a42dd735ae0a290cb8536dd1ac340580N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a42dd735ae0a290cb8536dd1ac340580N.exe
Size

192KB
MD5

a42dd735ae0a290cb8536dd1ac340580
SHA1

268f583333cc61294275f4dbdf11d77c2b388017
SHA256

ce4e5c239415c1d23fdc888bc6868eff5b2ea70417f078f3f9971215c903fbb9
SHA512

8bd00f10d404bdae2d60be318a766fe746bb36bbe02da35445d48df99d2f5f9fddf9ec5c2f09f8f2640c659234f4607397f1348b40924bf0264fd3f60a65cd6a
SSDEEP

3072:tqOnlv2kzO9yVcz7wvlqiw7smJuBjncTTuCWpKCLuPLZ5jDUbbimbbgukpizPe:VB2kzTizkvlYJccTT9WaDjAbNbMucibe

Score

1^/10

Malware Config

Signatures

Files

a42dd735ae0a290cb8536dd1ac340580N.exe
.exe windows:4 windows x64 arch:x64

ae8ddb330239474f6595368b491db2c3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/11/2011, 00:00

Not After

15/11/2014, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Development IT2,O=Hewlett-Packard Company,L=Andover,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:d4:9c:93:94:75:06:7e:13:4e:a0:24:3b:99:1e:38:37:9c:39:e2
Signer

Actual PE Digest

3e:d4:9c:93:94:75:06:7e:13:4e:a0:24:3b:99:1e:38:37:9c:39:e2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Parent
CM_Get_Device_IDW
CM_Get_Child
CM_Get_Sibling
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

shlwapi

SHDeleteKeyW

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetLocaleInfoA
DeviceIoControl
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
EnterCriticalSection
CreateFileW
GetTickCount
GetModuleFileNameW
Sleep
SetEvent
WaitForSingleObject
CloseHandle
GetLastError
CreateEventW
CreateThread
LoadLibraryA
InitializeCriticalSection
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetCurrentProcess
GetVersionExA
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
VirtualAlloc

user32

CreateWindowExW
ShowWindow
UpdateWindow
PostQuitMessage
DefWindowProcW
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
PostMessageW

advapi32

FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
QueryServiceStatusEx
ControlService
StartServiceW
DeleteService
CreateServiceW
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ChangeServiceConfig2W
CloseServiceHandle
OpenServiceW
OpenSCManagerW

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae8ddb330239474f6595368b491db2c3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3e:d4:9c:93:94:75:06:7e:13:4e:a0:24:3b:99:1e:38:37:9c:39:e2Signer

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 66KB - Virtual size: 78KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:bc:63:ea:9d:7f:b6:8c:bc:d9:10:1f:39:1c:a1:45
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3e:d4:9c:93:94:75:06:7e:13:4e:a0:24:3b:99:1e:38:37:9c:39:e2
Signer

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 66KB - Virtual size: 78KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB