2de09ff8fc8c2055a3091755f8947851278be3302e095b3aed97592c67002f7d[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2de09ff8fc8c2055a3091755f8947851278be3302e095b3aed97592c67002f7d.exe
Size

65KB
MD5

b604b80c0a472c75146b18736d1d0e80
SHA1

b9ef6ca0a7f12c66cc509f01ffa480b32608343d
SHA256

2de09ff8fc8c2055a3091755f8947851278be3302e095b3aed97592c67002f7d
SHA512

36e40b599e9cf366a0822f0b5f48a59de7fcbb5f9da7d384f4f4c5e0b35b0e76f9ab00d6b4a6ee4e5a1c90917d4a3d50f30fe5f340fba844cdb0a485031a7f59
SSDEEP

768:BYcbK7Wf3yQ5xvIT8wwfcpyiNcL/JrWhZ75uC7y11k10Q9+30THw9jdeg6nn2GMD:8m3pxAhpWrWhZYwiETQ9jQ1n2Gof

Score

1^/10

Malware Config

Signatures

Files

2de09ff8fc8c2055a3091755f8947851278be3302e095b3aed97592c67002f7d.exe
.dll windows:5 windows x86 arch:x86

c482bfb9c7db55e1b1dd4dd631132946

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

31/10/2007, 00:00

Not After

24/11/2010, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:a3:1b:50:d9:70:43:c7:5d:e3:ce:b2:f9:d1:f9:38:62:2a:92:39
Signer

Actual PE Digest

64:a3:1b:50:d9:70:43:c7:5d:e3:ce:b2:f9:d1:f9:38:62:2a:92:39

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord46
ord121
ord64
ord170
ord49
ord120
ord17
ord124
ord103
ord117
ord160
ord31
ord159
ord158
ord8
ord73
ord144

kernel32

GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
RtlUnwind
SetEvent
CreateEventA
FormatMessageA
lstrcpyA
ExpandEnvironmentStringsA
GetVersionExA
GetFileAttributesA
CreateDirectoryA
lstrlenA
lstrcatA
GetWindowsDirectoryA
LocalFree
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
DebugBreak
ResetEvent
Sleep
GetCurrentProcessId
_lclose
_lwrite
LCMapStringA
lstrcmpA
WritePrivateProfileStringA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
HeapFree
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
LoadLibraryExA
SetErrorMode
GetPrivateProfileStringA
_lread
_llseek
_lopen
GetModuleFileNameA
HeapAlloc
GetProcessHeap
OpenEventA
WaitForMultipleObjects
GetLastError
MoveFileA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringW
HeapSize
_lcreat
WriteFile
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc

user32

MessageBoxA
wsprintfA

advapi32

RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA

shell32

ShellExecuteA

Exports

Exports

AltStartup
Cleanup
Startup
WiseDotNetSec
WiseGetDotNetVersion
f0
f1
f10
f100
f101
f102
f103
f104
f105
f106
f107
f108
f109
f11
f110
f111
f112
f113
f114
f115
f116
f117
f118
f119
f12
f120
f121
f122
f123
f124
f125
f126
f127
f13
f14
f15
f16
f17
f18
f19
f2
f20
f21
f22
f23
f24
f25
f26
f27
f28
f29
f3
f30
f31
f32
f33
f34
f35
f36
f37
f38
f39
f4
f40
f41
f42
f43
f44
f45
f46
f47
f48
f49
f5
f50
f51
f52
f53
f54
f55
f56
f57
f58
f59
f6
f60
f61
f62
f63
f64
f65
f66
f67
f68
f69
f7
f70
f71
f72
f73
f74
f75
f76
f77
f78
f79
f8
f80
f81
f82
f83
f84
f85
f86
f87
f88
f89
f9
f90
f91
f92
f93
f94
f95
f96
f97
f98
f99
g0
g1
g10
g100
g101
g102
g103
g104
g105
g106
g107
g108
g109
g11
g110
g111
g112
g113
g114
g115
g116
g117
g118
g119
g12
g120
g121
g122
g123
g124
g125
g126
g127
g13
g14
g15
g16
g17
g18
g19
g2
g20
g21
g22
g23
g24
g25
g26
g27
g28
g29
g3
g30
g31
g32
g33
g34
g35
g36
g37
g38
g39
g4
g40
g41
g42
g43
g44
g45
g46
g47
g48
g49
g5
g50
g51
g52
g53
g54
g55
g56
g57
g58
g59
g6
g60
g61
g62
g63
g64
g65
g66
g67
g68
g69
g7
g70
g71
g72
g73
g74
g75
g76
g77
g78
g79
g8
g80
g81
g82
g83
g84
g85
g86
g87
g88
g89
g9
g90
g91
g92
g93
g94
g95
g96
g97
g98
g99

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c482bfb9c7db55e1b1dd4dd631132946

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08Certificate

Extended Key Usages

Key Usages

64:a3:1b:50:d9:70:43:c7:5d:e3:ce:b2:f9:d1:f9:38:62:2a:92:39Signer

Headers

File Characteristics

Imports

msi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

64:a3:1b:50:d9:70:43:c7:5d:e3:ce:b2:f9:d1:f9:38:62:2a:92:39
Signer

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB