2b4a685f59cf82b7e909b68360c08550N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2b4a685f59cf82b7e909b68360c08550N.exe
Size

528KB
MD5

2b4a685f59cf82b7e909b68360c08550
SHA1

28653b3a783217d22c75bef8eb99f6b6d0a80372
SHA256

ccf9e3f885fbaf91af13d264a69965020fb19b8b78f8e36f065bf48a372c5c4f
SHA512

d51f5d228856b57ff8d4e0eac82fd19a4e74bd5e8dd2464e0381df5555bc0a2b80368d64a63bf348275474d73e5d707e14b50f6e5f7d41794a492468ec7207a2
SSDEEP

6144:bWdC+v3cpQvYJvKPSwv2nPEuJ1fHbIop44Sm5FpxyN90vEbsNRBV+UdvrEFp7hKU:aEpQQJvKPSwvY1fHTHy90w6RBjvrEH73

Score

1^/10

Malware Config

Signatures

Files

2b4a685f59cf82b7e909b68360c08550N.exe
.exe windows:4 windows x86 arch:x86

2dfc2c74864b84f5530ab40a343c56d8

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

be:57:92:4d:6d:91:78:e8:65:0a:e5:76:f7:7e:48:be:10:4c:0d:2c
Signer

Actual PE Digest

be:57:92:4d:6d:91:78:e8:65:0a:e5:76:f7:7e:48:be:10:4c:0d:2c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

t:\setupexe\x86\ship\0\setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

advapi32

RegQueryValueExA
RegFlushKey
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA

kernel32

lstrcmpW
GetCommandLineW
SetCurrentDirectoryW
GlobalFree
GetModuleFileNameW
TlsFree
LoadLibraryExW
TlsSetValue
TlsGetValue
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
VerifyVersionInfoW
VerSetConditionMask
RemoveDirectoryW
GetTempPathW
GetFullPathNameW
CopyFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
lstrlenW
GetThreadLocale
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenA
WriteFile
CreateFileW
SetFilePointer
FindFirstFileW
FindClose
IsProcessorFeaturePresent
GlobalMemoryStatus
GetCurrentProcess
CompareStringW
CompareStringA
FormatMessageW
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetVersion
CloseHandle
LocalFree
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
SetErrorMode
GetVersionExW
GetLastError
FindNextFileW
SetLastError
TlsAlloc
GetCommandLineA
GetVersionExA
GetStartupInfoA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
OutputDebugStringA
GetSystemInfo

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitializeEx

shell32

CommandLineToArgvW
SHCreateDirectoryExW

user32

CharNextA
MessageBoxW
CharUpperA
CharUpperW
CharLowerA
CharLowerW

shlwapi

PathGetCharTypeW

wintrust

WinVerifyTrust

dbghelp

SymGetSymFromAddr64
SymInitialize
SymGetLineFromAddr64

oleaut32

GetErrorInfo
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantInit
VariantClear

msi

ord8
ord159
ord160
ord110
ord117
ord91
ord67
ord172
ord180
ord95
ord31
ord65
ord71
ord141

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dfc2c74864b84f5530ab40a343c56d8

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

be:57:92:4d:6d:91:78:e8:65:0a:e5:76:f7:7e:48:be:10:4c:0d:2cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

advapi32

kernel32

ole32

shell32

user32

shlwapi

wintrust

dbghelp

oleaut32

msi

Sections

.text Size: 307KB - Virtual size: 307KB

.data Size: 28KB - Virtual size: 30KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 15KB - Virtual size: 14KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

be:57:92:4d:6d:91:78:e8:65:0a:e5:76:f7:7e:48:be:10:4c:0d:2c
Signer

.text
Size: 307KB - Virtual size: 307KB

.data
Size: 28KB - Virtual size: 30KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 15KB - Virtual size: 14KB