8263e0db727be2660f66e2e692b671996c334400d83e94fc0355ec0949dce05c

Sharing

Copy URL Twitter E-mail

General

Target

8263e0db727be2660f66e2e692b671996c334400d83e94fc0355ec0949dce05c
Size

624KB
MD5

bf97e09016e5e6a65968933f94d10a1d
SHA1

e0bf3066f06fef0cc7aff20b6dc3655a40354e64
SHA256

8263e0db727be2660f66e2e692b671996c334400d83e94fc0355ec0949dce05c
SHA512

1fa36c734dbd2026dc8b23f5d682a50e200342dab3a727dbaccf91096ca50bb8e892551d9038176b8808d687fb03f01ef4e95a0dc9d6941e8673364860b03a38
SSDEEP

12288:9AEO+qWr7lSKi4BgRT1fPVWBoMXOFiQlBlKHRdoWOsJzZgVz:9DO+qWHg5rRpfPAo+O3vlKUW7JGVz

Score

1^/10

Malware Config

Signatures

Files

8263e0db727be2660f66e2e692b671996c334400d83e94fc0355ec0949dce05c
.exe windows:5 windows x86 arch:x86

74488018c431b81bb08e2caac0172730

Code Sign

f7:a9:44:14:b0:7b:6a:f3:2b:3f:cd:5e:5f:3f:d0:ab
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/08/2018, 00:00

Not After

13/08/2019, 23:59

Subject

CN=REPAL LIMITED,O=REPAL LIMITED,POSTALCODE=N12 0DR,STREET=Winnington House\, 2 Woodberry Grove,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:d1:c4:e6:6d:5a:35:37:a6:69:1d:34:2e:54:95:dd:ce:12:0a:3c
Signer

Actual PE Digest

da:d1:c4:e6:6d:5a:35:37:a6:69:1d:34:2e:54:95:dd:ce:12:0a:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
Sleep
ExitProcess
VirtualProtect
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
RtlUnwind
UnhandledExceptionFilter
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetModuleHandleW
GetCurrentDirectoryA
GetACP
TerminateProcess
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetFileSizeEx
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
FileTimeToLocalFileTime
GetVolumeInformationA
FindFirstFileA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
ReadFile
GetThreadLocale
GetStringTypeExA
DeleteFileA
MoveFileA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FormatMessageA
LocalFree
GetTickCount
GlobalFree
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GlobalAlloc
InterlockedDecrement
GetModuleFileNameW
GetModuleFileNameA
MulDiv
lstrcmpA
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
SetFileTime
GetFileAttributesA
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
FreeLibrary
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GetProcAddress
LoadLibraryA
GlobalGetAtomNameA
GlobalAddAtomA
MultiByteToWideChar
lstrlenA
SetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
GetFileInformationByHandle
GetFileTime
GetModuleHandleA
GetLastError
CreateToolhelp32Snapshot
lstrcpynA
GetTempPathW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
WriteFile
FlushFileBuffers
GetFileAttributesExW
DeleteFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceW
GetVolumePathNameW
FindFirstFileW
FindNextFileW
FindClose
SetConsoleScreenBufferSize
WideCharToMultiByte
VirtualAlloc
GetCommState
SetCommState
GetProcessHeap
HeapAlloc
GetCommProperties
HeapReAlloc
HeapFree
GetOverlappedResult
CreateEventA
ReadDirectoryChangesW
GetShortPathNameA
lstrcmpiA
GetSystemTimeAsFileTime
RaiseException

user32

SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
MessageBoxA
GetClassInfoExA
RegisterClassA
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
CallWindowProcA
PtInRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
WinHelpA
SetFocus
GetWindowThreadProcessId
IsWindowEnabled
InvalidateRgn
GetKeyState
LoadIconA
SetCursor
PeekMessageA
GetCapture
LoadAcceleratorsA
SetActiveWindow
IsWindowVisible
IsIconic
InsertMenuItemA
CreatePopupMenu
GetClassInfoA
IntersectRect
SetRectEmpty
CopyRect
GetLastActivePopup
PostMessageA
SetMenu
GetDesktopWindow
ShowWindow
AdjustWindowRectEx
RedrawWindow
SetWindowPos
GetWindowLongA
SetWindowLongA
IsWindow
TranslateAcceleratorA
TranslateMDISysAccel
BringWindowToTop
GetActiveWindow
DrawMenuBar
GetMenuItemCount
GetSubMenu
GetMenuItemID
DefMDIChildProcA
GetMenu
DefFrameProcA
SetRect
OffsetRect
InvalidateRect
EnableWindow
UpdateWindow
CreateWindowExA
IsDlgButtonChecked
GetSystemMenu
EnableMenuItem
wsprintfW
GetMessageA
TranslateMessage
DispatchMessageA
GetDC
GetSystemMetrics
GetClassNameA
UpdateLayeredWindow
ReleaseDC
ReleaseCapture
DefWindowProcA
EnumWindows
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
IsZoomed
IsRectEmpty
DeleteMenu
AppendMenuA
GetWindow
GetParent
SendMessageA
SetParent
DestroyCursor
LoadCursorA
GetCursorPos
FillRect
TabbedTextOutA
DrawTextA
MessageBeep
EqualRect
GetNextDlgGroupItem
GetClientRect
DestroyWindow
GetDlgItem
CharNextA
DestroyIcon
UnregisterClassA
GetTabbedTextExtentA
PostThreadMessageA
CreateMenu
CopyAcceleratorTableA
SetWindowRgn
DrawIcon
CharUpperA
SetCapture
LockWindowUpdate
GetDCEx
WindowFromPoint
KillTimer
SetTimer
GetSysColorBrush
GetMenuItemInfoA
InflateRect
GetMenuStringA
InsertMenuA
RemoveMenu
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
DrawTextExA
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetDlgCtrlID
GrayStringA
ValidateRect

gdi32

DPtoLP
StartDocA
EndPage
SetAbortProc
AbortDoc
EndDoc
CreateDCA
CreatePen
GetViewportOrgEx
PatBlt
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
GetTextExtentPoint32A
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
CreateSolidBrush
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetBkColor
CreateEllipticRgn
LPtoDP
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetWindowOrgEx
GetRgnBox
StretchDIBits
GetTextMetricsA
CreateFontA
GetCharWidthA
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleBitmap
StartPage
SelectObject
BitBlt
GetStockObject
FillRgn
GetMapMode
SetMapMode
GetDeviceCaps
SetViewportExtEx
Ellipse
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
RoundRect
Rectangle
GetPixel

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetJobA

advapi32

RegOpenKeyA
SetFileSecurityA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegQueryValueA
GetTokenInformation
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetFileSecurityA

shell32

SHGetPathFromIDListA
SHGetFolderPathA
SHBrowseForFolderA
DragFinish
DragQueryFileA
SHGetFileInfoA
ExtractIconA
Shell_NotifyIconA

comctl32

ImageList_AddMasked
InitCommonControlsEx

shlwapi

PathAppendA
PathQuoteSpacesA
PathFileExistsA
PathFindFileNameA
PathRelativePathToA
PathParseIconLocationA
UrlUnescapeA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFileExistsW
PathRemoveFileSpecW

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CreateILockBytesOnHGlobal

oleaut32

SysStringLen
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
VariantClear

urlmon

HlinkGoBack
FaultInIEFeature

netapi32

NetServerGetInfo
NetApiBufferFree

gdiplus

GdipAlloc
GdipCreateFromHDC

imm32

ImmGetDefaultIMEWnd

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74488018c431b81bb08e2caac0172730

Code Sign

f7:a9:44:14:b0:7b:6a:f3:2b:3f:cd:5e:5f:3f:d0:abCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

da:d1:c4:e6:6d:5a:35:37:a6:69:1d:34:2e:54:95:dd:ce:12:0a:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

netapi32

gdiplus

imm32

oleacc

Sections

.text Size: 385KB - Virtual size: 384KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 13KB - Virtual size: 27KB

.rsrc Size: 115KB - Virtual size: 115KB

f7:a9:44:14:b0:7b:6a:f3:2b:3f:cd:5e:5f:3f:d0:ab
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

da:d1:c4:e6:6d:5a:35:37:a6:69:1d:34:2e:54:95:dd:ce:12:0a:3c
Signer

.text
Size: 385KB - Virtual size: 384KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 13KB - Virtual size: 27KB

.rsrc
Size: 115KB - Virtual size: 115KB