80c2a36e9a14e3edba0b706d2433d9b8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

80c2a36e9a14e3edba0b706d2433d9b8.exe
Size

2.7MB
MD5

80c2a36e9a14e3edba0b706d2433d9b8
SHA1

03ac191b235b3a867539720070a5e6ca1108b4f2
SHA256

154dae39845abef889af814bd6ad84283374c90ecece891addc362384afdd882
SHA512

ac030656796130a3949e66f537044a27630c43b5827dd252cfab9c215e1b51ddd279f6f82911b1c728b19ac110b0a41d8d5ccef32fee97e07407b77b89728c8b
SSDEEP

49152:MBjwz++TjZgdXCs6xTqVRoITZE87wajH/Qc9d1OF:yoz37p805cVO

Score

1^/10

Malware Config

Signatures

Files

80c2a36e9a14e3edba0b706d2433d9b8.exe
.exe windows:5 windows x86 arch:x86

03338d7801a2b5a198bb18f8db55defc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:af:ec:00:e2:a3:45:c4:42:d3:60:11:05:4e:91:56
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

17/04/2018, 00:00

Not After

16/04/2020, 23:59

Subject

CN=Cybertron Software Co.\, Ltd,OU=Software Development Department,O=Cybertron Software Co.\, Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:af:ec:00:e2:a3:45:c4:42:d3:60:11:05:4e:91:56
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

17/04/2018, 00:00

Not After

16/04/2020, 23:59

Subject

CN=Cybertron Software Co.\, Ltd,OU=Software Development Department,O=Cybertron Software Co.\, Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:1a:7b:19:e1:f3:c7:7b:42:d6:44:6d:c6:56:30:a8:e3:48:0b:84:21:a3:74:58:8e:c5:e2:60:34:a9:1f:a1
Signer

Actual PE Digest

76:1a:7b:19:e1:f3:c7:7b:42:d6:44:6d:c6:56:30:a8:e3:48:0b:84:21:a3:74:58:8e:c5:e2:60:34:a9:1f:a1

Digest Algorithm

sha256

PE Digest Matches

false

91:84:5f:d2:d3:8a:f2:e7:bc:86:98:b3:c4:a7:5f:08:7f:9d:3a:2d
Signer

Actual PE Digest

91:84:5f:d2:d3:8a:f2:e7:bc:86:98:b3:c4:a7:5f:08:7f:9d:3a:2d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\PD3\bin\Release\PrivacyDrive.pdb

Imports

kernel32

GetWindowsDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateDirectoryW
GetDateFormatW
SystemTimeToFileTime
GetLocaleInfoW
GetTimeFormatW
FileTimeToSystemTime
FormatMessageW
ReadConsoleW
GetCurrentThreadId
OpenFileMappingW
OpenMutexW
CreateMutexW
lstrcatW
lstrlenW
lstrcpynW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringW
GetDriveTypeW
GetVolumeInformationW
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleW
WaitForMultipleObjects
SetErrorMode
VirtualFree
FlushInstructionCache
VirtualAlloc
GetVersionExA
LoadResource
LockResource
SizeofResource
FindResourceW
VirtualProtect
TryEnterCriticalSection
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
LoadLibraryExW
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
DeleteCriticalSection
GetFileType
LCMapStringW
GetStringTypeW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwind
FindClose
FileTimeToLocalFileTime
FindFirstFileW
LocalFree
SetFilePointerEx
DeleteFileW
GetFileAttributesW
GetDiskFreeSpaceExW
TerminateThread
CreateEventW
SetEvent
Sleep
DeviceIoControl
GetDiskFreeSpaceW
GetVolumePathNameW
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
CreateThread
SetLastError
GetFileSizeEx
ReadFile
GetLastError
WriteFile
GetLocalTime
CloseHandle
SetFilePointer
CreateFileW
RaiseException
GetCommandLineW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetFileAttributesExW
GetLongPathNameW
GetEnvironmentVariableW
GetFullPathNameW
GetProcessHeap
GetLogicalDrives
HeapFree
GetCurrentProcess
HeapAlloc
SetEndOfFile

