e2ebdd8192b19cfbf2a6b283318708049ceaf7641999c185cc3594f3b1affcd6

Sharing

Copy URL Twitter E-mail

General

Target

e2ebdd8192b19cfbf2a6b283318708049ceaf7641999c185cc3594f3b1affcd6
Size

1019KB
MD5

3ce8a04d1956b1556a552e5f982d52ac
SHA1

346a529bfed1e54bed702f790e9f87d9e1030098
SHA256

e2ebdd8192b19cfbf2a6b283318708049ceaf7641999c185cc3594f3b1affcd6
SHA512

245fab6981bec4635214e5e2e10331aab8c0b3044739ce8a556c3e2bea2b8c2bd672d14e32190da7c1a2f2a5033c57d2dd1d296a014e3f52e34ccc293db8717b
SSDEEP

24576:oJLl0G/fyMSqeV9Gy6Tn2G+SJCM/SLK9I3XbZi9D83fiG:2LNCMSqejGykH9NqXbZi98PiG

Score

1^/10

Malware Config

Signatures

Files

e2ebdd8192b19cfbf2a6b283318708049ceaf7641999c185cc3594f3b1affcd6
.exe windows:5 windows x86 arch:x86

c58fa86a251970931e6023eaba0423b8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:0d:8c:32:5b:cf:64:fb:a4:6b:f2:f2:e2:aa:c2:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/12/2014, 00:00

Not After

12/12/2015, 23:59

Subject

CN=Record Page,O=Record Page,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:3d:2c:4c:45:cc:2c:2f:6a:61:6b:4a:87:b6:ca:8d:b7:e2:4f:1a
Signer

Actual PE Digest

06:3d:2c:4c:45:cc:2c:2f:6a:61:6b:4a:87:b6:ca:8d:b7:e2:4f:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
EnterCriticalSection
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetErrorMode
GetCommandLineW
InterlockedCompareExchange
GetCurrentThreadId
InterlockedExchange
DecodePointer
lstrlenW
lstrlenA
SetEnvironmentVariableA
SetEndOfFile
WaitForMultipleObjectsEx
WriteConsoleW
ReadConsoleW
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
CreateNamedPipeW
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
CopyFileW
Sleep
CreateMutexW
OpenMutexW
ReleaseMutex
GetFileTime
GetComputerNameW
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEvent
WaitForMultipleObjects
ResetEvent
GetExitCodeProcess
OpenProcess
CreateEventW
LocalAlloc
InterlockedDecrement
FileTimeToSystemTime
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
MoveFileExW
CreateProcessW
GetVersionExW
DeleteFileW
GetOverlappedResult
LocalFree
WaitForSingleObject
GetCurrentProcess
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
CreateDirectoryW
GetFileAttributesW
LeaveCriticalSection
SetFilePointer
WriteFile
ReadFile
CreateFileW
CloseHandle
WideCharToMultiByte
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
SizeofResource
LockResource
GetLastError
LoadResource
FindResourceW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileAttributesExW
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
lstrcmpiW
GetCurrentProcessId
CancelIo
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetTickCount
GetStartupInfoW
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
WaitNamedPipeW
MultiByteToWideChar
ConnectNamedPipe
CreateTimerQueueTimer
GetLogicalProcessorInformation
IsDebuggerPresent
OutputDebugStringW
DuplicateHandle
GetCurrentThread
GetExitCodeThread
GetSystemTimeAsFileTime
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
AreFileApisANSI
GetTempPathW
CreateThread
ExitThread
RtlUnwind
TryEnterCriticalSection
CreateTimerQueue
RtlCaptureStackBackTrace
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
LoadStringW
CharNextW
UnregisterClassW
MessageBoxW

advapi32

DeregisterEventSource
RegisterServiceCtrlHandlerW
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
SetServiceStatus
DeleteService
ChangeServiceConfig2W
CreateServiceW
StartServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
SetFileSecurityW
CryptDeriveKey
SetNamedSecurityInfoW
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAclInformation
AddAce
InitializeAcl
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
IsValidSid
LookupAccountNameW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountSidW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
CreateProcessAsUserW
CryptEncrypt
CryptExportKey
CryptDuplicateKey
CryptGenKey
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptImportKey
CryptAcquireContextW

shell32

SHGetFolderPathW

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CLSIDFromString
StringFromCLSID
CoTaskMemRealloc
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoAddRefServerProcess
CoReleaseServerProcess

oleaut32

SysAllocStringLen
SetErrorInfo
VariantChangeType
VariantInit
SysAllocString
GetErrorInfo
SysFreeString
VariantClear
VarUI4FromStr
CreateErrorInfo

shlwapi

PathAppendW
PathCombineW
PathFindFileNameW
PathIsDirectoryW
PathRemoveArgsW
PathRemoveExtensionW
PathFindExtensionW
PathUnquoteSpacesW
PathStripPathW
PathRenameExtensionW
PathRemoveFileSpecW
PathFileExistsW

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imagehlp

CheckSumMappedFile

psapi

GetModuleFileNameExW

iphlpapi

GetUdpTable
GetTcpTable

wsock32

ntohs

Sections

.text
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c58fa86a251970931e6023eaba0423b8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:0d:8c:32:5b:cf:64:fb:a4:6b:f2:f2:e2:aa:c2:65Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

06:3d:2c:4c:45:cc:2c:2f:6a:61:6b:4a:87:b6:ca:8d:b7:e2:4f:1aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

winhttp

version

imagehlp

psapi

iphlpapi

wsock32

Sections

.text Size: 806KB - Virtual size: 806KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 37KB - Virtual size: 36KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:0d:8c:32:5b:cf:64:fb:a4:6b:f2:f2:e2:aa:c2:65
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

06:3d:2c:4c:45:cc:2c:2f:6a:61:6b:4a:87:b6:ca:8d:b7:e2:4f:1a
Signer

.text
Size: 806KB - Virtual size: 806KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 37KB - Virtual size: 36KB