8e37eca5d1f90ca5cb7f88efa22e0ce0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8e37eca5d1f90ca5cb7f88efa22e0ce0N.exe
Size

1.2MB
MD5

8e37eca5d1f90ca5cb7f88efa22e0ce0
SHA1

46acf5c797827fdbf42399eda890753a7d7a88dd
SHA256

a7e40e85d14f56e9a116560c27028c039f52c92e324e2f36f040d40582a8fbd7
SHA512

0601201da21b0896801d7b17a8e8e0ed0aeba4b6bd287da7e2879c0b873eac7f829a8fc407ca6764443f3d08ae4e7ed2a150e084ffffc6eaddefa030a7e3cb6f
SSDEEP

24576:MldK9GGWSeCQz+gf/dqx96gQYy3ZkArW62gx8gyyUYx:MldtFSe2Wq6ZZTWG8pYx

Score

1^/10

Malware Config

Signatures

Files

8e37eca5d1f90ca5cb7f88efa22e0ce0N.exe
.exe windows:5 windows x86 arch:x86

a88ebf49e6bbf7dab4cfcfca7ddcc1dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:0d:8c:32:5b:cf:64:fb:a4:6b:f2:f2:e2:aa:c2:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12-12-2014 00:00

Not After

12-12-2015 23:59

Subject

CN=Record Page,O=Record Page,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:cf:d8:e2:9d:aa:2a:74:f0:1f:18:76:3d:3b:23:4c:ed:1c:ff:11
Signer

Actual PE Digest

dc:cf:d8:e2:9d:aa:2a:74:f0:1f:18:76:3d:3b:23:4c:ed:1c:ff:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
EnterCriticalSection
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetErrorMode
GetCommandLineW
InterlockedCompareExchange
GetCurrentThreadId
InterlockedExchange
DecodePointer
lstrlenW
lstrlenA
SetEnvironmentVariableA
SetEndOfFile
WaitForMultipleObjectsEx
WriteConsoleW
ReadConsoleW
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
CreateNamedPipeW
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
CopyFileW
Sleep
CreateMutexW
OpenMutexW
ReleaseMutex
GetFileTime
GetComputerNameW
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEvent
WaitForMultipleObjects
ResetEvent
GetExitCodeProcess
OpenProcess
CreateEventW
LocalAlloc
InterlockedDecrement
FileTimeToSystemTime
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
MoveFileExW
CreateProcessW
GetVersionExW
DeleteFileW
GetOverlappedResult
LocalFree
WaitForSingleObject
GetCurrentProcess
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
SetFileTime
LocalFileTimeToFileTime
MultiByteToWideChar
GetCurrentDirectoryW
SystemTimeToFileTime
CreateDirectoryW
LeaveCriticalSection
SetFilePointer
WriteFile
ReadFile
CreateFileW
CloseHandle
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
FindResourceW
GetLastError
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileAttributesExW
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
lstrcmpiW
GetCurrentProcessId
CancelIo
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetTickCount
GetStartupInfoW
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
WaitNamedPipeW
GetFileAttributesW
ConnectNamedPipe
CreateTimerQueueTimer
GetLogicalProcessorInformation
IsDebuggerPresent
OutputDebugStringW
DuplicateHandle
GetCurrentThread
GetExitCodeThread
GetSystemTimeAsFileTime
EncodePointer
GetStringTypeW
IsProcessorFeaturePresent
AreFileApisANSI
GetTempPathW
CreateThread
ExitThread
RtlUnwind
TryEnterCriticalSection
CreateTimerQueue
RtlCaptureStackBackTrace
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
LoadStringW
CharNextW
UnregisterClassW
MessageBoxW

advapi32

DeregisterEventSource
RegisterServiceCtrlHandlerW
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
SetServiceStatus
DeleteService
ChangeServiceConfig2W
CreateServiceW
StartServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
SetFileSecurityW
CryptDeriveKey
SetNamedSecurityInfoW
InitializeSecurityDescriptor
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetAclInformation
AddAce
InitializeAcl
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
IsValidSid
LookupAccountNameW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountSidW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
CreateProcessAsUserW
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptExportKey
CryptDuplicateKey
CryptGenKey
CryptImportKey
CryptAcquireContextW

shell32

SHGetFolderPathW

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CLSIDFromString
StringFromCLSID
CoTaskMemRealloc
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoAddRefServerProcess
CoReleaseServerProcess

oleaut32

SysAllocStringLen
SetErrorInfo
VariantChangeType
VariantInit
SysAllocString
GetErrorInfo
SysFreeString
VariantClear
VarUI4FromStr
CreateErrorInfo

shlwapi

PathAppendW
PathCombineW
PathFindFileNameW
PathIsDirectoryW
PathRemoveArgsW
PathRemoveExtensionW
PathFindExtensionW
PathUnquoteSpacesW
PathStripPathW
PathRenameExtensionW
PathRemoveFileSpecW
PathFileExistsW

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imagehlp

CheckSumMappedFile

psapi

GetModuleFileNameExW

iphlpapi

GetUdpTable
GetTcpTable

wsock32

ntohs

Sections

.text
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a88ebf49e6bbf7dab4cfcfca7ddcc1dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:0d:8c:32:5b:cf:64:fb:a4:6b:f2:f2:e2:aa:c2:65Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

dc:cf:d8:e2:9d:aa:2a:74:f0:1f:18:76:3d:3b:23:4c:ed:1c:ff:11Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

winhttp

version

imagehlp

psapi

iphlpapi

wsock32

Sections

.text Size: 740KB - Virtual size: 740KB

.rdata Size: 373KB - Virtual size: 373KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 37KB - Virtual size: 37KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:0d:8c:32:5b:cf:64:fb:a4:6b:f2:f2:e2:aa:c2:65
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

dc:cf:d8:e2:9d:aa:2a:74:f0:1f:18:76:3d:3b:23:4c:ed:1c:ff:11
Signer

.text
Size: 740KB - Virtual size: 740KB

.rdata
Size: 373KB - Virtual size: 373KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 37KB - Virtual size: 37KB