0074cde4f0e6ea98fc7475e50a0c82b0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0074cde4f0e6ea98fc7475e50a0c82b0N.exe
Size

287KB
MD5

0074cde4f0e6ea98fc7475e50a0c82b0
SHA1

562c791cbea873b07bbfbfbcb463cfe7e4905511
SHA256

46b9db9d5db965524d4dd14140140d87c054009006f3317839b7954ba2a2596d
SHA512

16adc3bbd4507540678bcd12dc91d1025399f2f301eb75440511574e17bb06a91bcfa0b1e9c76262490260f980f15e39a9be49ae9948b5b345658d17a4377177
SSDEEP

6144:UJvq3OTOqddatGw79bHHfhEbgTqsARo8y:Qq3ON/AbH/agTqe8y

Score

1^/10

Malware Config

Signatures

Files

0074cde4f0e6ea98fc7475e50a0c82b0N.exe
.exe windows:5 windows x86 arch:x86

44252d1ff00f50b6c5e6a0f1dc7df931

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1a:35:73:39:c3:b7:4c:1f:e1:de:b8:98:1c:f0:27:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08-08-2012 00:00

Not After

08-08-2015 23:59

Subject

CN=OPSWAT\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=OPSWAT\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:5c:cf:c1:2e:7a:2d:08:a8:39:62:04:96:36:5d:63:51:ca:14:7d
Signer

Actual PE Digest

32:5c:cf:c1:2e:7a:2d:08:a8:39:62:04:96:36:5d:63:51:ca:14:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\BuildAgent\work\1fc25f2f10782529\bin\Release\wabpoes_u.pdb

Imports

rpcrt4

RpcServerListen
RpcMgmtStopServerListening
RpcServerRegisterIf2
RpcServerUseProtseqEpW
NdrServerCall2

kernel32

HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleExW
GetProcessHeap
ReadFile
GetModuleFileNameW
DeleteFileW
ExpandEnvironmentStringsW
GetFullPathNameW
MultiByteToWideChar
FileTimeToSystemTime
GetModuleHandleW
Sleep
GetVersionExW
IsDebuggerPresent
GetCurrentThreadId
WaitForSingleObject
SetEvent
CreateEventW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileType
GetSystemInfo
CreateFileMappingW
GetFileSizeEx
MapViewOfFile
LocalAlloc
CloseHandle
CreateFileW
WriteFile
LockFile
UnlockFile
MoveFileExW
SetFilePointer
LocalFree
GetProcAddress
LoadLibraryW
FreeLibrary
DeleteCriticalSection
DecodePointer
EnterCriticalSection
GetLastError
RaiseException
SetEnvironmentVariableA
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
GetConsoleMode
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
WideCharToMultiByte
GetTimeZoneInformation
HeapSize
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetCommandLineW
GetStringTypeW
EncodePointer
OutputDebugStringW
RtlUnwind
HeapReAlloc
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
ExitThread
LoadLibraryExW
ExitProcess

advapi32

CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptImportKey
CryptGenRandom
CryptGetProvParam
CryptDuplicateKey
CryptReleaseContext
CryptGetKeyParam
CryptSetKeyParam
CryptAcquireContextW
CryptExportKey

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SystemTimeToVariantTime
BSTR_UserFree
VARIANT_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserSize
BSTR_UserSize
VARIANT_UserMarshal
SafeArrayPutElement
VariantInit
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
SysAllocString

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44252d1ff00f50b6c5e6a0f1dc7df931

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1a:35:73:39:c3:b7:4c:1f:e1:de:b8:98:1c:f0:27:8dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

32:5c:cf:c1:2e:7a:2d:08:a8:39:62:04:96:36:5d:63:51:ca:14:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 205KB - Virtual size: 205KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 10KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1a:35:73:39:c3:b7:4c:1f:e1:de:b8:98:1c:f0:27:8d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

32:5c:cf:c1:2e:7a:2d:08:a8:39:62:04:96:36:5d:63:51:ca:14:7d
Signer

.text
Size: 205KB - Virtual size: 205KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 10KB - Virtual size: 10KB