ce11c26163587185b09cb6720e4f0d76[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

ce11c26163587185b09cb6720e4f0d76.bin
Size

203KB
MD5

00b52493a0fda8eb4577aefebce95181
SHA1

d276e2d26a7f3a40243ca7d75dde47ea4ca3d008
SHA256

55451505161cd7ac441942f034913ea8fff521173480745b717248fc6ef31e85
SHA512

3e07bfafa16fb4e8c4884f30fee279565869d2a9d3c7b5beda72e379e941f9e551be945d65b52745412779c1dec099ed34eb4a280426166f5b4ce44bc0bf9472
SSDEEP

6144:DZm8MV4fMcfF4aNZjyHG9vsEm77LHCKnv64rPms1:DZm54fAbm9kL7HCKv64rH

Score

1^/10

Malware Config

Signatures

Files

ce11c26163587185b09cb6720e4f0d76.bin
.zip

Password: infected
dc1c6d303002b580188a6d25d471d95d5a001186f85db279aca2e2de98527b92.exe
.exe windows:4 windows x86 arch:x86

Password: infected

5dbe4621616d081e3440b0469a9471ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2
Signer

Actual PE Digest

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
GetComputerNameA
GetCalendarInfoA
TlsAlloc
CreateDirectoryW
GetMailslotInfo
GetModuleFileNameW
GetCalendarInfoW
GetPriorityClass
GetUserDefaultLCID
GlobalFindAtomA
GetProcAddress
FindAtomW
FileTimeToLocalFileTime
EnumDateFormatsW
OpenEventA
GetLocaleInfoW
lstrcmpiW
SetLocaleInfoW
GetEnvironmentVariableW
GetExitCodeProcess
MulDiv
SetUnhandledExceptionFilter
GetNamedPipeInfo
EndUpdateResourceW
SetComputerNameA
GetProcessHeap
SetPriorityClass
FreeResource
GetModuleHandleW
QueryPerformanceFrequency
GetFileAttributesW
CompareStringA
LoadLibraryA
IsDebuggerPresent
HeapCreate
CreateNamedPipeW
GetThreadPriority
OpenMutexW
ExpandEnvironmentStringsA
lstrcmpi
GetEnvironmentStringsA
FileTimeToDosDateTime
GetCommandLineA
lstrcpynW
GetDiskFreeSpaceW
lstrcmp
GetCurrentDirectoryA

user32

AnimateWindow
GetWindowRgn
GetClassInfoA
CreateDialogParamA
GetClassInfoExW
EnumChildWindows
RegisterClassA
DrawTextA
SetFocus
MessageBoxIndirectW
MonitorFromPoint
ClientToScreen
DefWindowProcA
LoadImageA
ActivateKeyboardLayout
GetTopWindow
LoadMenuIndirectA
MessageBoxA
GetDC
UnregisterClassW
mouse_event
GetMenuState
SetCursor
ShowCursor
IsDlgButtonChecked
CheckDlgButton
SetParent
keybd_event
DrawTextW
SetDlgItemInt
FrameRect
RegisterClassExW
RemoveMenu
SendMessageA
TrackPopupMenuEx
GetForegroundWindow
LoadMenuA
GetDlgItemTextW
CreateDialogIndirectParamW
SetDlgItemTextW
MessageBeep
SetActiveWindow
CharNextA
GetMenu
UpdateLayeredWindow
SetWindowLongA
CloseWindow
MessageBoxW
EndDialog
IsIconic
CreateAcceleratorTableA

gdi32

PtInRegion
SetWorldTransform
CreateEnhMetaFileW
CreateDCW
CreateMetaFileW
TranslateCharsetInfo
EnumFontsA
ScaleViewportExtEx
CreateCompatibleDC
GetDIBits
RemoveFontResourceW
SetPixel
GetEnhMetaFileDescriptionA

advapi32

RegCreateKeyExW
RegOpenKeyW
RegRestoreKeyA
RegOpenKeyA
RegSaveKeyW
RegReplaceKeyA

shlwapi

SHDeleteEmptyKeyA
PathFindNextComponentW
StrCpyW
PathStripPathA
SHCopyKeyW
PathIsURLW
SHRegQueryInfoUSKeyW
PathCreateFromUrlA

oleaut32

VarR4FromR8

winmm

mciSendStringW
mciSendStringA

winspool.drv

DeleteFormA

Sections

.sX
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RqVY
Size: 1KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lziQh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EXGwv
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 167KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 4KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.E
Size: 4KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5dbe4621616d081e3440b0469a9471ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

oleaut32

winmm

winspool.drv

Sections

.sX Size: 4KB - Virtual size: 4KB

.RqVY Size: 1KB - Virtual size: 255KB

.i Size: 14KB - Virtual size: 13KB

.lziQh Size: 4KB - Virtual size: 4KB

.EXGwv Size: 4KB - Virtual size: 142KB

.data Size: 167KB - Virtual size: 535KB

.I Size: 4KB - Virtual size: 279KB

.E Size: 4KB - Virtual size: 452KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 950B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2
Signer

.sX
Size: 4KB - Virtual size: 4KB

.RqVY
Size: 1KB - Virtual size: 255KB

.i
Size: 14KB - Virtual size: 13KB

.lziQh
Size: 4KB - Virtual size: 4KB

.EXGwv
Size: 4KB - Virtual size: 142KB

.data
Size: 167KB - Virtual size: 535KB

.I
Size: 4KB - Virtual size: 279KB

.E
Size: 4KB - Virtual size: 452KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 950B