ee9dfcea61282b4c662085418c7ad63a0cbbeb3a057b6c9f794bb32455c3a79e

Sharing

Copy URL Twitter E-mail

General

Target

ee9dfcea61282b4c662085418c7ad63a0cbbeb3a057b6c9f794bb32455c3a79e
Size

742KB
MD5

7c17a3dbcfca6345f534ab7c4033c744
SHA1

5b5df32b9a842438d60d40dc792da9820ba2365c
SHA256

ee9dfcea61282b4c662085418c7ad63a0cbbeb3a057b6c9f794bb32455c3a79e
SHA512

d9f11b9b0ff48d66d2cf26fd5d039a9aa948dada9af0a3d8c51ec91e5a839c04fc27eb1c488c83ee6a2cefbfdc8e9a354377570bd18f6f264b84dd0f293a31ee
SSDEEP

12288:c1MJf81clrHc7m5MI9dibpdWt8PqXzGKTywWboqJtEK8ku9hJFxu2EkHTqVsmA:Hy1Kim5MAgwWboqJtE9kchtTX

Score

1^/10

Malware Config

Signatures

Files

ee9dfcea61282b4c662085418c7ad63a0cbbeb3a057b6c9f794bb32455c3a79e
.exe windows:4 windows x86 arch:x86

1b2498bd9b9afd716916cd2a37c22d22

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:63:8d:af
Certificate

Issuer

CN=WEB.DE TrustCenter E-Mail Certification Authority,OU=Trust Center,O=1&1 Mail & Media GmbH,L=D-76135 Karlsruhe,ST=Baden-Wuerttemberg,C=DE,1.2.840.113549.1.9.1=#0c0c7472757374407765622e6465

Not Before

14/09/2016, 13:14

Not After

14/09/2017, 13:14

Subject

CN=Stefan Kanthak,L=München,C=DE,1.2.840.113549.1.9.1=#0c1573746566616e2e6b616e7468616b407765622e6465

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

09
Certificate

Issuer

CN=WEB.DE TrustCenter,OU=Trust Center,O=1&1 Mail & Media GmbH,ST=Baden-Wuerttemberg,C=DE,1.2.840.113549.1.9.1=#0c0c7472757374407765622e6465

Not Before

02/09/2014, 07:50

Not After

30/08/2024, 07:50

Subject

CN=WEB.DE TrustCenter E-Mail Certification Authority,OU=Trust Center,O=1&1 Mail & Media GmbH,L=D-76135 Karlsruhe,ST=Baden-Wuerttemberg,C=DE,1.2.840.113549.1.9.1=#0c0c7472757374407765622e6465

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:6e:4e:1f:c8:1a:b5:d9:3b:bf:9a:24:a3:59:d8:1e:c5:f4:29:02
Signer

Actual PE Digest

12:6e:4e:1f:c8:1a:b5:d9:3b:bf:9a:24:a3:59:d8:1e:c5:f4:29:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
ntohl
listen
accept
recvfrom
sendto
getservbyport
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
connect
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
socket
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
ioctlsocket

crypt32

CertFreeCertificateContext

advapi32

CryptAcquireContextA
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptReleaseContext

wldap32

ord60
ord46
ord41
ord27
ord22
ord211
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord45

kernel32

GetFullPathNameA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentDirectoryA
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStringTypeW
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
CreateDirectoryA
GetFileAttributesA
MultiByteToWideChar
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetFileInformationByHandle
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
ReadConsoleInputA
SetConsoleMode
LeaveCriticalSection
GetCPInfo
RtlUnwind
SetEndOfFile
SearchPathA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
CloseHandle
GetLastError
SetFileTime
CreateFileA
GetModuleFileNameA
Sleep
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetLastError
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
SleepEx
GetVersionExA
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
HeapAlloc
HeapFree
SetFilePointer
SetStdHandle
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
GetCommandLineA
GetProcessHeap
ExitThread
CreateThread
SetHandleCount
GetStartupInfoA
IsDebuggerPresent
ExitProcess
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b2498bd9b9afd716916cd2a37c22d22

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:63:8d:afCertificate

Key Usages

09Certificate

Key Usages

12:6e:4e:1f:c8:1a:b5:d9:3b:bf:9a:24:a3:59:d8:1e:c5:f4:29:02Signer

Headers

File Characteristics

Imports

ws2_32

crypt32

advapi32

wldap32

kernel32

Sections

.text Size: 412KB - Virtual size: 408KB

.rdata Size: 292KB - Virtual size: 289KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 20KB - Virtual size: 16KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:63:8d:af
Certificate

09
Certificate

12:6e:4e:1f:c8:1a:b5:d9:3b:bf:9a:24:a3:59:d8:1e:c5:f4:29:02
Signer

.text
Size: 412KB - Virtual size: 408KB

.rdata
Size: 292KB - Virtual size: 289KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 16KB