9d6309d9a79c68ec254be3f2bbe816c0N

Sharing

Copy URL Twitter E-mail

General

Target

9d6309d9a79c68ec254be3f2bbe816c0N
Size

350KB
MD5

9d6309d9a79c68ec254be3f2bbe816c0
SHA1

966629e0a75173510b2a6775127e0626f464b3aa
SHA256

e7203b775751eba70fb1b4a304451c0bd4c8b3d8f79e39daf765a53cb0b60e99
SHA512

4fb176b1c419bfea62ed73dbd74044dcfa89b3677670a625199b4fbfa087c4c8fe55a931feda158b04701faab5c47f9175679600da3342d60d4129d4bbc7c727
SSDEEP

6144:tsu9Ta+2Js8tb9nQWjQEDhTj0tLpT6R9EO+:tsu9TS9b9nVj7DhwtE5+

Score

1^/10

Malware Config

Signatures

Files

9d6309d9a79c68ec254be3f2bbe816c0N
.exe windows:5 windows x86 arch:x86

6139722f7e3978b46a9b1b4848b45ab4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Vejoz Tulio,O=Tyjac Lusbomefail Guc,L=Tynsinaodoul,ST=Buger,C=US

Not Before

26/10/2015, 04:41

Not After

25/10/2016, 04:41

Subject

CN=Migkhx Oawar,O=Tyjac Lusbomefail Guc,L=Tynsinaodoul,ST=Buger,C=US

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:b1:51:cb:62:8f:2c:36:d1:35:87:82:f5:7c:4a:94:1b:90:53:b7
Signer

Actual PE Digest

01:b1:51:cb:62:8f:2c:36:d1:35:87:82:f5:7c:4a:94:1b:90:53:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
Sleep
LoadResource
SizeofResource
ReadFile
SetFilePointer
CloseHandle
MulDiv
lstrcmpW
lstrcmpiW
CreateMutexW
CreateEventW
CreateWaitableTimerW
LoadLibraryA
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
FindResourceW
CreateFileW
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetLastError
SetFilePointerEx
GetFileType
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
ExitThread
EncodePointer
GetStringTypeW
OutputDebugStringW
IsDebuggerPresent
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetCurrentThreadId
CreateThread
RaiseException
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
FlushInstructionCache
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
DecodePointer
GlobalAlloc
GetProcAddress
FreeLibrary
LockResource
QueryPerformanceCounter

user32

ShowWindow
MoveWindow
SetWindowPos
DialogBoxIndirectParamW
PostMessageW
GetDlgItem
SendDlgItemMessageW
CharUpperW
SendMessageW
DestroyWindow
IsChild
IsWindow
CreateWindowExW
PostThreadMessageW
FillRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetParent
GetClassNameW
GetWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
RegisterWindowMessageW
CharNextW
SetFocus
GetActiveWindow
GetFocus
MapDialogRect
GetWindowInfo
EndDialog
GetSysColor
ScreenToClient
ClientToScreen
GetCursorPos
SetWindowContextHelpId
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenuEx
GetSubMenu
DestroyMenu
LoadMenuW
GetSystemMetrics
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
SetTimer
ReleaseCapture
SetCapture

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetStockObject
SelectObject
GetObjectW
BitBlt
GetDeviceCaps

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyA
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

CommandLineToArgvW
SHGetFolderPathW
ord165

ole32

CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CoInitialize
StringFromGUID2

oleaut32

SysAllocStringLen
SysFreeString
OleCreateFontIndirect
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantInit
SysStringLen
SysAllocString

shlwapi

PathAppendA
PathRemoveFileSpecW
PathStripPathW
PathAppendW
PathRemoveFileSpecA

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

psapi

GetModuleFileNameExW
EnumProcessModules

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FIBTYAS
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6139722f7e3978b46a9b1b4848b45ab4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

01:b1:51:cb:62:8f:2c:36:d1:35:87:82:f5:7c:4a:94:1b:90:53:b7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

psapi

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 7KB - Virtual size: 15KB

.FIBTYAS Size: 1024B - Virtual size: 1024B

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

01:b1:51:cb:62:8f:2c:36:d1:35:87:82:f5:7c:4a:94:1b:90:53:b7
Signer

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 7KB - Virtual size: 15KB

.FIBTYAS
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 12KB - Virtual size: 11KB