af74708e5eb0a31291a69760b3cf84a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

af74708e5eb0a31291a69760b3cf84a0N.exe
Size

206KB
MD5

af74708e5eb0a31291a69760b3cf84a0
SHA1

63ee7c30802a34f5e0ac777895d3819ddcc7c578
SHA256

884a71af10492a5cf745e38d9c2ae31d61a1344217ca264baccb73eb2e034fa8
SHA512

a6e2a649072d09dd22f76ff60ce41cd1387412b3475351456ea0167035ff2a164654166e4e7bae090ecd032d8960d653b7b51138ff2cd63d40878fab27b8648c
SSDEEP

3072:97qi2j/vYgjohjIlwJPCC8TqrmHlfBP6kM+jOHP/F3M2kw+1alvYIu:97qXYgGkwATII9BPlMbWF1hIu

Score

1^/10

Malware Config

Signatures

Files

af74708e5eb0a31291a69760b3cf84a0N.exe
.dll windows:5 windows x64 arch:x64

c7b42deb7f929ca44c5810c36f29209c

Code Sign

f3:9f:5e:50:96:77:9b:72:82:2c:f8:38:11:66:a4:32
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/04/2015, 00:00

Not After

14/04/2016, 23:59

Subject

CN=Digit Network (Extreme White Limited),O=Digit Network (Extreme White Limited),POSTALCODE=2373,STREET=Tassou Papadopulu 6 (flat/office 22),L=Nicosia,ST=Agios Dometios,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e0:e8:57:6b:98:88:1e:49:bb:ea:e2:5c:c3:a3:92:93:b2:ce:ee:fa
Signer

Actual PE Digest

e0:e8:57:6b:98:88:1e:49:bb:ea:e2:5c:c3:a3:92:93:b2:ce:ee:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetConsoleMode
GetCurrentProcess
WaitForSingleObject
WriteFile
InitializeCriticalSection
LeaveCriticalSection
ReadFile
CreateFileW
GetOverlappedResult
GetLastError
EnterCriticalSection
ResetEvent
GetFileType
CreateEventW
WaitForMultipleObjects
CancelIo
SetFilePointerEx
DeleteCriticalSection
CloseHandle
GetTimeZoneInformation
GetProcAddress
LoadLibraryA
PeekNamedPipe
FreeLibrary
SleepEx
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
DisableThreadLibraryCalls
GetDiskFreeSpaceW
GetModuleFileNameA
FindNextFileW
CreateThread
SetStdHandle
OpenEventW
GetCommandLineA
GetConsoleCP
FlushFileBuffers
GetStringTypeW
Sleep
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
WriteConsoleW
GetCurrentThreadId
RtlLookupFunctionEntry
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapSize
GetStdHandle
HeapFree
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
LoadLibraryExW
HeapReAlloc
OutputDebugStringW
LCMapStringW

advapi32

RegQueryValueExA
RegOpenKeyExA

ole32

StringFromIID
CoTaskMemFree

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7b42deb7f929ca44c5810c36f29209c

Code Sign

f3:9f:5e:50:96:77:9b:72:82:2c:f8:38:11:66:a4:32Certificate

Extended Key Usages

Key Usages

e0:e8:57:6b:98:88:1e:49:bb:ea:e2:5c:c3:a3:92:93:b2:ce:ee:faSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

advapi32

ole32

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 6KB - Virtual size: 5KB

f3:9f:5e:50:96:77:9b:72:82:2c:f8:38:11:66:a4:32
Certificate

e0:e8:57:6b:98:88:1e:49:bb:ea:e2:5c:c3:a3:92:93:b2:ce:ee:fa
Signer

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 6KB - Virtual size: 5KB