3b640e690ec064e923cf27a0bf5ea6839d1291cf312d504f5721ca62837e7c27

Sharing

Copy URL Twitter E-mail

General

Target

3b640e690ec064e923cf27a0bf5ea6839d1291cf312d504f5721ca62837e7c27
Size

2.2MB
MD5

bfcc0ce285f6b409ecdf87e77a61d724
SHA1

8a7b709793d04b07ec1d4eb289b04b55d43ecad5
SHA256

3b640e690ec064e923cf27a0bf5ea6839d1291cf312d504f5721ca62837e7c27
SHA512

07c09d92565d8de9dc60470e1d746342ff14c00e7f709b78cc2c283c755f2a193ed748e77a9e6224c902bb7f63f408a49daa2ecdf40c3c6fac9be2890e3bd742
SSDEEP

24576:lIA+7KTzw3jmUIRnJTvzvXjd05sOVllXUFlE09v5eaXfURizd8FU/4:8a8czB05sOVrUrXfURbU/4

Score

1^/10

Malware Config

Signatures

Files

3b640e690ec064e923cf27a0bf5ea6839d1291cf312d504f5721ca62837e7c27
.exe windows:4 windows x86 arch:x86

3d2a79c147f0062aae1eac9da3cafa72

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f0:97:59:38:bc:18:4e:32:83:c9:5c:ff:5c:b6:ff:49
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/03/2016, 00:00

Not After

29/03/2017, 23:59

Subject

CN=3 Play Networks\, Inc.,O=3 Play Networks\, Inc.,POSTALCODE=94087,STREET=806 E Homestead RD,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:c2:63:5c:2f:de:6b:d5:1c:65:03:bf:ee:aa:c3:15:78:d8:c9:bd
Signer

Actual PE Digest

e8:c2:63:5c:2f:de:6b:d5:1c:65:03:bf:ee:aa:c3:15:78:d8:c9:bd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\colonist\VistaWall\i386\Windows10FirewallControlPlus.pdb

Imports

ws2_32

getaddrinfo
freeaddrinfo
gethostbyname
WSAAddressToStringW
WSAGetLastError
closesocket
shutdown
connect
bind
htons
ioctlsocket
socket
send
__WSAFDIsSet
select
recv
htonl
inet_ntoa
inet_addr
ntohl

kernel32

InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
ResumeThread
GetThreadLocale
ReadFile
LockFile
UnlockFile
DuplicateHandle
FindClose
FindFirstFileW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
FindResourceExW
WritePrivateProfileStringW
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
ExitProcess
ExitThread
CreateThread
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
CreateFileA
GetTimeZoneInformation
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
VirtualProtect
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
GetTickCount
TerminateThread
InterlockedIncrement
FileTimeToLocalFileTime
GetFileSize
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
CreateEventW
ReleaseSemaphore
CreateSemaphoreW
WaitForSingleObject
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
GetDateFormatW
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetFullPathNameW
GetStartupInfoW
CreateProcessW
GetDiskFreeSpaceW
GetVolumeInformationW
DeviceIoControl
GetDriveTypeW
SetUnhandledExceptionFilter
GetModuleFileNameW
GetTempPathW
CreateFileW
GetCurrentThreadId
CreateMutexW
PulseEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
GetVersion
GetConsoleWindow
FreeConsole
WriteConsoleW
AttachConsole
AllocConsole
GetStdHandle
GetComputerNameW
ResetEvent
GetShortPathNameW
InterlockedDecrement
Sleep
SleepEx
GetCurrentProcessId
FreeLibrary
GetCurrentProcess
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
SetEvent
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
WideCharToMultiByte
lstrlenW
lstrlenA
GetSystemDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar

