16ea7b2afaf8f0be803f8e0465abc240N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

16ea7b2afaf8f0be803f8e0465abc240N.exe
Size

580KB
MD5

16ea7b2afaf8f0be803f8e0465abc240
SHA1

88f562ee7948c1fe642d82aed9a797627f33c366
SHA256

a7d10e055190bef4387210d6e12aa87155355bcbbd2d76bab4881f1ca00e2eef
SHA512

c194ca0747df1a5f2e89dfbfe0bb4b1696fb87559ebc9e659d530fcbfd5880dee0e22c61904c39893aa4b932459c50ab4fa5fc2d796d1636060d68b4476febf0
SSDEEP

12288:hfjLDukOEGIzQEuti/6axeR0kpSi0EbBW9T:hLekOEAEiaxm0kpSi0AW9

Score

1^/10

Malware Config

Signatures

Files

16ea7b2afaf8f0be803f8e0465abc240N.exe
.exe windows:4 windows x86 arch:x86

ab9a85c91ae8b215395ab038a81e2d0e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:24:db:fe:41:30:01:b3:b3:45:76:8a:4f:60:df:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/07/2011, 00:00

Not After

12/07/2012, 23:59

Subject

CN=SEIKO EPSON Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Service & Support Department,O=SEIKO EPSON Corporation,L=Suwa-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:68:fb:ce:75:90:19:a6:e7:59:3f:5b:1a:56:3c:cd:e8:a8:a9:c2
Signer

Actual PE Digest

32:68:fb:ce:75:90:19:a6:e7:59:3f:5b:1a:56:3c:cd:e8:a8:a9:c2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupIterateCabinetA
SetupOpenInfFileA
SetupCloseInfFile

comctl32

InitCommonControlsEx

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

TlsFree
FileTimeToSystemTime
WritePrivateProfileStringA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapReAlloc
VirtualAlloc
GetCommandLineA
GetStartupInfoA
ExitProcess
DeleteCriticalSection
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentProcessId
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
FormatMessageA
SetLastError
GetShortPathNameA
MoveFileA
CreateFileA
CreateDirectoryA
LocalFree
GetTickCount
Sleep
GetDiskFreeSpaceExA
GetFileAttributesExA
CompareFileTime
RemoveDirectoryA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
GetExitCodeProcess
GetUserDefaultLangID
GetPrivateProfileIntA
lstrcmpA
GetFileAttributesA
GetSystemDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
CreateProcessA
WaitForSingleObject
CopyFileA
GetTempFileNameA
MoveFileExA
GetPrivateProfileStringA
CreateMutexA
GetLastError
CloseHandle
GetModuleFileNameA
GetTempPathA
GetCurrentProcess
GetVersionExA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SetFileAttributesA
DeleteFileA
GetModuleHandleA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
lstrcmpiA
FreeLibrary
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
ExitThread
CreateFileW

user32

UnregisterClassA
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetSysColorBrush
InvalidateRect
DrawFocusRect
FillRect
ReleaseDC
GetDC
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
MessageBoxA
PostMessageA
ExitWindowsEx
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetTopWindow
PostThreadMessageA
EnableMenuItem
GetSystemMenu
GetWindowRect
EnableWindow
SendMessageA
UpdateWindow
CharUpperA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
CheckMenuItem
PostQuitMessage

gdi32

CreateSolidBrush
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetClipBox
CreateBitmap
GetDeviceCaps
GetStockObject
SetMapMode
RestoreDC
SaveDC
SelectObject
DeleteObject
GetTextMetricsA
ExtTextOutA
BitBlt
CreateCompatibleDC
GetObjectA
SetBkColor
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
QueryServiceConfigA
ChangeServiceConfigA
ControlService
QueryServiceStatus
DeleteService
OpenServiceA
StartServiceA
QueryServiceStatusEx
OpenSCManagerA
CreateServiceA
CloseServiceHandle
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

shlwapi

PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathRemoveFileSpecA
PathIsUNCA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen

Sections

.text
Size: 388KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pmj
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab9a85c91ae8b215395ab038a81e2d0e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

75:24:db:fe:41:30:01:b3:b3:45:76:8a:4f:60:df:46Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

32:68:fb:ce:75:90:19:a6:e7:59:3f:5b:1a:56:3c:cd:e8:a8:a9:c2Signer

Headers

File Characteristics

Imports

setupapi

comctl32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

Sections

.text Size: 388KB - Virtual size: 386KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 92KB - Virtual size: 88KB

.pmj Size: - Virtual size: 1B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

75:24:db:fe:41:30:01:b3:b3:45:76:8a:4f:60:df:46
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

32:68:fb:ce:75:90:19:a6:e7:59:3f:5b:1a:56:3c:cd:e8:a8:a9:c2
Signer

.text
Size: 388KB - Virtual size: 386KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 92KB - Virtual size: 88KB

.pmj
Size: - Virtual size: 1B