ecaca6aa898b507b26b166d97b78f4c7a7b6514b548985bc66e71e8d34a6a9c6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ecaca6aa898b507b26b166d97b78f4c7a7b6514b548985bc66e71e8d34a6a9c6.exe
Size

392KB
MD5

70aebb0369d357b88359ce1e8505179c
SHA1

fa3be7978e37eb1395f9ab94199141f7cb1e5392
SHA256

ecaca6aa898b507b26b166d97b78f4c7a7b6514b548985bc66e71e8d34a6a9c6
SHA512

80dce6725aa33ee0fdf2e062d4c5deb991fd334a5227aa60614fdbe665047188b7f81fd57b12a2330639a725b6002a86c657ca97de7e76fc9abbe93d01f8af96
SSDEEP

6144:xefdDoDLhnowxc2bDvJQT80jp0jQ9p6c789zCRbYj44mIwSUuAPq4sLH+/7f:wRoDLvO2bDSzpd8pCRbYjiIDUuuYiz

Score

1^/10

Malware Config

Signatures

Files

ecaca6aa898b507b26b166d97b78f4c7a7b6514b548985bc66e71e8d34a6a9c6.exe
.exe windows:4 windows x86 arch:x86

56ed6084c5ecd8784553be57502cda76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:55:a5:f8:0e:e0
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

21/05/2009, 18:07

Not After

21/05/2010, 16:58

Subject

CN=AnalogX\, LLC,O=AnalogX\, LLC,L=Tempe,ST=AZ,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f5:f4:05:00:f6:63:91:69:e2:76:59:fa:45:f5:1f:bd:4d:4a:d2:c5
Signer

Actual PE Digest

f5:f4:05:00:f6:63:91:69:e2:76:59:fa:45:f5:1f:bd:4d:4a:d2:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
ShellExecuteExA
SHGetDesktopFolder

kernel32

FindClose
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetCurrentDirectoryA
MultiByteToWideChar
GetVersionExA
LoadLibraryExA
GetDiskFreeSpaceA
GetExitCodeProcess
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEndOfFile
DeleteFileA
CreateDirectoryA
GetCommandLineA
QueryPerformanceFrequency
LCMapStringA
GetLocaleInfoA
HeapSize
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FreeEnvironmentStringsA
GetFullPathNameA
RaiseException
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetHandleCount
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetTimeZoneInformation
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetProcessHeap
ReadFile
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetDriveTypeA
SetEnvironmentVariableA
HeapFree
HeapAlloc
CreateFileA
GetFileType
SetFilePointer
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
FlushFileBuffers
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
AllocConsole
GetStdHandle
SetConsoleTitleA
LocalFree
LocalAlloc
CreateEventA
GetLastError
SetEvent
InterlockedExchange
QueryPerformanceCounter
GetCurrentThreadId
WriteFile
Sleep
LoadLibraryA
GetProcAddress
GetCurrentProcess
FreeLibrary
CloseHandle
CreateMutexA
WaitForSingleObject
ReleaseMutex
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
GetEnvironmentStrings

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

PostQuitMessage
LoadIconA
GetSysColorBrush
DestroyIcon
CreateDialogParamA
ShowWindowAsync
DestroyWindow
DialogBoxParamA
SetWindowTextA
EndDialog
GetParent
GetSystemMetrics
GetDesktopWindow
SetWindowPos
GetWindowRect
PeekMessageA
GetMessageA
DispatchMessageA
SetForegroundWindow
EnumWindows
IsWindow
GetClassNameA
GetWindowTextA
ShowWindow
CreateWindowExA
TranslateMessage
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
UnregisterClassA
LoadCursorA
RegisterClassExA
GetUpdateRect
BeginPaint
EndPaint
GetClientRect
SendMessageA
DefWindowProcA
InvalidateRect
UpdateWindow
GetWindowLongA
SetWindowLongA
MessageBoxA

ole32

CoInitialize
CoUninitialize
OleUninitialize
CoCreateInstance
OleInitialize

gdi32

GdiFlush
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
AddFontResourceA
RemoveFontResourceA
CreateDIBSection

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56ed6084c5ecd8784553be57502cda76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

03:01Certificate

Key Usages

ae:55:a5:f8:0e:e0Certificate

Extended Key Usages

Key Usages

f5:f4:05:00:f6:63:91:69:e2:76:59:fa:45:f5:1f:bd:4d:4a:d2:c5Signer

Headers

File Characteristics

Imports

comctl32

shell32

kernel32

advapi32

user32

ole32

gdi32

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 5KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

03:01
Certificate

ae:55:a5:f8:0e:e0
Certificate

f5:f4:05:00:f6:63:91:69:e2:76:59:fa:45:f5:1f:bd:4d:4a:d2:c5
Signer

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 5KB - Virtual size: 4KB