12f75bffdf65aae8caffd61b99cb0d7f4020a4b06ac8839ecf33b002d0a4779c

Sharing

Copy URL Twitter E-mail

General

Target

12f75bffdf65aae8caffd61b99cb0d7f4020a4b06ac8839ecf33b002d0a4779c
Size

587KB
MD5

80913f8ade591bfb976111e602ddafa5
SHA1

b3e1cefe2f594e03f4a0b791b215f604921630fe
SHA256

12f75bffdf65aae8caffd61b99cb0d7f4020a4b06ac8839ecf33b002d0a4779c
SHA512

3a1ab9a45ada32e990be750c0f07b5c63e130368ad189482ed318748574711b086ac5b12721e41b37beb8f8fc4e15a56682db669c7897261824b2a61d85e78b5
SSDEEP

6144:km29JkU+EmxGFe1pbzmmJztOvgfAVx/oEGpSk+KpZIw:k/jkHEmxue1pbzm6tOyAX/9MD+KpOw

Score

1^/10

Malware Config

Signatures

Files

12f75bffdf65aae8caffd61b99cb0d7f4020a4b06ac8839ecf33b002d0a4779c
.exe windows:5 windows x86 arch:x86

4993d91500003f0416997a0d115e71e2

Code Sign

3b:e7:3b:92:81:98:65:47:bd:a4:47:d6:fb:7e:d5:cf
Certificate

Issuer

CN=program file authentication

Not Before

09/12/2013, 17:49

Not After

30/12/2199, 23:00

Subject

CN=program file authentication

Extended Key Usages

ExtKeyUsageCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\tcaddin\Output\TCRunXl.pdb

Imports

kernel32

CreateThread
GetFileSize
WriteFile
DuplicateHandle
CreateFileW
GetFileAttributesExW
VerSetConditionMask
GetVersion
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
OutputDebugStringA
GetFileAttributesW
VerifyVersionInfoW
HeapAlloc
HeapFree
GetProcessHeap
HeapSetInformation
FormatMessageW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LockResource
LoadResource
SizeofResource
GetTickCount
FindResourceW
GetSystemDirectoryW
InterlockedExchange
LoadLibraryExA
SetEndOfFile
SetFilePointer
GetSystemTime
OpenMutexW
GetCommandLineW
MultiByteToWideChar
GetTimeFormatA
GetDateFormatA
GetFileSizeEx
GetTempPathW
CopyFileW
GetExitCodeProcess
GetStdHandle
SetHandleInformation
CreatePipe
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
FindClose
FindFirstFileW
FindNextFileW
GetCurrentProcessId
TerminateProcess
WaitForSingleObject
OutputDebugStringW
DeleteFileW
GetLocaleInfoW
QueryPerformanceCounter
FreeLibrary
ExpandEnvironmentStringsW
RemoveDirectoryW
SetFileAttributesW
MoveFileExW
SetLastError
WriteConsoleW
SetStdHandle
GetVersionExW
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
ReadConsoleW
GetFileType
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCurrentThread
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LoadLibraryExW
ExitThread
IsDebuggerPresent
Sleep
GetModuleHandleW
WaitForMultipleObjects
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadProcessMemory
WriteProcessMemory
GetCurrentThreadId
GetCurrentProcess
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
FlushInstructionCache
LocalFree
GetProcAddress
RaiseException
WideCharToMultiByte
GetSystemInfo
CloseHandle
ReadFile
ResumeThread
GetLastError
VirtualQueryEx
VirtualAllocEx
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RtlUnwind
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStringTypeW

user32

DefWindowProcW
CallWindowProcW
UnregisterClassW
SetWindowLongW
GetWindowLongW
CharUpperW
LoadCursorW
KillTimer
SetTimer
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
RegisterWindowMessageW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
GetActiveWindow
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
SetWindowTextW
SetDlgItemTextW
EndDialog
IsWindow
MessageBoxW
LoadStringW
DialogBoxIndirectParamW

gdi32

DeleteObject

advapi32

RegQueryValueExW
CreateRestrictedToken
CreateProcessAsUserW
OpenProcessToken
RegOpenKeyExW
RegCloseKey
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ord165
ShellExecuteW
SHGetFolderPathW

ole32

CoSetProxyBlanket
CoCreateInstance
CoCreateGuid
CoInitializeEx
CoUninitialize
OleRun

oleaut32

SysFreeString
SysStringLen
SetErrorInfo
GetErrorInfo
SysAllocStringLen
VariantInit
VariantClear

ntdll

RtlCompareUnicodeString

shlwapi

ord388

comctl32

ord413

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4993d91500003f0416997a0d115e71e2

Code Sign

3b:e7:3b:92:81:98:65:47:bd:a4:47:d6:fb:7e:d5:cfCertificate

Extended Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

shlwapi

comctl32

Sections

.text Size: 350KB - Virtual size: 349KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 101KB - Virtual size: 112KB

.rsrc Size: 10KB - Virtual size: 10KB

3b:e7:3b:92:81:98:65:47:bd:a4:47:d6:fb:7e:d5:cf
Certificate

.text
Size: 350KB - Virtual size: 349KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 101KB - Virtual size: 112KB

.rsrc
Size: 10KB - Virtual size: 10KB