2da314cbd6829d455e9ebd82f335baa431d723d05d4fd67f3c4f4aff034fdbab

Sharing

Copy URL Twitter E-mail

General

Target

2da314cbd6829d455e9ebd82f335baa431d723d05d4fd67f3c4f4aff034fdbab
Size

901KB
MD5

5b65b73b8dae0c84ad6da68ef138590d
SHA1

addb065b7dbed4e2c174ff8957a9458d9c5dd255
SHA256

2da314cbd6829d455e9ebd82f335baa431d723d05d4fd67f3c4f4aff034fdbab
SHA512

0ce9205e0bbdf94b87d2ed8fca993aa1fabe0cbc1be01c8ce9ab51e95801a99fb2569dbd612585d49b1275c7bd69dba288e8fd6cbe20a571755a6897a8005258
SSDEEP

24576:ub/2u7+C0nl0KJSSTK1ywcPOss/YiEK6y4s47ahxdBKmnvr4:OOI+x0KQSTK1ywcPOssAikXqxvZvM

Score

1^/10

Malware Config

Signatures

Files

2da314cbd6829d455e9ebd82f335baa431d723d05d4fd67f3c4f4aff034fdbab
.exe windows:6 windows x86 arch:x86

40c3acce3e69f55263fcf22cd22c95dc

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:66:35:72:09:75:0f:a1:10:c3:42:47:a7:6c:92:bf:b2:09:90:dc:f5:b1:ae:19:13:43:66:00:a9:2e:61:a6
Signer

Actual PE Digest

7d:66:35:72:09:75:0f:a1:10:c3:42:47:a7:6c:92:bf:b2:09:90:dc:f5:b1:ae:19:13:43:66:00:a9:2e:61:a6

Digest Algorithm

sha256

PE Digest Matches

false

40:f8:da:d6:d3:e1:de:c8:a1:6d:5f:9a:94:8d:8f:96:21:1d:bc:45
Signer

Actual PE Digest

40:f8:da:d6:d3:e1:de:c8:a1:6d:5f:9a:94:8d:8f:96:21:1d:bc:45

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ielangpack.pdb

Imports

advapi32

RegQueryValueExW
RegDeleteValueW
RegFlushKey
RegCloseKey
RegSetValueExW
RegCreateKeyExW

kernel32

GetCommandLineW
GetFileSize
FindResourceExW
CreateFileW
GetLastError
CloseHandle
GetTempFileNameW
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
WriteFile
Sleep
FormatMessageW
GetExitCodeProcess
GetProcAddress
RemoveDirectoryW
GetWindowsDirectoryW
DeleteFileW
LocalFree
LoadResource
EndUpdateResourceW
CopyFileW
SizeofResource
ReadFile
GetModuleFileNameW
BeginUpdateResourceW
LockResource
UpdateResourceW
DeleteCriticalSection
GetLocalTime
EnterCriticalSection
FlushFileBuffers
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
OutputDebugStringW
CreateDirectoryW
GetTickCount64
SetFilePointer
LocalAlloc
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
exit
wcschr
iswalpha
memset

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHFileOperationW

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40c3acce3e69f55263fcf22cd22c95dc

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

7d:66:35:72:09:75:0f:a1:10:c3:42:47:a7:6c:92:bf:b2:09:90:dc:f5:b1:ae:19:13:43:66:00:a9:2e:61:a6Signer

40:f8:da:d6:d3:e1:de:c8:a1:6d:5f:9a:94:8d:8f:96:21:1d:bc:45Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

shell32

shlwapi

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 28KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 864KB - Virtual size: 864KB

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

7d:66:35:72:09:75:0f:a1:10:c3:42:47:a7:6c:92:bf:b2:09:90:dc:f5:b1:ae:19:13:43:66:00:a9:2e:61:a6
Signer

40:f8:da:d6:d3:e1:de:c8:a1:6d:5f:9a:94:8d:8f:96:21:1d:bc:45
Signer

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 28KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 864KB - Virtual size: 864KB

.reloc
Size: 2KB - Virtual size: 1KB