ac062bfb27e2882f7bcde084c8aec350N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ac062bfb27e2882f7bcde084c8aec350N.exe
Size

787KB
MD5

ac062bfb27e2882f7bcde084c8aec350
SHA1

d47475fdc10a51c6192cc45d89a837d46baf7de1
SHA256

69dad0847c7a097cfba9d7ab1958663ce59cb432503c8243900018f674c692d2
SHA512

c0c127a3127727d71ea0f30e8e344a5a42a6a75b46651c16b40249327fa69ccf2302e35e6add73ba6bf8e647eddfaca5c87544e58a58a2c30696221726f14a22
SSDEEP

12288:7NBqvVs6+k8IDH6TFQkWUPifHDN6yVSv38sLuFPcLLLUJwHej2CRWf6YoD2ZdtiR:H0VqIz6TCbEv3jscvLBejYVDM

Score

1^/10

Malware Config

Signatures

Files

ac062bfb27e2882f7bcde084c8aec350N.exe
.exe windows:4 windows x86 arch:x86

ea9685222781ebae6b29b48bd02414ec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:a1:04:69:97:b8:cb:4a:9b:d2:f2:c9:74:19:7a:eb
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

26/03/2014, 00:00

Not After

05/04/2016, 23:59

Subject

CN=PC PAL,OU=Software Development,O=PC PAL,L=Wissous,ST=Essonne,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
keybd_event
SetFocus
MessageBoxW
MessageBoxA
LoadStringW
LoadStringA
GetSystemMetrics
GetForegroundWindow
GetAsyncKeyState
FindWindowA
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenW
WritePrivateProfileStringW
WritePrivateProfileStringA
WriteFile
WaitForSingleObject
VirtualQuery
UpdateResourceW
SizeofResource
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryExA
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileType
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetConsoleTitleA
GetCPInfo
FreeResource
FreeLibrary
FreeConsole
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
EnumCalendarInfoA
EnterCriticalSection
EndUpdateResourceW
DeleteCriticalSection
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
BeginUpdateResourceW
Sleep

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumA
WNetGetUniversalNameA
WNetEnumResourceA
WNetCloseEnum

ole32

CoTaskMemFree
CoUninitialize
CoInitialize

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetDesktopFolder
SHBrowseForFolderW

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea9685222781ebae6b29b48bd02414ec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

7c:a1:04:69:97:b8:cb:4a:9b:d2:f2:c9:74:19:7a:ebCertificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

version

mpr

ole32

shell32

Sections

.text Size: 144KB - Virtual size: 144KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 12KB

.bss Size: - Virtual size: 19KB

.idata Size: 5KB - Virtual size: 4KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 9KB - Virtual size: 9KB

.rsrc Size: 606KB - Virtual size: 605KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

7c:a1:04:69:97:b8:cb:4a:9b:d2:f2:c9:74:19:7a:eb
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

.text
Size: 144KB - Virtual size: 144KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 12KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 5KB - Virtual size: 4KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 606KB - Virtual size: 605KB