1cefcd3b9e2d5fa9a262c1e09c6752d68417b8b4989a4c011e5d1ccc2c61ab29

Sharing

Copy URL Twitter E-mail

General

Target

1cefcd3b9e2d5fa9a262c1e09c6752d68417b8b4989a4c011e5d1ccc2c61ab29
Size

1.2MB
MD5

189b20a92cbf9f6c96b5cd577bb832cd
SHA1

41c408f356801bb0cd341706123f5ec680044f77
SHA256

1cefcd3b9e2d5fa9a262c1e09c6752d68417b8b4989a4c011e5d1ccc2c61ab29
SHA512

95ae03fcc3fcb0b1cd36902638a77cc079cff9f35969d92c247037d050f4379d8d582896c88a7f506873bf04d45e38e374cb75c4c947d3186467cec83b73c668
SSDEEP

24576:Fk600dKNelsLTU3ldrp5BnurO/Lq3BSZ1Eb5+iXc3DIJutlZ+M:Gelsafrhuq/uk45+7BtlZJ

Score

1^/10

Malware Config

Signatures

Files

1cefcd3b9e2d5fa9a262c1e09c6752d68417b8b4989a4c011e5d1ccc2c61ab29
.exe windows:5 windows x86 arch:x86

1ddf5cc1873ff9752f8fc91bb10b6eae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:dd:db:db:3e:c6:20:9b:2f:7b:11:3a:ed:35:d1:1d:d4
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

01/08/2013, 02:57

Not After

28/09/2014, 06:45

Subject

CN=KASHU SYSTEM DESIGN INC.,OU=Development,O=KASHU SYSTEM DESIGN INC.,L=KAMEOKA,ST=KYOTO,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:0a:91:de:eb:d5:e7:5d:31:7e:da:f2:67:d3:84:21:f4:d3:51:09
Signer

Actual PE Digest

fc:0a:91:de:eb:d5:e7:5d:31:7e:da:f2:67:d3:84:21:f4:d3:51:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
ord17

wininet

HttpEndRequestW
InternetGetLastResponseInfoW
HttpOpenRequestW
InternetConnectW
InternetReadFile
HttpSendRequestExW
InternetOpenW
InternetCloseHandle

kernel32

CloseHandle
FreeLibrary
LoadLibraryW
CreateFileW
GetProcAddress
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
Sleep
lstrcpyW
TryEnterCriticalSection
LeaveCriticalSection
GetTickCount
DeviceIoControl
InterlockedIncrement
InterlockedDecrement
CopyFileW
DeleteFileW
InitializeCriticalSection
EnterCriticalSection
GetExitCodeThread
RemoveDirectoryW
DeleteCriticalSection
GetDiskFreeSpaceW
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GetLocalTime
GetCommandLineW
CreateMutexW
ReadFile
GetFileInformationByHandle
GetCurrentProcess
OpenProcess
ReadProcessMemory
FindResourceW
LoadResource
SizeofResource
LockResource
SetFilePointerEx
WriteFile
FlushFileBuffers
SetThreadLocale
GetUserDefaultUILanguage
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
CreateFileA
lstrlenA
GetFileAttributesA
FindFirstFileA
SetFileAttributesA
GetCurrentDirectoryA
lstrlenW
LocalAlloc
LocalFree
WideCharToMultiByte
MultiByteToWideChar
ExpandEnvironmentStringsA
LoadLibraryA
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
CreateFileMappingW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
PeekNamedPipe
GetFullPathNameW
GetConsoleMode
GetConsoleCP
RtlUnwind
GetModuleFileNameA
GetStdHandle
HeapReAlloc
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
WaitForSingleObject
CreateProcessW
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetDiskFreeSpaceExW
WritePrivateProfileStringW
WritePrivateProfileSectionW
FormatMessageW
GetProcessHeap
GetModuleHandleW
HeapFree
HeapAlloc
GetModuleFileNameW
GetLastError
GetCPInfo
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
CreateDirectoryA
GetSystemTimeAsFileTime
ExitProcess
CreateThread
GetCurrentThreadId
ExitThread
GetFileAttributesW
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
VirtualAlloc
VirtualFree
SetFilePointer
GetTempPathW
GetTempFileNameW
RaiseException
InterlockedExchange
GetExitCodeProcess

user32

MessageBoxW
SetWindowTextW
SendMessageW
EndDialog
SetWindowLongW
GetDlgItem
GetWindowLongW
InvalidateRect
GetWindowTextA
DialogBoxParamW
wsprintfW
MessageBoxA
PostMessageW
EnumWindows
GetClassNameW
FindWindowExW
OffsetRect
GetDesktopWindow
SetWindowTextA
GetMessageW
TranslateMessage
IsDialogMessageW
DispatchMessageW
LoadStringW
GetParent
GetWindowTextW
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
DestroyWindow
PostQuitMessage
GetSubMenu
SetForegroundWindow
GetMenu
LoadIconW
EnableMenuItem
RegisterDeviceNotificationW
ShowWindow
CreateDialogParamW
DrawMenuBar
GetSystemMetrics
IsWindowVisible
UpdateWindow
SetMenuItemInfoW
MoveWindow
ScreenToClient
GetWindowRect
GetClientRect
SetWindowPos
CreateWindowExW
SetTimer
KillTimer
EnableWindow

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW

shell32

ShellExecuteW
ord680
CommandLineToArgvW
SHChangeNotify

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantClear
VariantCopy
VariantInit
VariantChangeType
SysFreeString
SysAllocString

setupapi

SetupDiEnumDeviceInterfaces
CM_Locate_DevNodeW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceInstanceIdW
CM_Get_Parent
CM_Get_Sibling
CM_Get_Child
CM_Get_Device_IDW
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

psapi

EnumProcesses

shlwapi

SHDeleteKeyW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 878KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ddf5cc1873ff9752f8fc91bb10b6eae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:dd:db:db:3e:c6:20:9b:2f:7b:11:3a:ed:35:d1:1d:d4Certificate

Extended Key Usages

Key Usages

fc:0a:91:de:eb:d5:e7:5d:31:7e:da:f2:67:d3:84:21:f4:d3:51:09Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

wininet

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

setupapi

psapi

shlwapi

iphlpapi

Sections

.text Size: 248KB - Virtual size: 248KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 7KB - Virtual size: 4.1MB

.rsrc Size: 878KB - Virtual size: 878KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:dd:db:db:3e:c6:20:9b:2f:7b:11:3a:ed:35:d1:1d:d4
Certificate

fc:0a:91:de:eb:d5:e7:5d:31:7e:da:f2:67:d3:84:21:f4:d3:51:09
Signer

.text
Size: 248KB - Virtual size: 248KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 7KB - Virtual size: 4.1MB

.rsrc
Size: 878KB - Virtual size: 878KB