357c3e80c756f3a8ce79afcb402ac860N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

357c3e80c756f3a8ce79afcb402ac860N.exe
Size

1.1MB
MD5

357c3e80c756f3a8ce79afcb402ac860
SHA1

41fdcba36f69d6c5dfa1f3a16c2636111bd683ef
SHA256

87efb9c0d8ed376d049cfd9e4002ffd3d1aaa3d6905082caea317766f9f234b2
SHA512

0ccfe43e6fc89e56fd77567bbcdf7fb0b58f0380b0ea1f134450c2c2dbbc2b9a657a377e933db7698971f55ece415a031f34b5cceb430924b16da1490de60843
SSDEEP

24576:Vc48maCyUExmfNrMB7msB+e5ZmDMZrfCaOGDBVDMSNyrEH74:r8maCgm1re7NGMraRGDM6C

Score

1^/10

Malware Config

Signatures

Files

357c3e80c756f3a8ce79afcb402ac860N.exe
.exe windows:4 windows x86 arch:x86

36ed3f71e384ae32234b755e5d50cc2e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:16:19:2c:8b:72:eb:0e:f1:2b:75:f9:83:4c:f2:86
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

07/12/2015, 00:00

Not After

06/12/2016, 23:59

Subject

SERIALNUMBER=4404946,CN=Kingston Digital Inc.,OU=Engineering,O=Kingston Digital Inc.,L=Fountain Valley,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:cc:90:54:ca:ac:88:f9:f7:f7:e0:62:de:3b:21:4f:c0:b3:6a:ab
Signer

Actual PE Digest

f8:cc:90:54:ca:ac:88:f9:f7:f7:e0:62:de:3b:21:4f:c0:b3:6a:ab

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
CM_Request_Device_EjectW

cfgmgr32

CM_Get_Device_IDA
CM_Get_DevNode_Status
CM_Get_Parent

hid

HidD_GetAttributes
HidD_GetSerialNumberString
HidD_GetIndexedString
HidD_SetFeature
HidD_GetFeature
HidD_SetNumInputBuffers
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetHidGuid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

PlaySoundW

kernel32

TlsGetValue
GetProcessVersion
WritePrivateProfileStringW
GetCurrentDirectoryW
FileTimeToLocalFileTime
FindResourceExW
SetErrorMode
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetStartupInfoW
ExitProcess
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
GetSystemTimeAsFileTime
ExitThread
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
VirtualProtect
FindNextFileW
CreateEventW
SuspendThread
SetThreadPriority
lstrcmpW
GetCurrentThread
SetLastError
InterlockedDecrement
LocalReAlloc
lstrlenW
GetModuleHandleA
lstrlenA
lstrcatW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
CreateMutexA
ReleaseMutex
CreateEventA
LoadLibraryA
GetVersionExA
GetDriveTypeA
GetSystemDefaultLangID
CreateFileA
GetLogicalDrives
SetEvent
LockResource
FreeResource
EnterCriticalSection
LeaveCriticalSection
GetFileSize
GlobalAlloc
GlobalLock
GlobalFree
ReadFile
GlobalUnlock
MulDiv
UnlockFile
GetFileAttributesW
MoveFileW
RemoveDirectoryW
TlsSetValue
FormatMessageW
LocalFree
SizeofResource
LoadResource
CreateMutexW
WideCharToMultiByte
GetVersion
GetSystemDefaultLCID
SetThreadLocale
FindFirstFileW
FindClose
GetTempPathW
CreateDirectoryW
SetFileAttributesW
DeleteFileW
CopyFileW
CreateThread
ResumeThread
WaitForSingleObject
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
WriteFile
CreatePipe
SetHandleInformation
CreateProcessW
FindResourceW
GetProcessHeap
HeapAlloc
HeapFree
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
lstrcpynW
GetFullPathNameW
DeviceIoControl
GetDriveTypeW
Sleep
lstrcmpiW
GetLastError
OutputDebugStringW
MultiByteToWideChar
GetModuleHandleW
GetModuleFileNameW
CreateFileW
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CloseHandle
GlobalReAlloc
TlsFree
InterlockedExchange
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
InterlockedIncrement
HeapReAlloc

user32

SendDlgItemMessageA
SendDlgItemMessageW
IsDialogMessageW
SetWindowTextW
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
GetWindowDC
TabbedTextOutW
GrayStringW
ValidateRect
GetMessageW
GetAsyncKeyState
MapDialogRect
GetSysColorBrush
GetTopWindow
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
TrackPopupMenu
GetWindowTextLengthW
GetKeyState
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowPos
RegisterWindowMessageW
IsIconic
MapWindowPoints
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
wsprintfA
CreatePopupMenu
GetCursorPos
LoadCursorW
SetForegroundWindow
AttachThreadInput
SetWindowLongW
BeginPaint
EndPaint
AdjustWindowRectEx
MoveWindow
GetWindow
GetDlgCtrlID
PostQuitMessage
GetMenuItemID
GetMenuItemCount
AppendMenuW
DrawEdge
GetMenuItemInfoW
DrawIconEx
SystemParametersInfoW
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
MapVirtualKeyW
GetKeyNameTextW
KillTimer
SetTimer
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
DrawTextW
GetFocus
GetKeyboardState
UpdateWindow
SetRect
LoadStringW
EnumWindows
GetClassNameW
GetWindowThreadProcessId
GetWindowTextW
wsprintfW
GetWindowLongW
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawFocusRect
DrawStateW
FrameRect
OffsetRect
LoadMenuW
GetIconInfo
GetDC
CreateIconIndirect
ReleaseDC
FillRect
GetSubMenu
TrackPopupMenuEx
PostMessageW
SetCursor
DestroyIcon
DestroyCursor
DestroyMenu
InvalidateRect
UnionRect
InflateRect
SetRectEmpty
CopyRect
GetSysColor
EnableWindow
GetParent
GetDesktopWindow
GetClientRect
SetFocus
ScreenToClient
IsWindowVisible
GetWindowPlacement
GetWindowRect
SendMessageW
PtInRect
LoadImageW
GetSystemMetrics
LoadIconW
UnregisterClassW

gdi32

CreateHalftonePalette
RealizePalette
CreatePen
CreateRoundRectRgn
CombineRgn
RoundRect
GetClipBox
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreatePalette
LineTo
PtVisible
RectVisible
TextOutW
Escape
EnumFontFamiliesExW
GetDIBColorTable
GetTextMetricsA
GetTextExtentPointA
PatBlt
Rectangle
GetTextColor
CreateFontW
CreateDIBitmap
GetTextExtentPoint32W
FillRgn
GetDeviceCaps
CreateRectRgn
CreateFontIndirectW
GetPixel
SetPixel
CreateCompatibleBitmap
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
GetStockObject
DeleteObject
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateSolidBrush
MoveToEx
GetObjectW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegLoadKeyW
RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegEnumValueW
RegOpenKeyExW
RegRestoreKeyW
RegSaveKeyW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteW
SHChangeNotify
ShellExecuteExW

comctl32

ImageList_Draw
ord17
_TrackMouseEvent
ImageList_Destroy
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 720KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36ed3f71e384ae32234b755e5d50cc2e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

42:16:19:2c:8b:72:eb:0e:f1:2b:75:f9:83:4c:f2:86Certificate

Extended Key Usages

Key Usages

f8:cc:90:54:ca:ac:88:f9:f7:f7:e0:62:de:3b:21:4f:c0:b3:6a:abSigner

Headers

File Characteristics

Imports

setupapi

cfgmgr32

hid

version

winmm

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

Sections

.text Size: 720KB - Virtual size: 718KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 76KB - Virtual size: 338KB

.rsrc Size: 100KB - Virtual size: 96KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

42:16:19:2c:8b:72:eb:0e:f1:2b:75:f9:83:4c:f2:86
Certificate

f8:cc:90:54:ca:ac:88:f9:f7:f7:e0:62:de:3b:21:4f:c0:b3:6a:ab
Signer

.text
Size: 720KB - Virtual size: 718KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 76KB - Virtual size: 338KB

.rsrc
Size: 100KB - Virtual size: 96KB