004453aa0b1e351d44a16b2e0d296eb7ddcf668666ea9293c8fa2427a7278ed3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

004453aa0b1e351d44a16b2e0d296eb7ddcf668666ea9293c8fa2427a7278ed3.exe
Size

94KB
MD5

b857d641683be46403c2844de2c21120
SHA1

ce0e71a6762e2b3b3b7ab5e5e2f230b89238a25d
SHA256

004453aa0b1e351d44a16b2e0d296eb7ddcf668666ea9293c8fa2427a7278ed3
SHA512

d4f9452a3e1c6db6856c1c18afbca47a0aebbee189eaf720dffbd1eded52c8951543ed3d78e267791561fa99e2c509c3d0175b9ed265d5c48284df82fc26f244
SSDEEP

1536:WZBJy3KrOXo2Ic1Cb1vEWEY1cscD+JkluX:AB8aOo21C+LCxcaJZX

Score

1^/10

Malware Config

Signatures

Files

004453aa0b1e351d44a16b2e0d296eb7ddcf668666ea9293c8fa2427a7278ed3.exe
.exe windows:4 windows x86 arch:x86

eee4cbe0b597e32bc97d592c95ea2b4e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:ab:23:85:dd:94:2a:55:03:51:28:ee:9e:a2:b6:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/04/2014, 00:00

Not After

26/05/2015, 23:59

Subject

CN=AnchorFree Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AnchorFree Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:b3:5b:4a:06:1d:80:9c:29:ce:f7:8a:da:eb:e5:25:1e:4c:00:b1
Signer

Actual PE Digest

6d:b3:5b:4a:06:1d:80:9c:29:ce:f7:8a:da:eb:e5:25:1e:4c:00:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
CloseServiceHandle
ControlService
CreateProcessAsUserA
CreateServiceA
DeleteService
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CreateProcessA
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
OutputDebugStringA
Process32First
Process32Next
ProcessIdToSessionId
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
_stricmp
_vsnprintf
abort
atexit
atoi
calloc
fputc
free
fwrite
getenv
isspace
localeconv
malloc
mbstowcs
memcpy
printf
realloc
setlocale
signal
sprintf
strchr
strcoll
strcpy
strlen
strrchr
strtol
tolower
vfprintf
wcslen
wcstombs

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eee4cbe0b597e32bc97d592c95ea2b4e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

33:ab:23:85:dd:94:2a:55:03:51:28:ee:9e:a2:b6:3eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6d:b3:5b:4a:06:1d:80:9c:29:ce:f7:8a:da:eb:e5:25:1e:4c:00:b1Signer

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

userenv

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 2KB

.eh_fram Size: 6KB - Virtual size: 6KB

.bss Size: - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

33:ab:23:85:dd:94:2a:55:03:51:28:ee:9e:a2:b6:3e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6d:b3:5b:4a:06:1d:80:9c:29:ce:f7:8a:da:eb:e5:25:1e:4c:00:b1
Signer

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 2KB

.eh_fram
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B