379d4edf90367c75e47fa0fac6e7fee0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

379d4edf90367c75e47fa0fac6e7fee0N.exe
Size

204KB
MD5

379d4edf90367c75e47fa0fac6e7fee0
SHA1

791cd3b46e97f2705c4212c94215b4df70bef174
SHA256

1c569a50c90246fc9a139aa8cae6201ba3caea8bfa2bd69709d3b4952688d1b5
SHA512

e03a796aa319d799180b32ee8cf01de1cdb50c79ff159cb389da0eb59927124ccb192bfb9fe7b58975aa2db03603883c2edcf4a8b006b63ccbc6d7b9cedda31b
SSDEEP

3072:nO/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:ngFtboVBJtNWyPnYG4fUbk

Score

1^/10

Malware Config

Signatures

Files

379d4edf90367c75e47fa0fac6e7fee0N.exe
.exe windows:4 windows x86 arch:x86

430af33f4ce9475c62e2d9321d894f4c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20-01-2010 00:00

Not After

24-01-2012 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:3b:2d:69:dd:6e:5b:38:98:ea:c2:92:e8:77:dd:8b:21:8f:b0:0e
Signer

Actual PE Digest

48:3b:2d:69:dd:6e:5b:38:98:ea:c2:92:e8:77:dd:8b:21:8f:b0:0e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
OpenMutexW
LocalAlloc
lstrcatW
FindAtomW
GetAtomNameA
GetCurrentThread
InitializeCriticalSection
CompareStringA
WinExec
lstrcpy
GetComputerNameA
GetExpandedNameA
FileTimeToDosDateTime
GetAtomNameW
SetUnhandledExceptionFilter
GetLongPathNameA
DuplicateHandle
SetLastError
SetThreadPriority
GlobalGetAtomNameW
SearchPathA
IsBadCodePtr
CreateNamedPipeA
GetStartupInfoW
GetTempPathA
GetLogicalDrives
FindAtomA
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleA
FindResourceA
GetTimeFormatW
GetHandleInformation
EndUpdateResourceA
GetProcessHeap
CreateMailslotW
GetThreadLocale
GetExpandedNameW
SetCalendarInfoA
GetCurrentDirectoryA
OpenEventA
GetLogicalDriveStringsA
lstrcmp
ExitThread
GetVersionExW
CreateSemaphoreA

user32

GetDCEx
LoadCursorA
CreatePopupMenu
GetCapture
CreateCaret
LoadBitmapW
TrackPopupMenu
DefFrameProcW
GetAsyncKeyState
CharUpperA
CreateDesktopW
CreateAcceleratorTableW
MessageBoxIndirectW
SetCursorPos
InsertMenuW
DeleteMenu
InvalidateRgn
mouse_event
ActivateKeyboardLayout
PeekMessageA
ReleaseDC
CopyIcon
CharUpperW
MonitorFromWindow
LoadMenuIndirectA
CreateWindowExA
GetMenuItemInfoW
LoadCursorW
CopyImage
IsChild
MoveWindow
CharLowerW
EndDialog
DefDlgProcW
GetActiveWindow
DestroyWindow
CheckMenuRadioItem
SetCursor
MonitorFromRect
CreateDialogIndirectParamW
EnableMenuItem
SetDlgItemTextW
UpdateWindow
LoadIconA
ArrangeIconicWindows
SendMessageW
EmptyClipboard
GetMessageA
SetWindowPos

gdi32

RemoveFontResourceExW
SetPaletteEntries
EnumObjects
StrokeAndFillPath
GetEnhMetaFileHeader
RestoreDC
CreateMetaFileW
Polygon
GetBkMode
SetLayout
TranslateCharsetInfo
PolyBezierTo

advapi32

RegCreateKeyExA
RegCreateKeyW
RegReplaceKeyW

comdlg32

ReplaceTextA
FindTextW
FindTextA

oleaut32

VarBoolFromDisp
GetRecordInfoFromGuids
LoadTypeLib

version

VerInstallFileW
GetFileVersionInfoSizeA

urlmon

ReleaseBindInfo
BindAsyncMoniker
HlinkGoForward
CDLGetLongPathNameW
URLDownloadA
CompareSecurityIds
IsAsyncMoniker
URLOpenPullStreamA
URLOpenStreamW
RegisterFormatEnumerator

winmm

mmTaskCreate
midiInGetID
NotifyCallbackData
midiOutMessage

inetcomm

MimeOleSMimeCapsToDlg
MimeOleSetBodyPropA
MimeOleSetDefaultCharset
DllGetClassObject

oledlg

OleUIChangeSourceA
OleUIAddVerbMenuA
OleUIInsertObjectW
OleUIPasteSpecialA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MBqyqw
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Xp
Size: 1KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iVZWys
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.av
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TD
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CXg
Size: 512B - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.J
Size: 1KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CDN
Size: 512B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.X
Size: 512B - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

430af33f4ce9475c62e2d9321d894f4c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

48:3b:2d:69:dd:6e:5b:38:98:ea:c2:92:e8:77:dd:8b:21:8f:b0:0eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comdlg32

oleaut32

version

urlmon

winmm

inetcomm

oledlg

Sections

.text Size: 11KB - Virtual size: 11KB

.MBqyqw Size: 512B - Virtual size: 4KB

.Xp Size: 1KB - Virtual size: 42KB

.iVZWys Size: 2KB - Virtual size: 24KB

.av Size: 4KB - Virtual size: 40KB

.TD Size: 512B - Virtual size: 4KB

.CXg Size: 512B - Virtual size: 49KB

.data Size: 10KB - Virtual size: 9KB

.J Size: 1KB - Virtual size: 23KB

.CDN Size: 512B - Virtual size: 48KB

.X Size: 512B - Virtual size: 118KB

.rsrc Size: 162KB - Virtual size: 161KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

48:3b:2d:69:dd:6e:5b:38:98:ea:c2:92:e8:77:dd:8b:21:8f:b0:0e
Signer

.text
Size: 11KB - Virtual size: 11KB

.MBqyqw
Size: 512B - Virtual size: 4KB

.Xp
Size: 1KB - Virtual size: 42KB

.iVZWys
Size: 2KB - Virtual size: 24KB

.av
Size: 4KB - Virtual size: 40KB

.TD
Size: 512B - Virtual size: 4KB

.CXg
Size: 512B - Virtual size: 49KB

.data
Size: 10KB - Virtual size: 9KB

.J
Size: 1KB - Virtual size: 23KB

.CDN
Size: 512B - Virtual size: 48KB

.X
Size: 512B - Virtual size: 118KB

.rsrc
Size: 162KB - Virtual size: 161KB