024a41f454ee3ad20ef4b3f56e62e7d0826fc303c3666d90f5bfa0eda10fa19a[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

024a41f454ee3ad20ef4b3f56e62e7d0826fc303c3666d90f5bfa0eda10fa19a.exe
Size

878KB
MD5

351476d1d7fe19ed3e1786b0f700df20
SHA1

d3f98268492ee85729be3a6fdecab58dcef6f2fb
SHA256

024a41f454ee3ad20ef4b3f56e62e7d0826fc303c3666d90f5bfa0eda10fa19a
SHA512

2325d935d1304450139c26c17c586c98fb21d014fc4416cf05507e364e8ac121e8a1af6b8f2c719ee71e8ca48092f7e9ddaf7cfd8e5f27754ffc69b11cc08e65
SSDEEP

12288:0OJ5+yFTrpRmUYFzF8ZIA2dj9358ovrqDOOBkggxme2I7k0A6zbF:T1RRmUqVA2dPqBkfxmuRAw

Score

1^/10

Malware Config

Signatures

Files

024a41f454ee3ad20ef4b3f56e62e7d0826fc303c3666d90f5bfa0eda10fa19a.exe
.exe windows:5 windows x86 arch:x86

b518e02e247a0f9da45cca39202525cc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:96:6c:77:e3:df:90:24:e4:ec:26:92:cf:dd:e7:43:d8
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

05-06-2014 11:35

Not After

23-08-2016 05:27

Subject

CN=Max Secure Software India Pvt. Ltd.,OU=Development,O=Max Secure Software India Pvt. Ltd.,L=Pune,ST=MH,C=IN,1.2.840.113549.1.9.1=#0c1474656368406d617870637365637572652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:dc:a0:ca:b2:29:e7:4d:fb:32:24:cd:e8:c0:fd:2e:62:a6:03:19
Signer

Actual PE Digest

84:dc:a0:ca:b2:29:e7:4d:fb:32:24:cd:e8:c0:fd:2e:62:a6:03:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCheckConnectionW

kernel32

LocalReAlloc
TlsFree
InterlockedIncrement
GetCurrentDirectoryW
GetStartupInfoW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
UnhandledExceptionFilter
IsDebuggerPresent
SetEnvironmentVariableW
SetCurrentDirectoryW
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
GlobalHandle
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetCurrentDirectoryA
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetProcessHeap
SetEnvironmentVariableA
GlobalReAlloc
TlsGetValue
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetFileTime
TlsSetValue
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
MoveFileW
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
MulDiv
GetModuleHandleA
GlobalLock
GlobalUnlock
FreeResource
SetVolumeLabelW
GetDiskFreeSpaceW
GetDriveTypeW
GetTickCount
SetFilePointer
WideCharToMultiByte
ReleaseMutex
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateMutexW
PulseEvent
RemoveDirectoryW
SetLastError
Sleep
ReadFile
WriteFile
GetFileSize
MoveFileExW
GlobalFree
GlobalAlloc
GetCurrentThreadId
GetLocalTime
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
GetFileSizeEx
TlsAlloc
GetLongPathNameW
TerminateProcess
OpenProcess
ExitProcess
GetVolumeInformationW
LocalFree
GetWindowsDirectoryW
GetSystemInfo
DeviceIoControl
LocalAlloc
GetLastError
lstrlenW
GetVersionExW
FormatMessageW
GetSystemDirectoryW
GetModuleHandleW
GetComputerNameW
GetCurrentProcess
InterlockedDecrement
GetEnvironmentVariableW
CloseHandle
WritePrivateProfileStringW
CreateFileW
GetLocaleInfoW
GetSystemDefaultLCID
MultiByteToWideChar
SetFileAttributesW
DeleteFileW
GetProcAddress
GetModuleFileNameW
GetFileAttributesW
CopyFileW
OutputDebugStringW
CreateDirectoryW
GetPrivateProfileIntW
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
GetCommandLineW
LockResource
SizeofResource
LoadResource
FindResourceW
VirtualFree

user32

InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
UnregisterClassW
GetSysColorBrush
DestroyMenu
CharUpperW
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
DispatchMessageW
GetTopWindow
GetMessageTime
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
MessageBeep
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetMenuItemID
GetMenuItemCount
UnhookWindowsHookEx
GetSubMenu
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetFocus
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
CharToOemBuffA
OemToCharBuffA
SetForegroundWindow
ClientToScreen
GetNextDlgGroupItem
RegisterClipboardFormatW
PostMessageW
WindowFromPoint
DrawEdge
PostThreadMessageW
GetCapture
DrawFocusRect
OffsetRect
GetWindowLongW
GetCursorPos
SetRect
GetDesktopWindow
GetSystemMetrics
CopyRect
SetCursor
SetCapture
GetParent
LoadCursorW
GetDC
ReleaseDC
IsWindow
ReleaseCapture
GetSysColor
SetTimer
ScreenToClient
KillTimer
PtInRect
InvalidateRect
GetMessagePos
GetSystemMenu
GetWindowRect
wsprintfW
AppendMenuW
DeferWindowPos
SetWindowRgn
IsZoomed
GetClientRect
LoadIconW
LoadBitmapW
BeginDeferWindowPos
SendMessageW
EnableWindow
EndDeferWindowPos
GetWindowPlacement

gdi32

GetWindowExtEx
GetViewportExtEx
GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
GetDeviceCaps
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
RoundRect
GetStockObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
StretchBlt
DeleteObject
SelectClipRgn
CombineRgn
CreateCompatibleBitmap
CreateRectRgn
GetPixel
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
CreateSolidBrush
BitBlt
DeleteDC
SelectObject
CreateCompatibleDC
CreatePen

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCloseKey

shell32

SHGetFolderPathW

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathIsDirectoryW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantTimeToSystemTime
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
SystemTimeToVariantTime
VarUdateFromDate
SysAllocString
VariantClear

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b518e02e247a0f9da45cca39202525cc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:96:6c:77:e3:df:90:24:e4:ec:26:92:cf:dd:e7:43:d8Certificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

84:dc:a0:ca:b2:29:e7:4d:fb:32:24:cd:e8:c0:fd:2e:62:a6:03:19Signer

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 391KB - Virtual size: 390KB

.rdata Size: 109KB - Virtual size: 108KB

.data Size: 17KB - Virtual size: 39KB

.rsrc Size: 353KB - Virtual size: 353KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:96:6c:77:e3:df:90:24:e4:ec:26:92:cf:dd:e7:43:d8
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

84:dc:a0:ca:b2:29:e7:4d:fb:32:24:cd:e8:c0:fd:2e:62:a6:03:19
Signer

.text
Size: 391KB - Virtual size: 390KB

.rdata
Size: 109KB - Virtual size: 108KB

.data
Size: 17KB - Virtual size: 39KB

.rsrc
Size: 353KB - Virtual size: 353KB