734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8.exe
Size

2.1MB
MD5

559f586490fcc60b5ba2c9f9295b6128
SHA1

16ea8670793d3d6969ea7804f3761433fcb4fbde
SHA256

734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8
SHA512

db6f00666588d66764e4ceea38e3153d41f9ba710d00da44c69ff49a25246e72b5e6b72f801376985dea46c37a6422629e9c22a05197948ffb3d4c7456d0a89d
SSDEEP

49152:1ohjwSHKHEhhgUKSLwQdfuJLzBCeIQMbkdhoOsbAL:CjRKdL1CLQyohZ

Score

1^/10

Malware Config

Signatures

Files

734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8.exe
.exe windows:5 windows x86 arch:x86

396b6ada2fb78d67b93493dc85878e4f

Code Sign

35:f5:7a:dd:ef:00:15:e6:fe:be:6a:e2:71:0d:48:73
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20-02-2015 00:00

Not After

14-03-2017 23:59

Subject

CN=Lavasoft Limited,O=Lavasoft Limited,L=Sliema,ST=Malta,C=MT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:f8:28:3e:c6:7d:eb:f4:0f:15:74:db:ec:bd:a4:0c:42:b9:f5:9f
Signer

Actual PE Digest

10:f8:28:3e:c6:7d:eb:f4:0f:15:74:db:ec:bd:a4:0c:42:b9:f5:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\buildbot\slaves\ad_aware_antivirus\ad_aware_antivirus\build\_build\bin\Win32\Release\AdAwareWebInstaller.pdb

Imports

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptCreateHash

shell32

CommandLineToArgvW
SHGetFolderPathW
ord680

kernel32

GetSystemTimeAsFileTime
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
TlsAlloc
DeleteCriticalSection
GetCurrentProcessId
TlsGetValue
GetCommandLineW
SizeofResource
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
SetEvent
CloseHandle
CreateEventA
HeapFree
WaitForSingleObject
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetProcAddress
GetModuleHandleW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
WriteFile
CreateFileW
UnmapViewOfFile
GetLastError
CreateFileMappingW
MapViewOfFile
RaiseException
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
FormatMessageW
CopyFileW
FormatMessageA
HeapReAlloc
HeapSize
GetProcessTimes
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateMutexW
VerifyVersionInfoA
SleepEx
VerSetConditionMask
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetDriveTypeW
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FreeLibraryAndExitThread
ExitThread
CreateThread
GetACP
GetStdHandle
GetModuleFileNameW
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsA
LocalFree
LocalAlloc
GetModuleHandleExW
ExitProcess
QueryPerformanceFrequency
ReadFile
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExW
RtlUnwind
InterlockedPushEntrySList
OutputDebugStringW
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
GetStringTypeExW
LoadLibraryA
SystemTimeToFileTime
CreateWaitableTimerA
ResumeThread
SetWaitableTimer
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
LoadLibraryExA
WaitForSingleObjectEx
ResetEvent
AreFileApisANSI
GetModuleHandleA
GetWindowsDirectoryW
DeviceIoControl
SetFilePointerEx
SetEndOfFile
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
TlsFree
Sleep
CreateEventW
SetLastError
EncodePointer
GetStringTypeW

user32

MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
SetWindowPos
GetWindowRect
GetWindow
PostMessageW
GetDC
CreateWindowExW
ScreenToClient
SendMessageW
GetClientRect
ShowWindow
DispatchMessageW
TranslateMessage
LoadIconW
LoadCursorW
SetCursor
SetWindowLongW
UpdateLayeredWindow
PostQuitMessage
GetSysColorBrush
ReleaseCapture
ReleaseDC
GetCursorPos
GetParent
GetWindowLongW
GetMessageW
RegisterClassExW
LoadStringA
LoadStringW
DefWindowProcW

gdi32

CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantCopy
SysAllocStringLen
VariantClear

gdiplus

GdipGetImageWidth
GdipDeleteGraphics
GdipFillRectangleI
GdipCloneBrush
GdipCreateFromHDC
GdipFree
GdipAddPathStringI
GdipFillPath
GdipCreateSolidFill
GdipCreatePath
GdipSetSmoothingMode
GdipDeletePath
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageHeight
GdipDeleteFontFamily
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI

wldap32

ord60
ord211
ord27
ord143
ord32
ord50
ord35
ord79
ord30
ord200
ord301
ord41
ord22
ord33
ord26
ord46

ws2_32

sendto
freeaddrinfo
getsockopt
recv
ioctlsocket
connect
socket
send
WSAStartup
getaddrinfo
listen
setsockopt
WSAGetLastError
shutdown
select
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
WSASetLastError
getpeername
getsockname
htons
ntohs
WSAIoctl
gethostname
recvfrom

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

396b6ada2fb78d67b93493dc85878e4f

Code Sign

35:f5:7a:dd:ef:00:15:e6:fe:be:6a:e2:71:0d:48:73Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

10:f8:28:3e:c6:7d:eb:f4:0f:15:74:db:ec:bd:a4:0c:42:b9:f5:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shell32

kernel32

user32

gdi32

ole32

oleaut32

gdiplus

wldap32

ws2_32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 274KB - Virtual size: 274KB

.data Size: 88KB - Virtual size: 94KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 376KB - Virtual size: 375KB

.reloc Size: 70KB - Virtual size: 70KB

35:f5:7a:dd:ef:00:15:e6:fe:be:6a:e2:71:0d:48:73
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

10:f8:28:3e:c6:7d:eb:f4:0f:15:74:db:ec:bd:a4:0c:42:b9:f5:9f
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 88KB - Virtual size: 94KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 376KB - Virtual size: 375KB

.reloc
Size: 70KB - Virtual size: 70KB