b51480601a185632f58a17aa8b8b813d1e6dd21eb68a523506fd065b791a2c5f

Sharing

Copy URL

Twitter E-mail

General

Target

b51480601a185632f58a17aa8b8b813d1e6dd21eb68a523506fd065b791a2c5f
Size

737KB
MD5

0e527f38f40b7f3c4169174b677b131b
SHA1

846c54ed1d72c0521129431ed76d85a466e313ed
SHA256

b51480601a185632f58a17aa8b8b813d1e6dd21eb68a523506fd065b791a2c5f
SHA512

6ecc22636f44628602eac4c2445d4d6523be1b27a3d3f9099b5533f95271970e2993a92f8a63823ca141292951ffddff29491bde11ec1fb055f598c3e19b246f
SSDEEP

12288:FVi538AdsNfBcErmbUY7eDbnWZCXcHheaYMoqO:FY5sAIYwY7eDycXcHToqO

Score

1^/10

Malware Config

Signatures

Files

b51480601a185632f58a17aa8b8b813d1e6dd21eb68a523506fd065b791a2c5f
.exe windows:5 windows x86 arch:x86

f7412dcadcd5fedf5af0600b0077feae

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

14:94:75:57:b2:bd:95:93:15:b7:fd:31:40:cb:48:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-05-2013 00:00

Not After

04-07-2014 23:59

Subject

CN=Happy Cloud\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Happy Cloud\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:27:9c:d4:9b:93:60:dc:be:c1:69:74:4e:e6:55:e6:ce:88:bc:b9
Signer

Actual PE Digest

94:27:9c:d4:9b:93:60:dc:be:c1:69:74:4e:e6:55:e6:ce:88:bc:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\ClientBuild\HappyCloudService\Release\hcfwexcp.pdb

Imports

shlwapi

PathFileExistsW

shell32

SHCreateDirectoryExW
CommandLineToArgvW
ord680
SHGetSpecialFolderPathW

advapi32

CryptReleaseContext
CryptGenRandom
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
RegCreateKeyExW
RegQueryValueExW
CryptAcquireContextA
RegOpenKeyExW

psapi

GetProcessImageFileNameW
EnumProcesses

user32

AllowSetForegroundWindow
MessageBoxW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

kernel32

CreatePipe
ResetEvent
GetComputerNameW
GetTempPathW
CreateEventW
DuplicateHandle
GetProcessTimes
CreateDirectoryW
SetFileTime
GetLogicalDriveStringsW
GetVersionExA
ExpandEnvironmentStringsW
ReleaseMutex
GetLongPathNameW
SetEnvironmentVariableA
GetFileAttributesExW
WriteConsoleW
SetStdHandle
ReadConsoleW
OutputDebugStringW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WaitForSingleObject
Sleep
GetExitCodeProcess
GetLastError
CloseHandle
CreateMutexW
OpenMutexW
LeaveCriticalSection
EnterCriticalSection
CreateProcessW
GetModuleHandleW
CreateRemoteThread
OpenProcess
GetProcAddress
VirtualAllocEx
GetExitCodeThread
WriteProcessMemory
ResumeThread
MapViewOfFile
UnmapViewOfFile
SetEvent
WaitNamedPipeW
WriteFile
ReadFile
CreateFileW
SetNamedPipeHandleState
OpenFileMappingW
OpenEventW
TerminateProcess
GetCommandLineW
GetModuleFileNameW
GetCurrentThreadId
SetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetFullPathNameW
FindFirstFileW
SetFilePointer
SetEndOfFile
MoveFileExW
CopyFileW
GetFileAttributesW
FlushFileBuffers
WaitForMultipleObjects
MoveFileW
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
DeleteFileW
LocalFree
SetFileAttributesW
LoadLibraryW
GetCurrentProcess
GetVersionExW
MultiByteToWideChar
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
InterlockedPopEntrySList
InterlockedFlushSList
QueryPerformanceFrequency
InterlockedPushEntrySList
GetEnvironmentVariableW
SetEnvironmentVariableW
GetBinaryTypeW
IsWow64Process
GetSystemInfo
GetCurrentProcessId
FormatMessageW
lstrlenW
LocalAlloc
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
EncodePointer
DecodePointer
InterlockedExchange
HeapFree
IsProcessorFeaturePresent
GetCommandLineA
CreateThread
ExitThread
LoadLibraryExW
RaiseException
RtlUnwind
HeapAlloc
GetDriveTypeW
HeapReAlloc
GetTimeZoneInformation
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetFileType

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7412dcadcd5fedf5af0600b0077feae

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

14:94:75:57:b2:bd:95:93:15:b7:fd:31:40:cb:48:81Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

94:27:9c:d4:9b:93:60:dc:be:c1:69:74:4e:e6:55:e6:ce:88:bc:b9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

shell32

advapi32

psapi

user32

ole32

oleaut32

kernel32

iphlpapi

Sections

.text Size: 519KB - Virtual size: 518KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 11KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 616B

.reloc Size: 89KB - Virtual size: 89KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

14:94:75:57:b2:bd:95:93:15:b7:fd:31:40:cb:48:81
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

94:27:9c:d4:9b:93:60:dc:be:c1:69:74:4e:e6:55:e6:ce:88:bc:b9
Signer

.text
Size: 519KB - Virtual size: 518KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 11KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 616B

.reloc
Size: 89KB - Virtual size: 89KB