757641f46bad894031041d524cb5dbd4b2d8707bdbad518cb4cac3a871211805

Sharing

Copy URL Twitter E-mail

General

Target

757641f46bad894031041d524cb5dbd4b2d8707bdbad518cb4cac3a871211805
Size

416KB
MD5

e2b33cea5883289737d3c457e3225acf
SHA1

7b719e4e08c6218376365522bf8378aade72afbc
SHA256

757641f46bad894031041d524cb5dbd4b2d8707bdbad518cb4cac3a871211805
SHA512

39aca138877dbe4ba5c97cb75ad34903d5dd6139f4412cf25004129a5dd816c5191c3d30c8014264122f380c178d6dd827f321e2cbd8ca91c67b198b865dc387
SSDEEP

6144:pdFNJJbTYMWS9a+9ji66mNsR7FfWYNexpAOUGs0VgXTx0Ox0V2fHKFi5wS:pfHBYja9ji66m2BwHpq9JK2fHHwS

Score

1^/10

Malware Config

Signatures

Files

757641f46bad894031041d524cb5dbd4b2d8707bdbad518cb4cac3a871211805
.exe windows:5 windows x86 arch:x86

0862d822d558cd36d140fa002f0b8ec7

Code Sign

3d:54:24:18:ac:4f:e3:19:d0:34:b2:18:5b:5e:57:38
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

23/10/2017, 00:00

Not After

05/11/2020, 23:59

Subject

CN=JetBrains s.r.o.,OU=SOFTWARE,O=JetBrains s.r.o.,L=Praha,ST=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:54:24:18:ac:4f:e3:19:d0:34:b2:18:5b:5e:57:38
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

23/10/2017, 00:00

Not After

05/11/2020, 23:59

Subject

CN=JetBrains s.r.o.,OU=SOFTWARE,O=JetBrains s.r.o.,L=Praha,ST=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:12:b3:c6:45:bd:38:d3:22:cb:ee:c0:46:35:80:b3:ea:c1:23:5a:1b:b5:9f:e3:59:cd:f5:67:25:ce:b0:84
Signer

Actual PE Digest

b9:12:b3:c6:45:bd:38:d3:22:cb:ee:c0:46:35:80:b3:ea:c1:23:5a:1b:b5:9f:e3:59:cd:f5:67:25:ce:b0:84

Digest Algorithm

sha256

PE Digest Matches

true

dd:4b:e4:f4:04:49:e5:7b:6e:87:17:28:a2:01:0c:6d:54:e4:83:3d
Signer

Actual PE Digest

dd:4b:e4:f4:04:49:e5:7b:6e:87:17:28:a2:01:0c:6d:54:e4:83:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameW
GetFileAttributesW
GetTempPathW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetProcAddress
SetErrorMode
LocalAlloc
FormatMessageW
WriteConsoleW
FlushConsoleInputBuffer
WaitForSingleObject
PeekConsoleInputW
ReadConsoleInputW
GetStdHandle
GetConsoleMode
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentThreadId
CreateThread
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
WideCharToMultiByte
LocalFree
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
WriteFile
GetFileAttributesExW
CloseHandle
CreateFileW
LCMapStringW
VerSetConditionMask
CompareStringW
VerifyVersionInfoW
SizeofResource
LockResource
LoadResource
GetLastError
FindResourceW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
OutputDebugStringW
HeapAlloc
GetCommandLineW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
CreateEventW
SetLastError
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
SetEvent
GetCommandLineA
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
TerminateProcess

user32

GetSystemMetrics
PostThreadMessageW
GetMessageW
TranslateMessage
MonitorFromPoint
SetTimer
LoadCursorW
GetCursorInfo
GetProcessWindowStation
GetUserObjectInformationW
IsWindow
GetMonitorInfoW
DispatchMessageW
GetWindowLongW
LoadIconW
DestroyWindow
GetGUIThreadInfo
KillTimer
DefWindowProcW
RegisterClassExW
SetWindowLongW
GetAncestor
IsWindowVisible
EnumThreadWindows
SetWindowPos
UpdateLayeredWindow
CreateWindowExW
MessageBoxW

gdi32

CreateCompatibleDC
DeleteObject
CreateDIBSection
DeleteDC
GetDeviceCaps
CreateDCW
SelectObject

advapi32

RegCreateKeyExW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW

shell32

SHCreateDirectoryExW
ShellExecuteW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance

oleaut32

SafeArrayCopy
SafeArrayGetVartype
SafeArrayCreate
SafeArrayDestroy
SysStringByteLen
VariantCopyInd
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnlock
VariantClear
VariantChangeType
SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
GetErrorInfo
VariantInit
SafeArrayLock

gdiplus

GdipFree
GdipDeleteGraphics
GdipFillRectangleI
GdipDeleteBrush
GdipAlloc
GdipCloneBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdiplusStartup
GdiplusShutdown

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0862d822d558cd36d140fa002f0b8ec7

Code Sign

3d:54:24:18:ac:4f:e3:19:d0:34:b2:18:5b:5e:57:38Certificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

3d:54:24:18:ac:4f:e3:19:d0:34:b2:18:5b:5e:57:38Certificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

b9:12:b3:c6:45:bd:38:d3:22:cb:ee:c0:46:35:80:b3:ea:c1:23:5a:1b:b5:9f:e3:59:cd:f5:67:25:ce:b0:84Signer

dd:4b:e4:f4:04:49:e5:7b:6e:87:17:28:a2:01:0c:6d:54:e4:83:3dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

Sections

.text Size: 207KB - Virtual size: 207KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 91KB - Virtual size: 90KB

3d:54:24:18:ac:4f:e3:19:d0:34:b2:18:5b:5e:57:38
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

3d:54:24:18:ac:4f:e3:19:d0:34:b2:18:5b:5e:57:38
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

b9:12:b3:c6:45:bd:38:d3:22:cb:ee:c0:46:35:80:b3:ea:c1:23:5a:1b:b5:9f:e3:59:cd:f5:67:25:ce:b0:84
Signer

dd:4b:e4:f4:04:49:e5:7b:6e:87:17:28:a2:01:0c:6d:54:e4:83:3d
Signer

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 91KB - Virtual size: 90KB