetKBCodePage
GetClipboardOwner
GetAsyncKeyState
DestroyCursor
CloseClipboard
PaintDesktop
GetInputState
GetCursor
CloseDesktop
ReleaseCapture
EnumClipboardFormats
GetWindowContextHelpId
GetWindowTextLengthA
GetClipboardViewer
GetThreadDesktop
IsCharAlphaW
AnyPopup
CharUpperW
IsCharLowerW
IsClipboardFormatAvailable
GetQueueStatus
CloseWindow
GetDialogBaseUnits
OemKeyScan
SendMessageA
RemovePropA
ReleaseDC
RegisterWindowMessageA
RegisterClassA
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
ModifyMenuA
MessageBoxA
MapWindowPoints
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsWindowEnabled
IsWindow
IsIconic
GrayStringA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindow
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetPropA
GetParent
GetMessageTime
GetMessagePos
GetMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuInfo
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDC
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoExA
GetClassInfoA
GetCapture
EnableWindow
EnableMenuItem
DrawTextExA
DrawTextA
DispatchMessageA
DestroyWindow
DestroyMenu
DefWindowProcA
CreateWindowExA
CopyRect
CheckMenuItem
CharUpperA
CharNextW
CharNextA
CallWindowProcA
CallNextHookEx
AdjustWindowRectEx
ClientToScreen

gdi32

CreateRectRgn
EngDeletePath
EngFreeModule
EngUnlockSurface
EngWideCharToMultiByte
EnumFontFamiliesA
EnumFontsA
Escape
FontIsLinked
GdiAddGlsRecord
GdiArtificialDecrementDriver
GdiConvertPalette
GdiCreateLocalMetaFilePict
GdiEndDocEMF
GdiEntry4
GdiGetCodePage
GdiGetDC
GdiGetLocalBrush
GdiReleaseDC
GdiSetServerAttr
GdiStartPageEMF
GetCharABCWidthsA
GetCharWidthFloatW
GetCurrentPositionEx
GetDCPenColor
GetFontUnicodeRanges
GetGlyphOutlineW
GetMiterLimit
GetNearestColor
GetTextExtentExPointI
GetTextFaceAliasW
LPtoDP
PATHOBJ_vGetBounds
PolyPatBlt
CreateColorSpaceW
RemoveFontResourceExA
RemoveFontResourceW
SelectObject
SetGraphicsMode
SetMetaRgn
SetPixel
cGetTTFFromFOT
GetTextCharset
SwapBuffers
DeleteObject
CreateSolidBrush
SaveDC
FlattenPath
GdiGetBatchLimit
AbortDoc
GetStockObject
GetLayout
GetBkColor
GdiFlush
CreateHalftonePalette
GetSystemPaletteUse
GetObjectType
GetTextColor
GetColorSpace
GetPolyFillMode
GetGraphicsMode
AbortPath
DeleteColorSpace
CreateCompatibleDC
UnrealizeObject
UpdateColors
CreatePatternBrush
StrokePath
CloseEnhMetaFile
PolyPolyline
AddFontResourceW

advapi32

RegOpenKeyExW
RegQueryValueExA

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
StringFromGUID2

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 948KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fa2d21c960425e9ec6378d6769bb3c1a

Code Sign

6c:af:80:8f:23:19:67:73:bd:42:61:17:c1:db:be:38Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

0b:a9:94:85:d2:02:86:8d:32:82:f3:42:5b:eb:e1:7f:9e:e1:9d:c4:a0:a1:db:3c:c1:1f:93:44:2c:0d:ca:88Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 600B

.rsrc Size: 40KB - Virtual size: 948KB

6c:af:80:8f:23:19:67:73:bd:42:61:17:c1:db:be:38
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

0b:a9:94:85:d2:02:86:8d:32:82:f3:42:5b:eb:e1:7f:9e:e1:9d:c4:a0:a1:db:3c:c1:1f:93:44:2c:0d:ca:88
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 600B

.rsrc
Size: 40KB - Virtual size: 948KB