c8f85e71dc2629caa5ba8af092af2d60N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c8f85e71dc2629caa5ba8af092af2d60N.exe
Size

1.1MB
MD5

c8f85e71dc2629caa5ba8af092af2d60
SHA1

1fbfb55940c2960406de4c8e39b9e122420c4cf5
SHA256

c547f1deab1f73f023b5e527d7ae8c13753741be5aa4f08777ed0aafffa65882
SHA512

38a977ad0dcfb7de084eb578cdc4ba549c7383bbbc7282da32590584a3472d32f5abd13f99e60bb78593d2265f91947ef0fe4ea74cc42dd641adbd7e75a0d78f
SSDEEP

24576:4mMYMPiELhNxwZNzUblAv3lxmKkx6R5IJeHSO:qhNx+NCGqx6R5IEHb

Score

1^/10

Malware Config

Signatures

Files

c8f85e71dc2629caa5ba8af092af2d60N.exe
.exe windows:5 windows x86 arch:x86

155cf0e19798ae2a1ac2798124785f60

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

46:45:0e:d6:d9:b0:fa:f5:a4:7d:51:2b:64:40:d2:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/12/2014, 00:00

Not After

07/02/2016, 23:59

Subject

CN=Crypto-Pro,O=Crypto-Pro,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:3f:6e:6e:e9:57:e6:1f:6e:b9:82:a6:92:ef:40:2e:aa:33:0f:f5
Signer

Actual PE Digest

cb:3f:6e:6e:e9:57:e6:1f:6e:b9:82:a6:92:ef:40:2e:aa:33:0f:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\trunk\CSP\out\win32\debug\csptest.pdb

Imports

rpcrt4

UuidToStringW
RpcStringFreeW

crypt32

CertFindChainInStore
CertEnumCertificateContextProperties
CertNameToStrW
CryptDecodeObjectEx
CryptHashCertificate
CertGetSubjectCertificateFromStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CryptVerifyCertificateSignature
CryptUnprotectData
CryptGetMessageCertificates
CertGetIssuerCertificateFromStore
CertFindExtension
CertStrToNameW
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertCreateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertFindCertificateInStore
CryptEnumOIDInfo
CertOIDToAlgId
CryptSignMessage
CertAlgIdToOID
CryptAcquireCertificatePrivateKey
CryptVerifyDetachedMessageSignature
CryptVerifyMessageSignature
CryptMsgClose
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToEncode
CryptMsgControl
CertCompareIntegerBlob
CertCompareCertificateName
CryptMsgOpenToDecode
CryptEncryptMessage
CryptDecryptMessage
CryptFindOIDInfo
CryptImportPublicKeyInfoEx
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CryptEncodeObject
CertAddEncodedCertificateToStore
CryptDecodeObject
CryptSignAndEncryptMessage
CryptDecryptAndVerifyMessageSignature
CryptMsgCalculateEncodedLength
CryptImportPublicKeyInfo
CertFreeCRLContext
CertAddCRLContextToStore
CertCreateCRLContext
CryptExportPublicKeyInfo
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CryptSignAndEncodeCertificate

winscard

g_rgSCardT0Pci
g_rgSCardT1Pci
SCardTransmit
SCardReconnect
SCardBeginTransaction
SCardStatusW
SCardConnectW
SCardDisconnect
SCardGetStatusChangeW
SCardEstablishContext
SCardListReadersW
SCardReleaseContext
SCardEndTransaction

shlwapi

PathFileExistsW
PathFindExtensionW

kernel32

GetCurrentDirectoryW
GetFileInformationByHandle
CreateMutexW
ReleaseMutex
GetTickCount
LocalAlloc
FormatMessageW
GetSystemDirectoryA
LoadLibraryA
GetConsoleOutputCP
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
FreeLibrary
LoadLibraryW
GetProcAddress
FileTimeToSystemTime
WaitForSingleObject
GetExitCodeThread
LocalFree
GetCurrentThread
GetThreadTimes
GetLogicalDriveStringsW
GetSystemTime
SystemTimeToFileTime
WriteFile
GetProcessHeap
CreateFileW
GetFileSize
HeapAlloc
ReadFile
CloseHandle
HeapFree
CompareFileTime
Sleep
GetVersionExW
InterlockedExchange
RaiseException
OutputDebugStringA
OutputDebugStringW
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleA
WideCharToMultiByte
ResetEvent
CreateEventW
GetCurrentProcess
lstrlenW
DebugBreak
IsBadReadPtr
IsBadStringPtrW
VerSetConditionMask
VerifyVersionInfoW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
ExpandEnvironmentStringsW
DeviceIoControl
HeapValidate
WriteConsoleW
GetFileType
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
CreateThread
ExitThread
InterlockedIncrement
InterlockedDecrement
DeleteFileW
ExitProcess
GetTimeZoneInformation
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetSystemInfo
VirtualQuery
DeleteFileA
lstrlenA
DeleteCriticalSection
GetModuleFileNameA
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStartupInfoA
LCMapStringA
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetCurrentProcessId
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetFilePointer
SetStdHandle
WriteConsoleA
GetLocaleInfoW
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InitializeCriticalSection
SetEvent
OpenEventA
CreateFileMappingA
SetLastError
MultiByteToWideChar
GetLastError
SetErrorMode
FindFirstFileW
FindClose
FindNextFileW
GetDriveTypeW
GetModuleHandleW

advapi32

CryptEnumProviderTypesW
GetSidSubAuthority
GetSidIdentifierAuthority
CopySid
OpenThreadToken
OpenProcessToken
RegNotifyChangeKeyValue
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
IsValidSid
RegEnumValueW
CryptDuplicateKey
CryptDecrypt
CryptDuplicateHash
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
CryptGenRandom
CryptSetProviderExW
CryptEnumProvidersW
CryptVerifySignatureW
CryptSignHashW
CryptGetHashParam
CryptSetHashParam
CryptHashData
CryptEncrypt
CryptImportKey
CryptExportKey
CryptCreateHash
CryptDeriveKey
CryptSetKeyParam
CryptGenKey
CryptDestroyHash
CryptSetProvParam
CryptGetDefaultProviderW
CryptGetKeyParam
CryptGetUserKey
CryptDestroyKey
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
RegSetValueExW
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
BuildExplicitAccessWithNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegCreateKeyExW
RegSetKeySecurity
RevertToSelf
SetThreadToken
GetSidSubAuthorityCount

shell32

ShellExecuteW

user32

wsprintfW

Sections

.text
Size: 737KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

155cf0e19798ae2a1ac2798124785f60

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

46:45:0e:d6:d9:b0:fa:f5:a4:7d:51:2b:64:40:d2:3eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cb:3f:6e:6e:e9:57:e6:1f:6e:b9:82:a6:92:ef:40:2e:aa:33:0f:f5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

crypt32

winscard

shlwapi

kernel32

advapi32

shell32

user32

Sections

.text Size: 737KB - Virtual size: 736KB

.rdata Size: 276KB - Virtual size: 276KB

.data Size: 14KB - Virtual size: 1.1MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 60KB - Virtual size: 59KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

46:45:0e:d6:d9:b0:fa:f5:a4:7d:51:2b:64:40:d2:3e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cb:3f:6e:6e:e9:57:e6:1f:6e:b9:82:a6:92:ef:40:2e:aa:33:0f:f5
Signer

.text
Size: 737KB - Virtual size: 736KB

.rdata
Size: 276KB - Virtual size: 276KB

.data
Size: 14KB - Virtual size: 1.1MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 60KB - Virtual size: 59KB