2bf240963affd12119a2a680774e9570N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2bf240963affd12119a2a680774e9570N.exe
Size

648KB
MD5

2bf240963affd12119a2a680774e9570
SHA1

1152ebacf302305ac5360d47731de49f5942af09
SHA256

a865e271d3cbe2fb5275edc09e5328e09ed71d884d3a2c15bd69a94d6105f8f6
SHA512

6514fe4f83ea1632c5028aad1816aff67064ac32abab6911d859d639015c1a8a435bfb8784df020b37fac9f4641a1af61a0f03e026f26395eb7ca315f5309ee1
SSDEEP

6144:d+V2Fom0MBI4Eln+QRmUKWtlLMgEFj1XmmYLua4Qp5SYgCFQafSxL8CwUy/SraTk:0V2Zz2PlxRTKWtlLMDnzY9XhhSH2h1aB

Score

1^/10

Malware Config

Signatures

Files

2bf240963affd12119a2a680774e9570N.exe
.exe windows:5 windows x86 arch:x86

a9c121f7e29b0522f47c12ce6f50cd56

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:4f:98:7a:76:9e:4a:35:3b:26:87:8a:3b:d3:d3:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/06/2013, 00:00

Not After

06/08/2016, 23:59

Subject

CN=Oracle America\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:1d:a7:1f:e5:b8:6c:f6:c4:02:1d:40:a4:ad:6c:47:f1:0e:c9:96
Signer

Actual PE Digest

39:1d:a7:1f:e5:b8:6c:f6:c4:02:1d:40:a4:ad:6c:47:f1:0e:c9:96

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\HUDSON\workspace\Autoupdate2.1-update\obj\jucheck\Release\jucheck.pdb

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA
RegQueryInfoKeyA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

version

VerQueryValueA
GetFileVersionInfoA

user32

ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
MapDialogRect
SetWindowContextHelpId
GetDlgCtrlID
LoadBitmapA
EndDialog
GetWindowRect
PtInRect
SetCursor
EnableWindow
RegisterClassA
ShowWindow
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetSystemMetrics
ClientToScreen
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
IsChild
wsprintfA
PeekMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjectsEx
SetWindowLongA
GetWindowLongA
GetDesktopWindow
MessageBoxA
LoadStringA
DefWindowProcA
GetSysColor
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
DestroyWindow
CharNextA
CallWindowProcA
GetClientRect
SetWindowPos
LoadImageA
UnregisterClassA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
MoveWindow

gdi32

StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
SetBkMode

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetGetConnectedState
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile
InternetTimeToSystemTime
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpAddRequestHeadersA
InternetTimeFromSystemTime
HttpOpenRequestA

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteA

kernel32

GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoW
HeapSize
HeapReAlloc
GetModuleFileNameW
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
CompareStringW
TlsAlloc
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
ExitProcess
EncodePointer
SetEnvironmentVariableA
VirtualQuery
IsValidCodePage
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetCurrentProcessId
GetTickCount
SystemTimeToTzSpecificLocalTime
LocalFree
GetSystemInfo
GetVersionExA
GetThreadLocale
FindResourceW
GetSystemTime
OpenEventA
CreatePipe
SetHandleInformation
ReadFile
LoadLibraryExA
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InterlockedExchange
LoadLibraryW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
WriteConsoleW
SetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleW
CreateFileW
DecodePointer
TlsGetValue
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetCommandLineA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcpynA
CreateEventA
CreateThread
ResetEvent
WaitForMultipleObjects
SetEvent
LoadResource
LockResource
GlobalHandle
GlobalFree
GlobalLock
GlobalUnlock
CloseHandle
WriteFile
lstrlenA
SetFilePointer
CreateFileA
GetTempPathA
lstrcatA
GetEnvironmentVariableA
LoadLibraryA
GetLastError
GetSystemDirectoryA
SetDllDirectoryA
SetLastError
CreateProcessA
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrlenW
WaitForSingleObject
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
lstrcmpA
SetEndOfFile
CompareFileTime
SystemTimeToFileTime
Sleep
FileTimeToSystemTime
GetFileTime
GetFileSize
GetExitCodeProcess
FormatMessageA
lstrcmpiA
DeleteFileA
GetCurrentThreadId
MulDiv
GetModuleFileNameA
InitializeCriticalSection

ole32

StringFromCLSID
CoInitialize
CoUninitialize
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CLSIDFromString

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9c121f7e29b0522f47c12ce6f50cd56

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0a:4f:98:7a:76:9e:4a:35:3b:26:87:8a:3b:d3:d3:deCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

39:1d:a7:1f:e5:b8:6c:f6:c4:02:1d:40:a4:ad:6c:47:f1:0e:c9:96Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

crypt32

version

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

Sections

.text Size: 203KB - Virtual size: 203KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 212KB - Virtual size: 211KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0a:4f:98:7a:76:9e:4a:35:3b:26:87:8a:3b:d3:d3:de
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

39:1d:a7:1f:e5:b8:6c:f6:c4:02:1d:40:a4:ad:6c:47:f1:0e:c9:96
Signer

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 212KB - Virtual size: 211KB