b02933b7c9b8c3ddfc1bf27c3941f8d68ae1fd7fe850f0fa888122eca299515b

Sharing

Copy URL Twitter E-mail

General

Target

b02933b7c9b8c3ddfc1bf27c3941f8d68ae1fd7fe850f0fa888122eca299515b
Size

482KB
MD5

c6b45e447ecc8dd588613b01a8e9d822
SHA1

ef4a1ae9660c2388132c6328757abf96d4eec00b
SHA256

b02933b7c9b8c3ddfc1bf27c3941f8d68ae1fd7fe850f0fa888122eca299515b
SHA512

1ed7aa6e7754f71704b58b826539d8b5ea3dbdcfb716a9d0198b8e33b97896134ee977529aa8530897c0c00e0fe499d89761b29706ad4809ebdee0ebf9ed0d67
SSDEEP

6144:v01eNfAf+HB1daReMNdmXPpFAo8pOzWJu7bu6iOxv///Sv/xPnGI6k:LWf+h1dueOAXhF6pQt7fiO9///iOI6k

Score

1^/10

Malware Config

Signatures

Files

b02933b7c9b8c3ddfc1bf27c3941f8d68ae1fd7fe850f0fa888122eca299515b
.exe windows:5 windows x86 arch:x86

0b69716e72ccecdecc59ebafec020ccc

Code Sign

01:1f:23:1c:fd:ae:0b:e3:d7:54:76:bf:3d:72:7a:30
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/06/2014, 00:00

Not After

28/06/2017, 12:00

Subject

CN=GFI Software Development Ltd,O=GFI Software Development Ltd,L=Mriehel,ST=Birkirkara,C=MT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:38:09:d9:02:17:d7:1d:ae:4a:a2:44:2e:63:d8:7f:4c:0c:b8:33
Signer

Actual PE Digest

2d:38:09:d9:02:17:d7:1d:ae:4a:a2:44:2e:63:d8:7f:4c:0c:b8:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Development\Systems\Smartleads\dev\src\SmartLeads Api\Bootstrapper\Release\BootstrapperTemplate.pdb

Imports

winhttp

WinHttpGetProxyForUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser

kernel32

TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedIncrement
GetModuleFileNameW
WriteFile
HeapSize
RaiseException
TlsAlloc
GetConsoleMode
IsProcessorFeaturePresent
IsDebuggerPresent
SetFilePointerEx
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
LoadLibraryExW
GetCurrentThreadId
GetCommandLineA
AreFileApisANSI
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GlobalFree
MultiByteToWideChar
GetTempPathA
lstrcpyW
ReadConsoleW
CloseHandle
GetModuleFileNameA
LocalAlloc
LoadLibraryA
VirtualAlloc
GetFileSizeEx
GetModuleHandleExW
ExitProcess
lstrcmpA
CreateFileA
InterlockedDecrement
HeapReAlloc
HeapAlloc
HeapFree
OutputDebugStringA
LockResource
FindResourceExA
LoadResource
DeleteFileA
SetEndOfFile
CreateFileW
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableA
GetTimeZoneInformation
GetStringTypeW
WriteConsoleW
GetFileAttributesExW
CreateProcessA
GetExitCodeProcess
LCMapStringW
CompareStringW
LoadLibraryW
OutputDebugStringW
GetDriveTypeW
FindFirstFileExW
FindClose
FlushFileBuffers
SetStdHandle
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcessHeap
GetCPInfo
SetLastError
GetLastError
CreateDirectoryA
MulDiv
WideCharToMultiByte
GetConsoleCP
IsValidCodePage
GetACP
LocalFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
WaitForSingleObject
FormatMessageA
GetTickCount
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
Sleep
ExpandEnvironmentStringsA
EncodePointer
DecodePointer
CreateThread
ExitThread
ResumeThread
GetOEMCP

user32

DestroyWindow
GetMessageA
IsDialogMessageA
TranslateMessage
MessageBoxA
DispatchMessageA
SetWindowLongA
SetFocus
GetWindowTextA
EndPaint
SetCursor
SetTimer
GetWindowRect
CreateDialogParamA
GetClientRect
BeginPaint
PtInRect
ChildWindowFromPoint
GetCursorPos
LoadCursorA
PostQuitMessage
LoadStringA
GetParent
LoadIconA
SendMessageA
GetWindowLongA
GetDlgItem
ShowWindow
SetWindowTextA
EnableWindow

gdi32

LineTo
MoveToEx
DeleteDC
CreateFontA
GetDeviceCaps
SetBkMode
DeleteObject
SelectObject
Rectangle
CreatePen
GetStockObject
CreateSolidBrush

advapi32

CryptGetHashParam
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ws2_32

gethostname
ioctlsocket
select
__WSAFDIsSet
listen
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
send
recv
WSAGetLastError
WSAStartup
WSACleanup
accept

wldap32

ord22
ord211
ord143
ord60
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord50

crypt32

CryptQueryObject
CryptDecodeObject
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CryptMsgGetParam
CryptMsgClose

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b69716e72ccecdecc59ebafec020ccc

Code Sign

01:1f:23:1c:fd:ae:0b:e3:d7:54:76:bf:3d:72:7a:30Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

2d:38:09:d9:02:17:d7:1d:ae:4a:a2:44:2e:63:d8:7f:4c:0c:b8:33Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

kernel32

user32

gdi32

advapi32

shell32

comctl32

rpcrt4

ws2_32

wldap32

crypt32

Sections

.text Size: 279KB - Virtual size: 278KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 5KB - Virtual size: 30KB

.rsrc Size: 98KB - Virtual size: 97KB

.reloc Size: 34KB - Virtual size: 34KB

01:1f:23:1c:fd:ae:0b:e3:d7:54:76:bf:3d:72:7a:30
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

2d:38:09:d9:02:17:d7:1d:ae:4a:a2:44:2e:63:d8:7f:4c:0c:b8:33
Signer

.text
Size: 279KB - Virtual size: 278KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 5KB - Virtual size: 30KB

.rsrc
Size: 98KB - Virtual size: 97KB

.reloc
Size: 34KB - Virtual size: 34KB