5a3e4dd716a378f5ed9ce918b70462b7f0211d270806d6b99bfee24bf0409784

Sharing

Copy URL Twitter E-mail

General

Target

5a3e4dd716a378f5ed9ce918b70462b7f0211d270806d6b99bfee24bf0409784
Size

55KB
MD5

0caadf6791f500cd87ac1ed939593025
SHA1

fd7c9fa8aafcf2853c5737d9bbc120bf1fb82454
SHA256

5a3e4dd716a378f5ed9ce918b70462b7f0211d270806d6b99bfee24bf0409784
SHA512

5a9d64bfddd5a1f05b7558008258836046b3232ad465ad5042f7ca04e57bfc51671e1a78f4ba01f0c61a756a1d4a3d1ac4fe6b0f0f4a0385fb18fb75fb222d96
SSDEEP

1536:BV2SASTYx9hWOhCpJAX4UHCfsKIRcTnRrdi:BVaSu9nCW4gKIRcTnRrdi

Score

1^/10

Malware Config

Signatures

Files

5a3e4dd716a378f5ed9ce918b70462b7f0211d270806d6b99bfee24bf0409784
.dll windows:5 windows x64 arch:x64

a8201c9ed52f2069bf8fe29f797a4423

Code Sign

2a:4c:2e:c3:44:47:93:8f:4a:db:b2:f5:5d:35:fb:ad
Certificate

Issuer

CN=ConEmu-Maximus5

Not Before

24/03/2010, 21:48

Not After

31/12/2039, 23:59

Subject

CN=ConEmu-Maximus5

53:30:55:3a:44:02:f4:01:19:2e:95:24:b9:30:47:38:ee:8c:77:e0
Signer

Actual PE Digest

53:30:55:3a:44:02:f4:01:19:2e:95:24:b9:30:47:38:ee:8c:77:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

T:\VCProject\FarPlugin\ConEmu\Maximus5\src\_VCBUILD\final.ConEmuDw.64W.vc9\ExtendedConsole64.pdb

Imports

kernel32

CloseHandle
UnmapViewOfFile
SetEvent
MapViewOfFile
OpenFileMappingW
SetLastError
SetConsoleTextAttribute
WriteConsoleOutputW
SetConsoleCursorPosition
GetExitCodeThread
WaitForSingleObject
CreateThread
GetConsoleWindow
lstrcpynW
SetNamedPipeHandleState
GetCurrentProcessId
Sleep
WaitNamedPipeW
CreateFileW
GetTickCount
IsDebuggerPresent
GetCurrentThreadId
SetEnvironmentVariableW
ReadFile
TransactNamedPipe
WriteFile
CreateFileMappingW
GetCPInfoExW
MultiByteToWideChar
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterW
ReadConsoleOutputCharacterA
ReadConsoleOutputW
GetConsoleMode
GetConsoleCP
GetConsoleOutputCP
HeapCreate
GetModuleHandleW
HeapAlloc
HeapReAlloc
HeapFree
HeapValidate
lstrcpyA
lstrlenA
FreeLibrary
LocalFree
GetVersionExW
LocalAlloc
lstrcmpiW
GetFileSizeEx
FindClose
FindNextFileW
GetFileInformationByHandle
FindFirstFileW
lstrcmpW
CreateDirectoryW
DebugBreak
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
IsBadReadPtr
ExpandEnvironmentStringsW
ResetEvent
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
OpenThread
GetLargestConsoleWindowSize
SearchPathW
GetWindowsDirectoryW
GetEnvironmentVariableW
LoadLibraryW
GetProcAddress
GetStdHandle
GetConsoleScreenBufferInfo
GetModuleFileNameW
lstrcpyW
GetLastError
lstrlenW
VirtualProtect
HeapDestroy
lstrcatW

user32

EnableWindow
GetDlgItem
SystemParametersInfoW
SetDlgItemTextW
CheckDlgButton
SetWindowLongPtrW
DialogBoxParamW
SetForegroundWindow
MapWindowPoints
GetClientRect
MessageBoxA
IsWindowVisible
IsWindow
MapVirtualKeyW
VkKeyScanW
GetSystemMetrics
CharUpperBuffW
GetWindowRect
GetWindowLongW
SetWindowPos
GetWindowLongPtrW
GetDlgCtrlID
IsDlgButtonChecked
InvalidateRect
EndDialog
SendMessageW
wsprintfW
SetFocus

gdi32

SetBkMode
CreateFontIndirectW
DeleteObject
SetTextColor
CreateSolidBrush

advapi32

RegOpenKeyExW
RegCloseKey

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comdlg32

ChooseColorW

Exports

Exports

ClearExtraRegions
Commit
GetColorDialog
GetTextAttributes
ReadOutput
SetTextAttributes
WriteOutput
WriteText

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8201c9ed52f2069bf8fe29f797a4423

Code Sign

2a:4c:2e:c3:44:47:93:8f:4a:db:b2:f5:5d:35:fb:adCertificate

53:30:55:3a:44:02:f4:01:19:2e:95:24:b9:30:47:38:ee:8c:77:e0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

version

comdlg32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 5KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 48B

2a:4c:2e:c3:44:47:93:8f:4a:db:b2:f5:5d:35:fb:ad
Certificate

53:30:55:3a:44:02:f4:01:19:2e:95:24:b9:30:47:38:ee:8c:77:e0
Signer

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 48B