becdfdad2c6167c7d8d116f7c9947c50N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

becdfdad2c6167c7d8d116f7c9947c50N.exe
Size

839KB
MD5

becdfdad2c6167c7d8d116f7c9947c50
SHA1

fb9c214daea14cc21c8a3253c26c09f95bc1b3cc
SHA256

f3e86ed89b2bc8beee88a50cdbd5b8d7641c4d315a9523489bd5957160fc44d8
SHA512

bbd786549a12f9054cfa0476b14685903c80e25d12b0adf051ad29eac0c9e7c15bf4eed36000a095be35e9acefe672fb1af3ad39b3a15500d77ceb5e383831cc
SSDEEP

24576:Fl2aYWoswJxNk2/rFzC11WjAZoI1vAtd5VB:FlYW/w1N5vjAZoI1vAtd1

Score

1^/10

Malware Config

Signatures

Files

becdfdad2c6167c7d8d116f7c9947c50N.exe
.dll regsvr32 windows:4 windows x86 arch:x86

da6fc6e8ba0a0978db28fc6872273de4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:3a:9e:a3:5e:e9:21:7f:92:33:ab:d6:4f:c3:88:c0
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29/08/2011, 00:00

Not After

04/09/2013, 23:59

Subject

CN=Inbox.com\, Inc,OU=INBOX.COM,O=Inbox.com\, Inc,L=Wilmington,ST=DELAWARE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
DispGetIDsOfNames
RegisterTypeLib
LoadTypeLibEx
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocStringLen

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExW
CreateWindowExA
WindowFromDC
WaitMessage
UpdateWindow
TranslateMessage
TranslateAcceleratorA
TrackPopupMenu
SystemParametersInfoA
ShowWindow
SetWindowTextW
SetWindowTextA
SetWindowPos
SetWindowLongA
SetTimer
SetPropA
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetActiveWindow
SendMessageTimeoutA
SendMessageA
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
RegisterWindowMessageA
RegisterClassW
RegisterClassA
RedrawWindow
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
LoadImageA
LoadIconA
LoadCursorA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsClipboardFormatAvailable
InvalidateRgn
InvalidateRect
InflateRect
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowLongA
GetUpdateRgn
GetSystemMetrics
GetSystemMenu
GetSysColor
GetPropA
GetParent
GetWindow
GetMessageTime
GetMenuItemCount
GetKeyState
GetFocus
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoW
GetClassInfoA
GetCapture
FindWindowA
FillRect
EndPaint
EnableWindow
EnableMenuItem
EmptyClipboard
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyAcceleratorTable
DefWindowProcW
DefWindowProcA
CreatePopupMenu
CopyImage
CloseClipboard
ClientToScreen
CallWindowProcW
CallWindowProcA
BringWindowToTop
BeginPaint
AppendMenuA
CharNextA
CharLowerBuffA
CharUpperBuffA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
RemoveDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WritePrivateProfileStringA
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualQuery
UnmapViewOfFile
TerminateThread
SystemTimeToFileTime
SizeofResource
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
ReleaseMutex
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
OpenMutexA
OpenFileMappingA
OpenEventA
MultiByteToWideChar
MoveFileExA
MapViewOfFile
LockResource
LocalFileTimeToFileTime
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFree
GetWindowsDirectoryA
GetVersionExA
GetUserDefaultLangID
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetTempPathA
GetTempFileNameA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileInformationByHandle
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FlushViewOfFile
FlushFileBuffers
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateMutexA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA

gdi32

StretchDIBits
StretchBlt
SetTextColor
SetROP2
SetPixel
SetDIBits
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
Rectangle
MoveToEx
LineTo
GetTextExtentPoint32W
GetTextExtentPoint32A
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePen
CreatePalette
CreateFontIndirectA
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
OleSetMenuDescriptor
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoLockObjectExternal
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID

urlmon

CreateURLMoniker

wininet

InternetGetConnectedState
InternetSetCookieA
InternetReadFile
InternetOpenA
InternetGetCookieA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder

shfolder

SHGetFolderPathA

comctl32

ImageList_Create
InitCommonControls
InitCommonControls

Exports

Exports

CheckDownload
CheckDownloadEx
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DrawResourceJPEGPictureSize
GetResourceJPEGPictureSize
InstallPlugins
ProcessAfterinstall
ProcessDownload
ProcessDownloadInno
ProcessDownloadWait
RemovePlugins
StopDownloader

Sections

.text
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 479B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da6fc6e8ba0a0978db28fc6872273de4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

26:3a:9e:a3:5e:e9:21:7f:92:33:ab:d6:4f:c3:88:c0Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

ole32

urlmon

wininet

shell32

shfolder

comctl32

Exports

Exports

Sections

.text Size: 565KB - Virtual size: 564KB

.itext Size: 5KB - Virtual size: 4KB

.data Size: 13KB - Virtual size: 13KB

.bss Size: - Virtual size: 22KB

.idata Size: 10KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 479B

.reloc Size: 31KB - Virtual size: 31KB

.rsrc Size: 205KB - Virtual size: 205KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

26:3a:9e:a3:5e:e9:21:7f:92:33:ab:d6:4f:c3:88:c0
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

.text
Size: 565KB - Virtual size: 564KB

.itext
Size: 5KB - Virtual size: 4KB

.data
Size: 13KB - Virtual size: 13KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 10KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 479B

.reloc
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 205KB - Virtual size: 205KB