b1f5eac6d5512feccb8b5d8571b44e2f1c9b745d285bfc1a30afd3dfec2b125d

Sharing

Copy URL Twitter E-mail

General

Target

b1f5eac6d5512feccb8b5d8571b44e2f1c9b745d285bfc1a30afd3dfec2b125d
Size

275KB
MD5

cd08954b248f966e2a3d28d445507df7
SHA1

89a2a20b9b69116839c340377ab0011f3cc87853
SHA256

b1f5eac6d5512feccb8b5d8571b44e2f1c9b745d285bfc1a30afd3dfec2b125d
SHA512

5834b39a438f0a6d7bfadd50363fd69234ec9a31de37cea3163a8aae1213b3b1428895a565bafb09819e2a672475844468c548dbd34637f0b69e5f181192fdee
SSDEEP

6144:6vNeJ+NeNWNfNuN2NuJGNWSvsIGN/uPu4V5EdwuKQBNTvJN:6vNeJ+NeNWNfNuN2NuJGNWSGuG4V5E20

Score

1^/10

Malware Config

Signatures

Files

b1f5eac6d5512feccb8b5d8571b44e2f1c9b745d285bfc1a30afd3dfec2b125d
.exe windows:4 windows x86 arch:x86

3839635ec093b23b4eb851ff6e280984

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:31:4d:40:b7:bd:b8:b2:1d:0b:04:66:ba:ec:87:42
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/01/2013, 00:00

Not After

31/01/2014, 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab\, Inc.,L=Seongnam,ST=Gyeounggi,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:be:17:1d:e2:91:87:f3:55:36:4d:29:9d:49:ab:7f:f1:3f:e9:f4
Signer

Actual PE Digest

07:be:17:1d:e2:91:87:f3:55:36:4d:29:9d:49:ab:7f:f1:3f:e9:f4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

LocalReAlloc
TlsGetValue
MulDiv
GlobalFlags
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
SetErrorMode
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
MoveFileA
DeleteFileA
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
HeapAlloc
GetDriveTypeA
GetLocalTime
GetStartupInfoA
GetCommandLineA
ExitProcess
GetTimeZoneInformation
GetSystemTime
GetACP
TerminateProcess
CreateThread
ExitThread
TlsSetValue
HeapReAlloc
HeapSize
FatalAppExitA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
Sleep
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
GlobalReAlloc
GetLastError
GetVersionExA
lstrcmpiA
GetSystemInfo
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FindFirstFileA
FindClose
GetFileTime
GetFileAttributesA
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GlobalLock
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcAddress
FormatMessageA
WideCharToMultiByte
InterlockedDecrement
GetModuleHandleA
InterlockedIncrement
SetLastError
GetCurrentDirectoryA
CreateProcessA
WaitForSingleObject
OutputDebugStringA
GetCurrentProcessId
GetModuleFileNameA
GetTempPathA
SetCurrentDirectoryA
SetFilePointer
WriteFile
SetEndOfFile
CreateFileA
GetFileSize
ReadFile
CreateFileW
MultiByteToWideChar
LoadLibraryA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryExA
GetUserDefaultLangID
lstrcpyA
lstrcatA
CreateMutexA
CloseHandle
lstrcpynA
LocalAlloc
lstrcmpA
lstrlenA
LocalFree
GetVersion
FreeLibrary
RaiseException

user32

GetWindowTextLengthA
SetWindowLongA
MoveWindow
SetWindowPos
ShowWindow
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
IsChild
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
GetSysColorBrush
CharUpperA
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
DestroyMenu
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
IsDialogMessageA
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
ScreenToClient
ClientToScreen
WindowFromPoint
GetWindowThreadProcessId
GetDesktopWindow
WaitMessage
ReleaseCapture
SetCapture
LoadCursorA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostQuitMessage
PostMessageA
OemToCharA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
BringWindowToTop
CharToOemA
wsprintfA
wsprintfW
CharNextA
SetDlgItemInt
CharPrevA
LoadStringA
GetMenuState
GetCapture

gdi32

DeleteDC
StartDocA
SaveDC
RestoreDC
SelectObject
GetStockObject
SelectPalette
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
DeleteObject
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDCOrgEx
GetObjectA
SetMapperFlags
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegSetValueExA

shell32

SHGetFileInfoA
DragFinish
DragQueryFileA
DragAcceptFiles

comctl32

ord17

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3839635ec093b23b4eb851ff6e280984

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

01:31:4d:40:b7:bd:b8:b2:1d:0b:04:66:ba:ec:87:42Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

07:be:17:1d:e2:91:87:f3:55:36:4d:29:9d:49:ab:7f:f1:3f:e9:f4Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 184KB - Virtual size: 181KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 24KB - Virtual size: 37KB

.rsrc Size: 12KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

01:31:4d:40:b7:bd:b8:b2:1d:0b:04:66:ba:ec:87:42
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

07:be:17:1d:e2:91:87:f3:55:36:4d:29:9d:49:ab:7f:f1:3f:e9:f4
Signer

.text
Size: 184KB - Virtual size: 181KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 24KB - Virtual size: 37KB

.rsrc
Size: 12KB - Virtual size: 10KB