a35bd91062caabb980a85a32befb3180N

Sharing

Copy URL Twitter E-mail

General

Target

a35bd91062caabb980a85a32befb3180N
Size

1.1MB
MD5

a35bd91062caabb980a85a32befb3180
SHA1

86649d3f9551fa630c72b3aed7416532525034a4
SHA256

9241ccdef3e3f16e24dddaf8afcc26d4ce1a986e9a555dd7f40c6ad079b82b48
SHA512

37d08ae3aede7e15a492ab7e4a1f4cc32f2fd90ca5ab7fcf561a5a4f929b3ccb4911b4ff1f17649e9ecdf899c7febefd64261e5b0bd11edef3b3e7ac70e20d9c
SSDEEP

12288:tGoUtjuKqxFRHI+OUUCs1a9SIaaPFWuEg/wAIjSif/L/0IeLDmWNpDtBNZD8ROlT:YdCOUUjU9bPFW6HtLD/nDtBHD8RUlQMb

Score

1^/10

Malware Config

Signatures

Files

a35bd91062caabb980a85a32befb3180N
.exe windows:5 windows x86 arch:x86

5682aadc72585d7a8fcf137c340785b6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:37:76:8f:dd:89:f0:bb:86:7e:06:eb:1a:5b:06:2b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

31/08/2015, 00:00

Not After

06/09/2016, 23:59

Subject

CN=SEIKO EPSON CORPORATION,OU=Information Service & Support Department,O=SEIKO EPSON CORPORATION,L=Suwa-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:68:eb:be:2e:bf:b8:ae:35:06:59:af:72:55:b6:3f:2d:0d:3e:7c
Signer

Actual PE Digest

2b:68:eb:be:2e:bf:b8:ae:35:06:59:af:72:55:b6:3f:2d:0d:3e:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Deviceop.pdb

Imports

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
CM_Reenumerate_DevNode_Ex
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameW
SetupDiOpenDeviceInterfaceRegKey
SetupDiGetDeviceInstanceIdW
CM_Locate_DevNode_ExW

mscms

EnumColorProfilesW
AssociateColorProfileWithDeviceW
DisassociateColorProfileFromDeviceW
UninstallColorProfileW
InstallColorProfileW

kernel32

FlushFileBuffers
SetEndOfFile
GetCurrentProcess
SetErrorMode
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
TlsFree
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
ExitThread
CreateThread
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
LocalReAlloc
TlsSetValue
TlsAlloc
WritePrivateProfileStringW
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
lstrlenA
SuspendThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
InterlockedExchange
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetModuleHandleW
GetVersionExA
GlobalAlloc
LocalFree
lstrlenW
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
LoadLibraryA
ExpandEnvironmentStringsA
GetTimeZoneInformation
LoadLibraryExW
GetExitCodeThread
SetLastError
WriteFile
SetFilePointer
CreateEventW
ResetEvent
OutputDebugStringW
InterlockedDecrement
InterlockedIncrement
lstrcmpW
ResumeThread
SetEvent
FreeResource
IsDBCSLeadByteEx
ReadFile
Sleep
LoadLibraryW
WaitForSingleObject
FreeLibrary
GetUserDefaultLangID
CreateMutexW
CloseHandle
DeviceIoControl
LockResource
GetLastError
MultiByteToWideChar
CreateFileW
GetVersionExW
FormatMessageW
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
GetProcAddress
GetModuleFileNameW
GetPrivateProfileStringW
GetCurrentProcessId
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GlobalHandle
SetUnhandledExceptionFilter

user32

WindowFromPoint
GetSysColorBrush
UnregisterClassW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckRadioButton
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
GetKeyState
SetMenu
IsWindowVisible
GetClassInfoExW
GetClassInfoW
GetSysColor
AdjustWindowRectEx
CallWindowProcW
CopyRect
PtInRect
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
SetWindowContextHelpId
CharNextA
TrackPopupMenu
AppendMenuW
GetDesktopWindow
GetCursorPos
CreatePopupMenu
IsWindow
GetDlgCtrlID
EnableWindow
SetWindowLongW
GetWindowContextHelpId
GetWindowLongW
GetWindowRect
ScreenToClient
RealChildWindowFromPoint
CharPrevW
CharNextW
SendMessageW
GetSystemMetrics
ReleaseDC
GetDC
GetProcessDefaultLayout
DestroyIcon
LoadIconW
GetParent
DestroyMenu
MoveWindow
IsIconic
DrawIcon
GetClientRect
LoadStringW
GetDialogBaseUnits
IntersectRect
InvalidateRect
GetDlgItem
SetWindowPos
ShowWindow
LoadBitmapW
CreateWindowExW
MapWindowPoints
SetWindowTextW
GetWindow
SetTimer
GetMessageW
TranslateMessage
ValidateRect
GetWindowThreadProcessId
SetCursor
PostQuitMessage
EndPaint
BeginPaint
RegisterClassW
ClientToScreen
MessageBoxW
IsCharAlphaNumericW
IsCharAlphaW
DefWindowProcW
UpdateWindow
SetProcessDefaultLayout
FindWindowExW
RegisterClassExW
LoadCursorW
SetForegroundWindow
PeekMessageW
KillTimer
PostMessageW
RegisterWindowMessageW

gdi32

SetTextColor
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetClipBox
GetStockObject
CreateBitmap
CreatePen
BitBlt
CreatePalette
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
FillRgn
RealizePalette
SelectPalette
GetObjectW
CreateRectRgn
CreateDIBitmap
GetDeviceCaps
GetTextExtentPoint32W
RectVisible
PtVisible
MoveToEx
LineTo
SetMapMode
RestoreDC
SaveDC
SetBkColor
TextOutW

winspool.drv

GetPrinterDataW
ord203
DeletePrinter
ord204
SetPrinterW
ClosePrinter
AddPrinterW
EnumPrintProcessorsW
GetPrinterDriverW
GetPrinterW
EnumPrintersW
EnumMonitorsW
EnumPrinterDriversW
EnumPortsW
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegEnumValueW
RegCreateKeyExW
GetUserNameW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

OleUninitialize
OleInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
PropVariantClear
CoWaitForMultipleHandles
CoTaskMemFree

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5682aadc72585d7a8fcf137c340785b6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

48:37:76:8f:dd:89:f0:bb:86:7e:06:eb:1a:5b:06:2bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

2b:68:eb:be:2e:bf:b8:ae:35:06:59:af:72:55:b6:3f:2d:0d:3e:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

mscms

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

Sections

.text Size: 368KB - Virtual size: 368KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 73KB - Virtual size: 88KB

.rsrc Size: 562KB - Virtual size: 562KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

48:37:76:8f:dd:89:f0:bb:86:7e:06:eb:1a:5b:06:2b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

2b:68:eb:be:2e:bf:b8:ae:35:06:59:af:72:55:b6:3f:2d:0d:3e:7c
Signer

.text
Size: 368KB - Virtual size: 368KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 73KB - Virtual size: 88KB

.rsrc
Size: 562KB - Virtual size: 562KB