371e0a0ecb6a40ff41883c0fabe64fc0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

371e0a0ecb6a40ff41883c0fabe64fc0N.exe
Size

968KB
MD5

371e0a0ecb6a40ff41883c0fabe64fc0
SHA1

b39eb5202ab4f79cb3e59f063cded3375521f563
SHA256

4f021257e5a27e0b5451778bdd462f30f7e8c93b006c7d1b40ea73494ca04e7c
SHA512

f7cfe7927962daf9a505b14ec481e77120daf8998f8f0076f38d989178b1efac447aff78ac7dbd1ae9f39b1c39915aa611adc2aafc129ca354666b9e3b6fa36e
SSDEEP

24576:FVJzAMQGojxEh/F6DG5qT+OJsiMug5tsQdd:FVJzU7jGJoniOqibCtnd

Score

1^/10

Malware Config

Signatures

Files

371e0a0ecb6a40ff41883c0fabe64fc0N.exe
.dll windows:5 windows x64 arch:x64

24421a48777ae226d9a72ca9d68105c9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:68:e9:9b:5c:7d:7f:14:ba:19:f3:d4:a9:b9:2c:27
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/08/2015, 00:00

Not After

03/10/2018, 23:59

Subject

CN=Acronis International GmbH,O=Acronis International GmbH,L=Schaffhausen,ST=Schaffhausen,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:b8:02:53:bd:01:ef:c5:54:57:d6:0a:a5:95:de:28:94:62:20:c7
Signer

Actual PE Digest

bd:b8:02:53:bd:01:ef:c5:54:57:d6:0a:a5:95:de:28:94:62:20:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

k:\5620\exe\vsa64\release\multi\oem_doc_source.pdb

Imports

advapi32

EncryptFileW
DecryptFileW
GetSecurityDescriptorOwner
SetFileSecurityW
GetFileSecurityW
RevertToSelf
SetThreadToken
OpenThreadToken
ImpersonateLoggedOnUser
OpenEncryptedFileRawW
ReadEncryptedFileRaw
WriteEncryptedFileRaw
CloseEncryptedFileRaw
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyExW
RegQueryValueExW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
RegCloseKey

user32

CharUpperBuffW
CreateWindowExA
RegisterClassExA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfW

shell32

SHGetFolderPathW
ord645
ord644
ord4
ord2
SHGetDesktopFolder
ord21
SHGetPathFromIDListW
SHGetMalloc

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData

msvcr120

_amsg_exit
__CppXcptFilter
__lconv_init
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__C_specific_handler
wcschr
_wcstoui64
_beginthreadex
strcmp
abort
strchr
memchr
memcmp
wcstol
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
memmove
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_purecall
_get_invalid_parameter_handler
_set_invalid_parameter_handler
fputws
fflush
__iob_func
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
free
_malloc_crt
_initterm
_initterm_e
__crt_debugger_hook
_strnicmp
__crtUnhandledException

msvcp120

?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

kernel32

GetVersion
FreeLibrary
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WideCharToMultiByte
LoadLibraryExW
LCMapStringW
ReleaseSemaphore
CreateSemaphoreA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
Sleep
OutputDebugStringW
GetStdHandle
DisableThreadLibraryCalls
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetFileAttributesExW
GetFileAttributesW
BackupWrite
BackupSeek
BackupRead
GetFileTime
GetProcAddress
GetModuleHandleA
GetLocaleInfoA
GetUserDefaultUILanguage
LocalFree
FormatMessageW
GetLastError
SetErrorMode
GetLogicalDrives
FindClose
CloseHandle
GetModuleFileNameW
GetDriveTypeA
GetWindowsDirectoryW
GetCurrentDirectoryW
GetProcessWorkingSetSize
SetProcessWorkingSetSize
GetCurrentProcess
SetLastError
LockFileEx
UnlockFileEx
WriteFile
ReadFile
FlushFileBuffers
DeviceIoControl
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
SetFileShortNameW
GetDriveTypeW
GetTempPathW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
CreateDirectoryW
RemoveDirectoryW
CreateFileW
SetFileAttributesW
GetCompressedFileSizeW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
MoveFileExW
CreateHardLinkW
GetVolumeInformationW
FindFirstChangeNotificationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
CompareStringW
GetCurrentThreadId
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
FindNextChangeNotification
FindCloseChangeNotification
LockResource
GetCurrentThread
ExitThread
LoadResource
LoadLibraryA
ExpandEnvironmentStringsW
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
QueryDosDeviceA
MultiByteToWideChar
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTimeZoneInformation
WriteConsoleW

mpr

WNetGetUniversalNameW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection3W

Exports

Exports

ExtractOemHelpFiles

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24421a48777ae226d9a72ca9d68105c9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7a:68:e9:9b:5c:7d:7f:14:ba:19:f3:d4:a9:b9:2c:27Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

bd:b8:02:53:bd:01:ef:c5:54:57:d6:0a:a5:95:de:28:94:62:20:c7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

shell32

ole32

oleaut32

msvcr120

msvcp120

kernel32

mpr

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 180KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 8KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7a:68:e9:9b:5c:7d:7f:14:ba:19:f3:d4:a9:b9:2c:27
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

bd:b8:02:53:bd:01:ef:c5:54:57:d6:0a:a5:95:de:28:94:62:20:c7
Signer

.text
Size: 180KB - Virtual size: 180KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 8KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB