Mia_Khalifia[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Mia_Khalifia.rar
Size

2.2MB
MD5

598a2cfef8967d0ec34dc6047dca9bb9
SHA1

c22f8db31c0b7523ada4835e7c150449730c30c9
SHA256

6312bd27cb1ee45ed81295be41854759d874cf9698bcf093e5891aa2d35e66ed
SHA512

b0948c55c65a0fe28db8d021c26f9ed102919d2dc7dbe889bfdf6c027fb75d26835b38a677829a0406c0aa46e2aecbe7b0bfa897662825b94e6b324c1bddcf52
SSDEEP

49152:y3zASjqG9k9xHPfUHdjA+yNWBU7gpGQ8gIoI8tUf9:qA2qGG921A1mU7NQ8b8tUV

Score

1^/10

Malware Config

Signatures

Files

Mia_Khalifia.rar
.rar
Mia_Khalifia/Mia_Khalifia.exe
.exe windows:5 windows x86 arch:x86

998aa17bdb177aa9cdef39798c0eac70

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d9:63:5b:07:5b:d3:e0:05:d5:d9:a7:1d:ed:ec:92:98
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/04/2018, 00:00

Not After

21/04/2022, 23:59

Subject

CN=Topala Software Solutions,O=Topala Software Solutions,POSTALCODE=L6A 0W5,STREET=1 Carmel Street,L=Vaughan,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:63:5b:07:5b:d3:e0:05:d5:d9:a7:1d:ed:ec:92:98
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/04/2018, 00:00

Not After

21/04/2022, 23:59

Subject

CN=Topala Software Solutions,O=Topala Software Solutions,POSTALCODE=L6A 0W5,STREET=1 Carmel Street,L=Vaughan,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

da:7f:45:06:b1:c9:25:68:41:b5:16:25:fc:35:eb:2c:35:88:0b:5b:56:35:dd:9c:af:6e:54:88:48:20:9f:ef
Signer

Actual PE Digest

da:7f:45:06:b1:c9:25:68:41:b5:16:25:fc:35:eb:2c:35:88:0b:5b:56:35:dd:9c:af:6e:54:88:48:20:9f:ef

Digest Algorithm

sha256

PE Digest Matches

false

ef:43:0f:44:b1:70:78:4b:37:77:56:b5:5e:52:cf:1a:e1:01:6c:24
Signer

Actual PE Digest

ef:43:0f:44:b1:70:78:4b:37:77:56:b5:5e:52:cf:1a:e1:01:6c:24

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\workspace\siw_helper\crashrpt-code\bin\CrashSender.pdb

Imports

ws2_32

gethostbyaddr
WSAGetLastError
getservbyport
WSASetLastError
WSAStartup
WSACleanup
inet_ntoa
ntohs
gethostbyname
recv
send
closesocket
connect
socket
htons
getservbyname
inet_addr
htonl

dnsapi

DnsQuery_W
DnsFree

wininet

InternetQueryOptionW
InternetReadFile
HttpOpenRequestW
HttpEndRequestW
InternetConnectW
HttpQueryInfoW
HttpSendRequestExW
InternetSetOptionW
InternetCloseHandle
InternetWriteFile
InternetOpenW

psapi

GetProcessMemoryInfo

gdi32

TextOutW
GetDIBits
CreateDCW
BitBlt
SetViewportOrgEx
SelectClipRgn
CreateRectRgn
CreateFontW
CreateDIBSection
StretchBlt
SetStretchBltMode
RealizePalette
SetLayout
DeleteObject
SelectObject
DeleteDC
CreateFontIndirectW
GetObjectW
GetStockObject
SetTextColor
SetBkMode
Polygon
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
SetBkColor
SetDCBrushColor
GetDIBColorTable
CreatePalette
CreateHalftonePalette
SetDIBits
SelectPalette

shell32

SHFileOperationW
SHGetFileInfoW
ExtractIconW
CommandLineToArgvW
ShellExecuteW
Shell_NotifyIconW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

kernel32

TlsAlloc
TlsGetValue
ReadConsoleW
TlsSetValue
GetStringTypeW
HeapSize
HeapReAlloc
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
GetCurrentDirectoryW
SetStdHandle
LCMapStringW
GetTimeFormatW
GetDateFormatW
InterlockedDecrement
GetSystemInfo
CreateFileMappingW
OpenFileMappingW
lstrlenW
UnmapViewOfFile
CloseHandle
InterlockedIncrement
MapViewOfFile
MultiByteToWideChar
GetModuleFileNameW
GetTempPathW
lstrlenA
GetConsoleMode
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetCurrentProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
FormatMessageW
GlobalFree
GlobalAlloc
DebugBreak
OutputDebugStringW
CreateDirectoryW
GetLastError
GetFileAttributesW
SystemTimeToFileTime
GetFileAttributesExW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
EnterCriticalSection
ResetEvent
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateFileW
GetFileSizeEx
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
FindNextFileW
OpenProcess
ReadProcessMemory
GetProcessTimes
FileTimeToSystemTime
GetSystemTime
CopyFileW
lstrcmpiW
RaiseException
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
GetCurrentThreadId
DecodePointer
MulDiv
CompareStringW
GetVersionExW
lstrcmpW
CreateMutexW
CreateThread
ReadFile
WriteFile
CreateProcessW
GetFileInformationByHandle
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
InitializeCriticalSection
Sleep
GlobalLock
GlobalUnlock
LoadLibraryA
GetSystemDirectoryA
GetTimeZoneInformation
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
IsDebuggerPresent
GetConsoleCP
SetFilePointerEx
FlushFileBuffers
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetFileType
PeekNamedPipe
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
FreeLibrary
SetEndOfFile
TlsFree

user32

GetMonitorInfoW
MonitorFromWindow
GetActiveWindow
DestroyMenu
CheckMenuRadioItem
LoadMenuW
EndDialog
SetMenuItemInfoW
GetSubMenu
EnableMenuItem
TrackPopupMenu
DeleteMenu
MonitorFromPoint
CopyRect
GetMenu
AdjustWindowRectEx
IsDialogMessageW
LoadIconW
EnableWindow
FlashWindow
PostQuitMessage
MessageBoxW
DialogBoxParamW
DrawTextExW
DrawIcon
GetIconInfo
SetProcessDefaultLayout
PostMessageW
SetTimer
CharUpperW
SetScrollInfo
DrawTextExA
GetScrollInfo
KillTimer
AnimateWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorInfo
EnumDisplayMonitors
GetWindowTextW
GetSystemMetrics
GetWindowThreadProcessId
EnumWindows
GetCursorPos
LoadImageW
PtInRect
UpdateWindow
IsWindow
ReleaseDC
DrawTextW
GetKeyState
CallWindowProcW
InvalidateRect
RedrawWindow
SendMessageW
IsWindowVisible
ShowWindow
GetDlgItem
DestroyIcon
SetRectEmpty
CreateDialogParamW
UnregisterClassW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
BeginPaint
EndPaint
FillRect
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
SetCursor
DispatchMessageW
SetWindowPos
OffsetRect
GetParent
DefWindowProcW
GetGuiResources
CharNextW
MoveWindow
MapWindowPoints
GetWindowRect
GetWindow
GetClientRect
GetDC
SetWindowLongW
GetWindowLongW
LoadStringW
SetFocus
SetWindowTextW
GetDesktopWindow
GetSysColorBrush
GetClassNameW
LoadCursorW
SystemParametersInfoW
CreateWindowExW
ScreenToClient
SetCapture
GetCapture
GetWindowTextLengthW
ReleaseCapture
IntersectRect
GetDlgCtrlID

advapi32

RegCloseKey
RegQueryValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
RegOpenKeyExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VarDecCmp
VarDecFromStr
VarDateFromStr
VarR8FromStr
VarI4FromStr
VarUI4FromStr

comctl32

_TrackMouseEvent
ImageList_Create
ImageList_ReplaceIcon
ImageList_Remove
InitCommonControlsEx

Sections

.text
Size: 705KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

998aa17bdb177aa9cdef39798c0eac70

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

d9:63:5b:07:5b:d3:e0:05:d5:d9:a7:1d:ed:ec:92:98Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

d9:63:5b:07:5b:d3:e0:05:d5:d9:a7:1d:ed:ec:92:98Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

da:7f:45:06:b1:c9:25:68:41:b5:16:25:fc:35:eb:2c:35:88:0b:5b:56:35:dd:9c:af:6e:54:88:48:20:9f:efSigner

ef:43:0f:44:b1:70:78:4b:37:77:56:b5:5e:52:cf:1a:e1:01:6c:24Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

dnsapi

wininet

psapi

gdi32

shell32

comdlg32

kernel32

user32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 705KB - Virtual size: 704KB

.rdata Size: 215KB - Virtual size: 214KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 27KB - Virtual size: 26KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

d9:63:5b:07:5b:d3:e0:05:d5:d9:a7:1d:ed:ec:92:98
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

d9:63:5b:07:5b:d3:e0:05:d5:d9:a7:1d:ed:ec:92:98
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

da:7f:45:06:b1:c9:25:68:41:b5:16:25:fc:35:eb:2c:35:88:0b:5b:56:35:dd:9c:af:6e:54:88:48:20:9f:ef
Signer

ef:43:0f:44:b1:70:78:4b:37:77:56:b5:5e:52:cf:1a:e1:01:6c:24
Signer

.text
Size: 705KB - Virtual size: 704KB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 27KB - Virtual size: 26KB