8ec26387ca963b72870e2c6275a933f0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8ec26387ca963b72870e2c6275a933f0N.exe
Size

1.1MB
MD5

8ec26387ca963b72870e2c6275a933f0
SHA1

a6716777b3fd7adaf346ccb10125ddba3d67e3f1
SHA256

489e509b0e74d578bf2e1314a81a659d846030a1c20e9d1b7ac233a5db2faedc
SHA512

a3a9fb41b53d5de0a354adc6b0d83c5874aed2775464561cdd6ce9e3aa793a15c069316ce17114129c8ca16051fc2526098c30771f3337347066589ab852f3fc
SSDEEP

24576:u3XuyoSUvGTYNZMvOdlYx1mTJ5eISZbTrT9BCRLp:u3xTYNZMClE1m6xZbT3Q

Score

1^/10

Malware Config

Signatures

Files

8ec26387ca963b72870e2c6275a933f0N.exe
.dll windows:4 windows x64 arch:x64

0877748cf64a739d9a01e821a1a4bf1a

Code Sign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:38:b3:bb:bc:9f:87
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

15/04/2014, 16:13

Not After

18/10/2016, 16:20

Subject

CN=Concept Software\, Inc.,O=Concept Software\, Inc.,L=Winter Garden,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:9b:33:6a:45:57:7f:f2
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

16/03/2015, 07:00

Not After

16/03/2020, 07:00

Subject

CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ed:af:05:eb:58:1e:a0:a3:1c:c8:c1:3d:ef:22:10:4e:7c:86:10:9c
Signer

Actual PE Digest

ed:af:05:eb:58:1e:a0:a3:1c:c8:c1:3d:ef:22:10:4e:7c:86:10:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
ReadFile
GetCurrentDirectoryA
LocalFree
FlushFileBuffers
GetDriveTypeA
SetEndOfFile
FindFirstFileA
FindClose
FindNextFileA
SetLocalTime
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
ExitProcess
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
RtlUnwindEx
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVolumeInformationA
GetWindowsDirectoryA
CreateProcessA
WaitForSingleObject
CreateFileW
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
LoadLibraryW
GetVersion
GetModuleHandleW
GetVersionExA
GlobalReAlloc
GetFileInformationByHandle
Sleep
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
GlobalLock
GlobalUnlock
GetSystemTime
GetLocalTime
MultiByteToWideChar
GetComputerNameA
SetLastError
GetLastError
GetCurrentThread
GetCurrentProcess
GetSystemInfo
GlobalFree
GlobalAlloc
FreeLibrary
GlobalMemoryStatus
LoadLibraryA
GetProcAddress
DeviceIoControl
CreateFileA
CloseHandle
GetFileTime
SetFileAttributesA
FileTimeToSystemTime
GetFileAttributesA
SetFileTime
SystemTimeToFileTime
LeaveCriticalSection
DeleteFileA

user32

SetWindowTextA
GetDC
LoadImageA
UpdateWindow
CallWindowProcA
DialogBoxIndirectParamA
GetWindowTextA
CheckRadioButton
CreateIcon
SetCursor
LoadCursorA
SetWindowLongA
MessageBoxA
GetWindowRect
InvalidateRect
GetDlgItemTextA
SetWindowLongPtrA
wsprintfA
IsDlgButtonChecked
SendMessageA
ShowWindow
DispatchMessageA
PeekMessageA
TranslateMessage
SetDlgItemTextA
GetWindowLongA
CreateWindowExA
GetDlgItem
GetFocus
EndDialog
DestroyCursor
GetDesktopWindow
GetSysColor
SetWindowPos
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

gdi32

GetDeviceCaps
CreateFontA
DeleteDC
SetTextColor
CreateCompatibleBitmap
CreateSolidBrush
GetStockObject
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
SetPixel

advapi32

RegisterEventSourceW
DeregisterEventSource
AllocateAndInitializeSid
FreeSid
RegDeleteValueA
RegSetValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetSidSubAuthorityCount
LookupAccountNameA
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
ReportEventW

shell32

ShellExecuteA

ole32

CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantClear
SysStringLen
SysFreeString
SysAllocString

Exports

Exports

pp_adddays
pp_bitclear
pp_bitset
pp_bittest
pp_cenum
pp_checksum
pp_chkvarchar
pp_chkvardate
pp_chkvarnum
pp_compno
pp_compnoinit
pp_copyadd
pp_copycheck
pp_copycheckth
pp_copydelete
pp_copyget
pp_countdec
pp_countinc
pp_daysleft
pp_decrypt
pp_encrypt
pp_errorstr
pp_expired
pp_exportactfile
pp_eztrial1
pp_eztrial1ex
pp_eztrial1test
pp_eztrial2
pp_eztrig1
pp_eztrig1dlg
pp_eztrig1ex
pp_filedelete
pp_getcompno
pp_getcompnoxml
pp_getdate
pp_getdateex
pp_gettime
pp_gettimeex
pp_getvarchar
pp_getvardate
pp_getvarnum
pp_gotourl
pp_hdserial
pp_importactfile
pp_lanactive
pp_lancheck
pp_lastday
pp_lfalias
pp_lfclose
pp_lfcopy
pp_lfcreate
pp_lfdelete
pp_lflock
pp_lfopen
pp_lfpermset
pp_lfunlock
pp_libtest
pp_libversion
pp_ndecrypt
pp_ndecryptx
pp_nencrypt
pp_nencryptx
pp_npdate
pp_password
pp_redir
pp_semclose
pp_semcount
pp_semopen
pp_semtest
pp_semused
pp_setvarchar
pp_setvardate
pp_setvarnum
pp_sysinfo
pp_tcode
pp_timercheck
pp_timerstart
pp_transfer
pp_upddate
pp_valdate
pp_wmigetdata
sample_of_custom_function
test

Sections

.text
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0877748cf64a739d9a01e821a1a4bf1a

Code Sign

07Certificate

Key Usages

04:38:b3:bb:bc:9f:87Certificate

Extended Key Usages

Key Usages

45:9b:33:6a:45:57:7f:f2Certificate

Extended Key Usages

Key Usages

ed:af:05:eb:58:1e:a0:a3:1c:c8:c1:3d:ef:22:10:4e:7c:86:10:9cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 732KB - Virtual size: 731KB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 144KB - Virtual size: 165KB

.pdata Size: 40KB - Virtual size: 39KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 14KB - Virtual size: 14KB

07
Certificate

04:38:b3:bb:bc:9f:87
Certificate

45:9b:33:6a:45:57:7f:f2
Certificate

ed:af:05:eb:58:1e:a0:a3:1c:c8:c1:3d:ef:22:10:4e:7c:86:10:9c
Signer

.text
Size: 732KB - Virtual size: 731KB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 144KB - Virtual size: 165KB

.pdata
Size: 40KB - Virtual size: 39KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 14KB - Virtual size: 14KB