user32

IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatW
PostThreadMessageW
DestroyMenu
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
CopyAcceleratorTableW
CreateWindowExW
GetClassInfoExW
AdjustWindowRectEx
EqualRect
PostQuitMessage
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
EndDialog
GetMenuState
GetMenuStringW
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
CharUpperW
EnumDisplayDevicesW
GetClassInfoW
RegisterClassW
DrawEdge
MessageBoxW
ReleaseCapture
EnumDisplayMonitors
GetMonitorInfoW
SetCapture
UpdateWindow
ReleaseDC
GetDC
DrawIconEx
GetFocus
GetParent
EndPaint
BeginPaint
ClientToScreen
GetDlgItem
RegisterWindowMessageW
GetDesktopWindow
BringWindowToTop
IsIconic
DrawIcon
GetKeyState
PtInRect
FindWindowW
GetCursorPos
BlockInput
SetForegroundWindow
KillTimer
SetTimer
PostMessageW
MessageBeep
LoadImageW
DestroyIcon
CharNextW
SetRect
UnregisterClassW
LoadCursorW
GetSysColorBrush
InvalidateRect
ScreenToClient
IsWindow
SetWindowContextHelpId
SetCursor
GetMessageW
TranslateMessage
GetMenu
ValidateRect
LoadIconW
IsWindowVisible
GetClientRect
GetWindowRect
GetSystemMetrics
GetSysColor
FillRect
DrawTextW
SystemParametersInfoW
InsertMenuW
SetMenuItemInfoW
AppendMenuW
CreatePopupMenu
LoadBitmapW
CopyRect
EnableWindow
SendMessageW
WindowFromPoint
MapDialogRect
GetAsyncKeyState
UnregisterClassA
GetNextDlgTabItem

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
ScaleViewportExtEx
RectVisible
EnumFontFamiliesExW
GetBkColor
GetRgnBox
PtVisible
GetWindowExtEx
GetViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox
CreateRectRgnIndirect
GetDeviceCaps
GetTextColor
SelectObject
GetObjectW
CreateSolidBrush
SetBkMode
SetTextColor
GetTextExtentPoint32W
GetMapMode
CreateFontIndirectW
DeleteObject
SetMapMode
TextOutW

msimg32

GradientFill

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumValueW
RegQueryValueExW
RegQueryValueW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegCreateKeyExW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CheckTokenMembership
IsValidSid
GetLengthSid
CopySid
OpenProcessToken
DuplicateToken
RegSetValueExW

shell32

ExtractIconExW
ExtractIconW
Shell_NotifyIconW
ShellExecuteW

comctl32

ord17
_TrackMouseEvent

shlwapi

StrStrIW
PathFindFileNameW
PathIsUNCW
PathFindExtensionW
SHDeleteKeyW
PathStripToRootW

ole32

CoTaskMemAlloc
CoDisconnectObject
CLSIDFromProgID
CoInitializeEx
CoTaskMemFree
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoCreateInstanceEx
CLSIDFromString
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject

oleaut32

SysStringLen
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringLen
VariantChangeType
SafeArrayDestroy
SafeArrayCreate
SafeArrayUnlock
SafeArrayLock
SafeArrayCopy
SafeArrayGetVartype
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
OleCreateFontIndirect
VariantCopy
SysAllocString
VariantClear
VariantInit
SysFreeString

wsock32

WSASetLastError
WSAStartup
WSACleanup

iphlpapi

GetIfEntry
GetBestInterface
GetIpAddrTable
GetAdaptersAddresses

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

UnloadUserProfile

winmm

PlaySoundW

mpr

WNetGetConnectionW

Sections

.text
Size: 776KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 828KB - Virtual size: 845KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d2a79c147f0062aae1eac9da3cafa72

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

f0:97:59:38:bc:18:4e:32:83:c9:5c:ff:5c:b6:ff:49Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

e8:c2:63:5c:2f:de:6b:d5:1c:65:03:bf:ee:aa:c3:15:78:d8:c9:bdSigner

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

wsock32

iphlpapi

version

userenv

winmm

mpr

Sections

.text Size: 776KB - Virtual size: 772KB

.rdata Size: 164KB - Virtual size: 160KB

.data Size: 828KB - Virtual size: 845KB

.rsrc Size: 472KB - Virtual size: 471KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

f0:97:59:38:bc:18:4e:32:83:c9:5c:ff:5c:b6:ff:49
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

e8:c2:63:5c:2f:de:6b:d5:1c:65:03:bf:ee:aa:c3:15:78:d8:c9:bd
Signer

.text
Size: 776KB - Virtual size: 772KB

.rdata
Size: 164KB - Virtual size: 160KB

.data
Size: 828KB - Virtual size: 845KB

.rsrc
Size: 472KB - Virtual size: 471KB