3f7076f59dbefb0847684b61b5962910N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3f7076f59dbefb0847684b61b5962910N.exe
Size

2.3MB
MD5

3f7076f59dbefb0847684b61b5962910
SHA1

b7646c292f905903cba2ca6192f5c4e2894a9788
SHA256

cf3c308499d3871d2c1cb6fa1f9b799643630b9b05263aee91dadb50cc31acf1
SHA512

6a8bcf13d64caf962eef99dd68935845bed382128201763f445ab611c0d9da739f1bd091c71f72ef9273a813ecac2d1f15fd5bfac9a4be84f78a62414e511024
SSDEEP

12288:IAqEOAvhf7w29KIx46FIiQfqhn3Mi0OSNeqxFBVIekqXXkOeSiMsxt/eicckoboy:IYlvNFXODqqPf6VqXX9viX9eicckUJ

Score

1^/10

Malware Config

Signatures

Files

3f7076f59dbefb0847684b61b5962910N.exe
.dll windows:5 windows x64 arch:x64

5db6f0986f7e561b9e1b16fb7b39bfe6

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ce:3f:34:40:b5:e7:e5:57:7d:dc:f4:73:50:15:4f:74
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2013, 17:56

Not After

28/04/2016, 17:56

Subject

CN=Plogue Art et Technologie Inc.,O=Plogue Art et Technologie Inc.,L=Montreal,ST=QC,C=CA,1.2.840.113549.1.9.1=#0c12636f6e7461637440706c6f6775652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:ef:c6:8d:c5:d3:2c:fd:e8:a1:38:6a:29:a5:61:73:2a:15:3b:0b
Signer

Actual PE Digest

78:ef:c6:8d:c5:d3:2c:fd:e8:a1:38:6a:29:a5:61:73:2a:15:3b:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\trunk\3rdparty\include\libsndfile\Win32\lib\x64\Release\libsndfile.pdb

Imports

kernel32

CreateFileW
MultiByteToWideChar
LocalFree
FormatMessageA
GetStdHandle
GetLastError
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetFileType
GetFileSize
FlushFileBuffers
SetEndOfFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
MoveFileA
GetFileInformationByHandle
PeekNamedPipe
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
RtlUnwindEx
SetHandleCount
GetStartupInfoW
DeleteCriticalSection
RaiseException
FatalAppExitA
Sleep
CreateFileA
GetFullPathNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringW
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
GetProcessHeap
GetDriveTypeW
WriteConsoleW
HeapSize
CompareStringW
SetEnvironmentVariableA
DeleteFileA
SetFileAttributesA
GetFileAttributesA

Exports

Exports

sf_close
sf_command
sf_error
sf_error_number
sf_error_str
sf_format_check
sf_get_string
sf_open
sf_open_fd
sf_open_virtual
sf_perror
sf_read_double
sf_read_float
sf_read_int
sf_read_raw
sf_read_short
sf_readf_double
sf_readf_float
sf_readf_int
sf_readf_short
sf_seek
sf_set_string
sf_strerror
sf_write_double
sf_write_float
sf_write_int
sf_write_raw
sf_write_short
sf_write_sync
sf_writef_double
sf_writef_float
sf_writef_int
sf_writef_short

Sections

.text
Size: 873KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5db6f0986f7e561b9e1b16fb7b39bfe6

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

11:21:ce:3f:34:40:b5:e7:e5:57:7d:dc:f4:73:50:15:4f:74Certificate

Extended Key Usages

Key Usages

78:ef:c6:8d:c5:d3:2c:fd:e8:a1:38:6a:29:a5:61:73:2a:15:3b:0bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 873KB - Virtual size: 872KB

.rdata Size: 155KB - Virtual size: 155KB

.data Size: 1.2MB - Virtual size: 1.2MB

.pdata Size: 41KB - Virtual size: 41KB

.idata Size: 4KB - Virtual size: 4KB

text Size: 8KB - Virtual size: 8KB

data Size: 22KB - Virtual size: 22KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

11:21:ce:3f:34:40:b5:e7:e5:57:7d:dc:f4:73:50:15:4f:74
Certificate

78:ef:c6:8d:c5:d3:2c:fd:e8:a1:38:6a:29:a5:61:73:2a:15:3b:0b
Signer

.text
Size: 873KB - Virtual size: 872KB

.rdata
Size: 155KB - Virtual size: 155KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.pdata
Size: 41KB - Virtual size: 41KB

.idata
Size: 4KB - Virtual size: 4KB

text
Size: 8KB - Virtual size: 8KB

data
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB