c831f44889906f0a7d26bf0a5e1abe8f515e0d569a757e361128fd2c72974937

Sharing

Copy URL

Twitter E-mail

General

Target

c831f44889906f0a7d26bf0a5e1abe8f515e0d569a757e361128fd2c72974937
Size

9.9MB
MD5

000845d413a49b37a82e6f6e9a6bb72b
SHA1

d4a7401a8fe786d56d97ae01c95554d27b562ac7
SHA256

c831f44889906f0a7d26bf0a5e1abe8f515e0d569a757e361128fd2c72974937
SHA512

ab0e9e4207324eef5ed706a3cb97360d1b3f528488870d2059963c5e594e81c243ec9816c3598ccd1431df833741081b8ba55fc60d497d4225f7681eff412f3a
SSDEEP

98304:dqOS/VvgRxfXAh1A53jxMiMC/jbk+3IKt31gEabWMEsC/mr2oiEExRNCrhq7Ke3z:dqX2T5zxK0nKKG8Z/GPMIrhqeXf0Aqm0

Score

1^/10

Malware Config

Signatures

Files

c831f44889906f0a7d26bf0a5e1abe8f515e0d569a757e361128fd2c72974937
.exe windows:4 windows x86 arch:x86

2e05acb624e3bb1461517d6450fb5689

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2013 20:08

Not After

27-06-2014 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:fd:96:69:58:c2:c8:ed:bb:ee:9c:fa:ab:dc:3a:66:76:a7:8c:46
Signer

Actual PE Digest

62:fd:96:69:58:c2:c8:ed:bb:ee:9c:fa:ab:dc:3a:66:76:a7:8c:46

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

excel.pdb

Imports

advapi32

RegCloseKey
RegEnumValueW
RegOpenKeyExW
GetLengthSid
FreeSid
EqualSid
LookupAccountNameW
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
LookupAccountSidW
GetAce
RevertToSelf
AccessCheck
MapGenericMask
OpenThreadToken
ImpersonateSelf
GetSecurityDescriptorLength
GetAclInformation
GetSecurityDescriptorDacl
SetEntriesInAclW
GetExplicitEntriesFromAclW
BuildTrusteeWithSidW
OpenProcessToken
MakeSelfRelativeSD
MakeAbsoluteSD
GetPrivateObjectSecurity
SetPrivateObjectSecurity
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegOpenKeyExA
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegOpenKeyA
RegQueryValueExW

gdi32

GetStockObject
CreateSolidBrush
SetWindowExtEx
SetViewportExtEx
SetWindowOrgEx
DPtoLP
LPtoDP
SetMapMode
SetTextColor
SetBkColor
SaveDC
RestoreDC
IntersectClipRect
GetRgnBox
CombineRgn
SetRectRgn
ExcludeClipRect
GetClipBox
GetPaletteEntries
GetNearestPaletteIndex
GetTextFaceW
GetTextMetricsW
SetBkMode
SetROP2
SetBrushOrgEx
GetNearestColor
CreateCompatibleBitmap
GetDIBits
GetBkColor
GetTextColor
EnumFontFamiliesW
GetViewportExtEx
GetWindowExtEx
GetMapMode
CreatePatternBrush
SetBitmapBits
CreateDIBPatternBrush
GetWindowOrgEx
BitBlt
CreateBitmap
CreateBrushIndirect
CreateHatchBrush
CreatePen
ExtCreatePen
PlayMetaFileRecord
PlayEnhMetaFileRecord
DeleteMetaFile
DeleteEnhMetaFile
MoveToEx
GetCurrentPositionEx
LineTo
PatBlt
Ellipse
Arc
Pie
DeleteDC
CreateCompatibleDC
StretchBlt
CreatePolygonRgn
Escape
Polygon
CreateRectRgn
CreateRectRgnIndirect
CloseMetaFile
EnumMetaFile
CreateMetaFileW
SetMetaFileBitsEx
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWinMetaFileBits
GetMetaFileBitsEx
PlayEnhMetaFile
EnumEnhMetaFile
GdiComment
ScaleViewportExtEx
SetPixel
GetPixel
GetBitmapBits
Polyline
GdiFlush
RealizePalette
SelectPalette
CreatePalette
GetSystemPaletteEntries
SetDIBits
CreateDIBSection
RoundRect
Rectangle
CreateRoundRectRgn
OffsetRgn
PaintRgn
GetTextExtentPointA
GetCharWidthA
SetTextAlign
GetTextAlign
GetCurrentObject
SetMapperFlags
EnumObjects
UnrealizeObject
EndDoc
AbortDoc
ExtEscape
EndPage
StretchDIBits
SetStretchBltMode
SetAbortProc
StartPage
CreateICW
InvertRgn
GetEnhMetaFileBits
SetEnhMetaFileBits
GetObjectType
CopyEnhMetaFileW
CopyMetaFileW
CreateDIBitmap
CreateFontIndirectW
GetObjectW
GetTextExtentPointW
GetCharWidthW
ExtTextOutW
ExtTextOutA
GetClipRgn
GetTextExtentExPointW
TextOutW
GetTextExtentPoint32W
SetViewportOrgEx
CreateFontA
CreateBitmapIndirect
GetObjectA
SelectClipRgn
GetDeviceCaps
EnumFontsW
GetTextCharsetInfo
DeleteObject
SelectObject
GetOutlineTextMetricsW

kernel32

SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
GetVersionExA
WinExec
GetSystemDefaultLCID
MulDiv
GetVersionExW
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
IsDBCSLeadByte
IsDBCSLeadByteEx
GetACP
GetDriveTypeW
GetFileSize
GlobalSize
GetFileTime
SetFileTime
GetVolumeInformationW
LockFile
UnlockFile
GetCurrentDirectoryW
MoveFileW
DeleteFileW
SetFilePointer
SetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
WriteFile
CreateFileW
SearchPathW
CloseHandle
ReadFile
GlobalReAlloc
SetEnvironmentVariableW
SetCurrentDirectoryW
GetTickCount
SetErrorMode
GetShortPathNameW
LoadResource
FindResourceW
GetLocalTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FreeLibrary
GlobalHandle
FileTimeToSystemTime
FileTimeToLocalFileTime
LCMapStringW
GetStringTypeW
CompareStringA
IsBadReadPtr
lstrcmpW
RaiseException
GetUserDefaultLCID
GetOEMCP
lstrcmpiA
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocaleInfoW
LocalAlloc
LocalFree
GetCurrentThread
GlobalAddAtomW
LoadLibraryA
GetTempPathW
GetCurrentProcess
WideCharToMultiByte
GetCommandLineW
MultiByteToWideChar
GetWindowsDirectoryW
GetTempFileNameW
IsBadWritePtr
SetUnhandledExceptionFilter
TerminateProcess
VirtualAlloc
GetSystemTime
CreateMutexW
InterlockedIncrement
InterlockedDecrement
ReleaseMutex
WaitForSingleObject
GetEnvironmentVariableW
GetSystemDefaultLangID
LockResource
SizeofResource
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateThread
InitializeCriticalSection
SetThreadPriority
CreateThread
VirtualFree
IsValidCodePage
EnumSystemLocalesW
EnumCalendarInfoW
FreeResource
GetFullPathNameW
GetLogicalDrives
IsValidLocale
GlobalGetAtomNameW
GlobalDeleteAtom
SetHandleCount
OpenFile
LoadLibraryExA
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
VirtualProtect
UnhandledExceptionFilter
GetDriveTypeA
GetVolumeInformationA
GetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FormatMessageA
GetSystemDirectoryW
LoadLibraryExW
LoadLibraryW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
InterlockedExchange

ole32

CoInitialize
OleQueryLinkFromData
CreateDataAdviseHolder
OleRegGetUserType
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CoFreeUnusedLibraries
OleQueryCreateFromData
CoUninitialize
CoRegisterMessageFilter
OleCreateFromData
GetHGlobalFromILockBytes
OleIsCurrentClipboard
CoCreateGuid
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleSetMenuDescriptor
ReadClassStm
CoTreatAsClass
SetConvertStg
OleTranslateAccelerator
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
OleSave
IsAccelerator
OleSetContainedObject
CoGetClassObject
OleSaveToStream
WriteClassStm
CoTaskMemAlloc
OleLoadFromStream
OleLoad
OleCreateLinkToFile
OleCreateFromFile
OleCreate
CoFileTimeNow
CreateItemMoniker
OleGetIconOfClass
CoIsOle1Class
CoGetMalloc
GetRunningObjectTable
CreateFileMoniker
StgSetTimes
ReadClassStg
CoDisconnectObject
CreateGenericComposite
OleIsRunning
ProgIDFromCLSID
OleRun
CreateBindCtx
OleCreateLink
OleCreateLinkFromData
ReleaseStgMedium
MkParseDisplayName
CoTaskMemFree
CoLockObjectExternal
CreateStreamOnHGlobal
GetHGlobalFromStream
StgIsStorageFile
StgCreateDocfile
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoCreateInstance
ReadFmtUserTypeStg
GetClassFile
StringFromGUID2
StgOpenStorage
CoCreateInstanceEx
WriteClassStg
StringFromCLSID
OleGetClipboard
OleSetClipboard
OleFlushClipboard
WriteFmtUserTypeStg
CLSIDFromString

user32

CharUpperBuffA
MessageBoxA
CharUpperW
UnpackDDElParam
SendMessageTimeoutW
PackDDElParam
GetDoubleClickTime
GetWindowDC
DestroyAcceleratorTable
MessageBoxW
GetSysColor
SetForegroundWindow
ShowWindow
EndDeferWindowPos
DeferWindowPos
SetWindowPos
ScreenToClient
GetWindowRect
SystemParametersInfoW
RegisterClassW
MonitorFromRect
SendMessageW
FillRect
GetClientRect
SetWindowLongW
SetWindowPlacement
GetWindowPlacement
IsIconic
GetWindow
GetWindowLongW
SetActiveWindow
PtInRect
GetSystemMetrics
UnhookWindowsHookEx
SetKeyboardState
GetKeyboardState
SetWindowsHookExW
ReleaseDC
GetDC
LoadIconW
LoadCursorW
SetMessageQueue
RegisterWindowMessageA
IntersectRect
IsRectEmpty
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow
SetRect
InvalidateRect
BeginPaint
EndPaint
GetWindowTextW
GetUpdateRgn
InvalidateRgn
ValidateRect
ValidateRgn
SetCapture
ReleaseCapture
GetCapture
SetFocus
EnableWindow
IsWindowEnabled
UpdateWindow
DispatchMessageW
FlashWindow
GetClassLongW
GetFocus
BeginDeferWindowPos
GetTopWindow
GetParent
ClientToScreen
GetUpdateRect
SetClassLongW
UnionRect
AdjustWindowRectEx
ShowCaret
HideCaret
RegisterClassExW
ExcludeUpdateRgn
ScrollDC
IsWindowVisible
GetSystemMenu
GetActiveWindow
PeekMessageW
IsChild
DestroyWindow
IsWindow
InSendMessage
VkKeyScanW
GetClassNameW
GetQueueStatus
GetKeyState
GetAsyncKeyState
GetInputState
SetTimer
KillTimer
PostQuitMessage
GetCursorPos
MapVirtualKeyW
TranslateMessage
WaitMessage
MsgWaitForMultipleObjects
RegisterClipboardFormatW
SetCursor
ShowCursor
MessageBeep
OpenIcon
GetWindowThreadProcessId
FindWindowW
EnumDisplayMonitors
SetRectEmpty
CreateMenu
DestroyMenu
DrawMenuBar
GetMenuItemID
GetMenuItemCount
DeleteMenu
RemoveMenu
GetSubMenu
GetMenuState
EnableMenuItem
SetScrollPos
CallWindowProcW
GetDlgItem
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollInfo
GetWindowWord
SetWindowWord
EnumThreadWindows
CloseClipboard
EmptyClipboard
SetCaretPos
GetKeyboardLayout
SetClipboardData
GetClipboardData
OpenClipboard
GetClipboardOwner
EnumClipboardFormats
IsClipboardFormatAvailable
CreateCaret
DestroyCaret
GetCaretPos
GetMessageExtraInfo
OffsetRect
InflateRect
PostMessageW
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
GetThreadDesktop
CharUpperBuffW
IsCharUpperW
SetWindowTextA
IsWindowUnicode
PeekMessageA
DispatchMessageA
CreateWindowExW
DrawTextW
DrawTextA
GetMessageW
SetParent
WindowFromPoint
GetMessageTime
GetScrollInfo
SendMessageA
UnregisterClassW
MoveWindow
PostMessageA
GetMessagePos
SetCursorPos
GetClipboardFormatNameW
FreeDDElParam
GetDesktopWindow
EqualRect
ArrangeIconicWindows
RedrawWindow
DrawFocusRect
ToUnicode
ToAscii
GetMenu
IsZoomed
EnumChildWindows
CharLowerBuffW
RegisterWindowMessageW
CharUpperA
CharLowerW
ActivateKeyboardLayout
DrawIconEx
DestroyIcon
DrawIcon
GetCursor
SetMenu
CreateAcceleratorTableW
MapWindowPoints
GetForegroundWindow
DefWindowProcW
SetWindowTextW
DrawFrameControl
LoadCursorFromFileW
GetIconInfo
CallNextHookEx
GetKeyboardLayoutList

msvcrt

exit
memmove
rand
srand
_wtoi
wcslen
atof
_ecvt
_fpreset
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
__CxxFrameHandler
swprintf
_chdir
_controlfp
_except_handler3

Exports

Exports

DllGetLCID
MdCallBack
_LPenHelper

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e05acb624e3bb1461517d6450fb5689

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

62:fd:96:69:58:c2:c8:ed:bb:ee:9c:fa:ab:dc:3a:66:76:a7:8c:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

ole32

user32

msvcrt

Exports

Exports

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.data Size: 79KB - Virtual size: 97KB

.cdata Size: 512B - Virtual size: 4B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

62:fd:96:69:58:c2:c8:ed:bb:ee:9c:fa:ab:dc:3a:66:76:a7:8c:46
Signer

.text
Size: 8.5MB - Virtual size: 8.5MB

.data
Size: 79KB - Virtual size: 97KB

.cdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB