49ade2b247c92b5541252833e47736fd31a52576dd51141cbd9bb525aee7861b

Sharing

Copy URL Twitter E-mail

General

Target

49ade2b247c92b5541252833e47736fd31a52576dd51141cbd9bb525aee7861b
Size

581KB
MD5

2eb2b915c2756a83be2973cb61a08fae
SHA1

9050de7d0478236a80b56fdf0e9bb8baf51730fb
SHA256

49ade2b247c92b5541252833e47736fd31a52576dd51141cbd9bb525aee7861b
SHA512

23e1ef6ff37b2d5a4c0c662b4e163fc76f3adeb50d188f7c7225ca0f74533a68e64ca5f771c92933d9851c69575221ec4902f0cb24a91cc0fee4893a5a04df63
SSDEEP

12288:QBfd1chJKBPs0FJffkaOJgYAOlk1Ve17G193x50hD0FJcEiT/3IWVIvrxUcVJuBF:Y1chJKBPsXhk1Ve18QWDvkrEH7Q

Score

1^/10

Malware Config

Signatures

Files

49ade2b247c92b5541252833e47736fd31a52576dd51141cbd9bb525aee7861b
.exe windows:4 windows x86 arch:x86

891fe60c432727a8055abf0ccc65235f

Code Sign

0f:1a:fc:86:b8:80:6a:bd:46:ff:61:88:99:b7:f7:d9
Certificate

Issuer

CN=www.SamLab.ws

Not Before

07/03/2013, 23:04

Not After

31/12/2039, 23:59

Subject

CN=www.SamLab.ws

Extended Key Usages

ExtKeyUsageCodeSigning

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:6c:5f:17:2f:1c:b9:b5:ac:4d:c4:37:e6:78:19:49:ed:6b:69:68
Signer

Actual PE Digest

33:6c:5f:17:2f:1c:b9:b5:ac:4d:c4:37:e6:78:19:49:ed:6b:69:68

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

comctl32

InitCommonControls

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
GetDIBits
GetObjectA
Rectangle
SelectObject
SetROP2

kernel32

AddAtomA
AttachConsole
CloseHandle
CreateFileA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetConsoleScreenBufferInfo
GetLastError
GetModuleHandleA
GetStdHandle
GlobalAlloc
GlobalFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LocalAlloc
MultiByteToWideChar
ReleaseSemaphore
SetConsoleScreenBufferSize
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WriteFile

msvcrt

_fdopen
_read
_strdup
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_fdopen
_filelengthi64
_fstati64
_iob
_lseeki64
_onexit
_open_osfhandle
_setmode
_stricmp
_vsnprintf
abort
atexit
fclose
fflush
fgetpos
fopen
fread
free
fsetpos
fwrite
getc
malloc
memchr
memcpy
memmove
memset
printf
putc
setlocale
setvbuf
signal
sscanf
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
ungetc
wcscmp

user32

CloseClipboard
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EmptyClipboard
GetCursorPos
GetDC
GetMessageA
GetSystemMetrics
LoadCursorA
LoadIconA
MessageBoxA
OpenClipboard
PostQuitMessage
RegisterClassA
SetClipboardData
SetForegroundWindow
ShowWindow
TranslateMessage

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipCloneImage
GdipDeletePrivateFontCollection
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDisposeImage
GdipAlloc
GdipFree

Sections

.text
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

891fe60c432727a8055abf0ccc65235f

Code Sign

0f:1a:fc:86:b8:80:6a:bd:46:ff:61:88:99:b7:f7:d9Certificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

33:6c:5f:17:2f:1c:b9:b5:ac:4d:c4:37:e6:78:19:49:ed:6b:69:68Signer

Headers

File Characteristics

Imports

comctl32

gdi32

kernel32

msvcrt

user32

gdiplus

Sections

.text Size: 253KB - Virtual size: 253KB

.data Size: 512B - Virtual size: 464B

.rdata Size: 12KB - Virtual size: 11KB

.bss Size: - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

0f:1a:fc:86:b8:80:6a:bd:46:ff:61:88:99:b7:f7:d9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

33:6c:5f:17:2f:1c:b9:b5:ac:4d:c4:37:e6:78:19:49:ed:6b:69:68
Signer

.text
Size: 253KB - Virtual size: 253KB

.data
Size: 512B - Virtual size: 464B

.rdata
Size: 12KB - Virtual size: 11KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB