056883edcf196376ad71f5c5f518cdb434be9453edbb7b10ed498a1e0395f9c9

Sharing

Copy URL Twitter E-mail

General

Target

056883edcf196376ad71f5c5f518cdb434be9453edbb7b10ed498a1e0395f9c9
Size

733KB
MD5

4e25a4560cfe55593e9ba63455d06d13
SHA1

bc3e9eea869bee82b40c8dd7c29f02b3428967a1
SHA256

056883edcf196376ad71f5c5f518cdb434be9453edbb7b10ed498a1e0395f9c9
SHA512

547ef6ed480059cd6958f14791a35d00775e3e5aa881207141993d29ae2d0710de2bdc7f72b0250815bd23e7fa2f642c1681774ec4ec0845ac087eeb352728db
SSDEEP

12288:6ZPX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+YrBjvrEH701:yE6Ehg7mM+M6RkMkIM7gE6Eh67ZrEH7k

Score

1^/10

Malware Config

Signatures

Files

056883edcf196376ad71f5c5f518cdb434be9453edbb7b10ed498a1e0395f9c9
.exe windows:6 windows x86 arch:x86

21ce449bac952d12788282110fbde738

Code Sign

61:08:77:5f:00:00:00:00:00:4a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/07/2010, 22:53

Not After

19/10/2011, 22:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:04:b3:f5:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:13

Not After

25/07/2011, 19:23

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

e5:0e:46:6a:75:e3:7b:78:06:31:11:32:55:2d:a0:22:20:5c:14:43
Signer

Actual PE Digest

e5:0e:46:6a:75:e3:7b:78:06:31:11:32:55:2d:a0:22:20:5c:14:43

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iexplore.pdb

Imports

advapi32

TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

kernel32

CreateFileW
GetWindowsDirectoryW
TerminateProcess
DeleteCriticalSection
HeapSetInformation
SetErrorMode
InitializeCriticalSection
LoadLibraryW
GetVersionExW
GetProcAddress
GetModuleHandleW
IsWow64Process
GetCurrentProcess
RaiseException
LoadLibraryA
GetSystemDefaultLCID
GetUserDefaultLCID
GetFileTime
GetCommandLineW
LocalAlloc
ExpandEnvironmentStringsW
CreateProcessW
LocalFree
lstrlenW
SetDllDirectoryW
GetLastError
SetLastError
CloseHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
FreeLibrary
GetLocaleInfoW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
LoadResource
FindResourceExW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ReleaseMutex
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
VerifyVersionInfoW
GetCurrentDirectoryW
GetModuleFileNameW
VerSetConditionMask

user32

CharNextW
SendMessageTimeoutW
IsWindowVisible
IsWindowEnabled
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowExW
MessageBoxW
LoadStringW

msvcrt

??2@YAPAXI@Z
_onexit
_lock
__dllonexit
_unlock
_controlfp
?terminate@@YAXXZ
memcpy
??3@YAXPAX@Z
bsearch
_vsnwprintf
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncmp
iswspace
memset
_wcsnicmp
_wcsicmp

ntdll

RtlUnwind

shlwapi

PathCombineW
UrlCanonicalizeW
ord462
PathIsURLW
SHGetValueW
SHSetValueW
SHRegGetValueW
ord437
ord154
PathRemoveFileSpecW
PathAppendW
PathQuoteSpacesW
UrlCreateFromPathW
UrlApplySchemeW
SHEnumValueW
StrStrW
PathFindFileNameW
ord158

shell32

CommandLineToArgvW
ord147

ole32

CoInitialize
CoUninitialize

iertutil

ord31
ord58
ord44
ord9
ord46
ord650
ord163
ord74
ord85
ord81
ord79
ord32
ord325
ord42

urlmon

ord104
ord111
ord410

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21ce449bac952d12788282110fbde738

Code Sign

61:08:77:5f:00:00:00:00:00:4aCertificate

Extended Key Usages

Key Usages

61:04:b3:f5:00:00:00:00:00:0dCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

e5:0e:46:6a:75:e3:7b:78:06:31:11:32:55:2d:a0:22:20:5c:14:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

iertutil

urlmon

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 604KB - Virtual size: 604KB

.reloc Size: 3KB - Virtual size: 2KB

61:08:77:5f:00:00:00:00:00:4a
Certificate

61:04:b3:f5:00:00:00:00:00:0d
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

e5:0e:46:6a:75:e3:7b:78:06:31:11:32:55:2d:a0:22:20:5c:14:43
Signer

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 604KB - Virtual size: 604KB

.reloc
Size: 3KB - Virtual size: 2KB