user32

SetFocus
IsWindow
IsWindowVisible
SetClipboardData
EmptyClipboard
UpdateLayeredWindow
TrackPopupMenu
AppendMenuW
GetMenuStringW
CreatePopupMenu
GetSystemMenu
EndPaint
BeginPaint
DestroyWindow
UnregisterClassW
TrackMouseEvent
ClientToScreen
SetCapture
ReleaseCapture
GetWindowRect
GetKeyState
EnumDisplayDevicesW
EnumDisplaySettingsW
IsIconic
SetWindowPos
SetActiveWindow
IsWindowEnabled
EnableWindow
SystemParametersInfoW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
SetTimer
KillTimer
MoveWindow
GetDC
ReleaseDC
SetWindowLongW
CallWindowProcW
GetWindowLongW
GetDlgItem
DrawTextW
CreateWindowExW
RedrawWindow
GetSystemMetrics
OpenClipboard
GetClipboardData
CloseClipboard
GetWindow
GetPropW
MessageBoxW
ShowWindow
GetDesktopWindow
GetParent
SetCursorPos
mouse_event
PostThreadMessageW
PostMessageA
SetForegroundWindow
SetPropW
LoadIconW
ShowCursor
GetCursorPos
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
PeekMessageW
EnumWindows
EnumChildWindows
GetWindowTextW
GetClassNameW
PostMessageW
SendMessageW
PtInRect
DefWindowProcW
SetMenuDefaultItem
DestroyMenu
EnableMenuItem
DestroyIcon
LoadImageW
RegisterClassExW
RegisterWindowMessageW
EndDialog
GetActiveWindow
IsZoomed
SetWindowPlacement
GetWindowPlacement
UnregisterHotKey
RegisterHotKey

gdi32

DeleteObject
EnumFontFamiliesW
SelectObject
GetStockObject
CreateCompatibleDC
DeleteDC
CreateDIBSection

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
RegSetValueExW
GetUserNameW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountNameW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
StartServiceW
ControlService
DeleteService
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
RegCreateKeyW
RegSetValueW
RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

shell32

ShellExecuteExW
SHFormatDrive
SHGetFileInfoW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
DragQueryFileW
Shell_NotifyIconW
SHFileOperationW
ShellExecuteW
SHAddToRecentDocs
SHGetSpecialFolderPathW

ole32

RevokeDragDrop
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium
OleUninitialize
OleInitialize
RegisterDragDrop
CreateStreamOnHGlobal

rpcrt4

NdrClientCall2
RpcBindingFromStringBindingW
RpcBindingFree
RpcEpResolveBinding
RpcStringFreeW
RpcStringBindingComposeW

gdiplus

GdipCreatePen1
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipGetRegionBounds
GdipGetRegionScansI
GdipGetRegionScansCount
GdipClonePen
GdiplusShutdown
GdiplusStartup
GdipAddPathRectangleI
GdipDrawEllipse
GdipDrawPath
GdipFillRectangleI
GdipSetSolidFillColor
GdipSetSmoothingMode
GdipCreateBitmapFromGraphics
GdipSetLineColors
GdipAddPathPath
GdipSetPathMarker
GdipStartPathFigure
GdipAddPathLine
GdipGetPathLastPoint
ord1
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteFont
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapSetResolution
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipGetFontHeightGivenDPI
GdipSetPenDashStyle
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCloneBitmapAreaI
GdipCloneImage
GdipDisposeImage
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetLinePresetBlend
GdipCreateLineBrushI
GdipSetPathGradientCenterColor
GdipCreateTexture
GdipCreateLineBrush
GdipSetPenColor
GdipSetPenDashArray
GdipDeletePen
GdipMeasureCharacterRanges
GdipDrawString
GdipCreateSolidFill
GdipMeasureString
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipAddPathLineI
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipCreateHatchBrush
GdipSetPathGradientFocusScales
GdipSetPathGradientPresetBlend
GdipCloneBrush
GdipSetStringFormatMeasurableCharacterRanges
GdipCloneStringFormat
GdipSetStringFormatTabStops
GdipFillPie
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreatePathGradientFromPath
GdipDeleteRegion
GdipCreateRegion
GdipDeletePath
GdipCreatePath
GdipGetImageWidth
GdipGetImageHeight
GdipSetStringFormatLineAlign
GdipGraphicsClear
GdipGetDpiX
GdipGetDpiY
GdipSetClipPath
GdipSetClipRectI
GdipSetClipRegion
GdipGetClip
GdipTranslateWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipDrawLine
GdipSetImageAttributesGamma
GdipDrawImage
GdipDrawRectangle
GdipFillRectangle
GdipFillPath
GdipCreateStringFormat

shlwapi

PathFileExistsW
SHDeleteKeyW

mpr

WNetGetConnectionW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03338d7801a2b5a198bb18f8db55defc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6b:af:ec:00:e2:a3:45:c4:42:d3:60:11:05:4e:91:56Certificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

6b:af:ec:00:e2:a3:45:c4:42:d3:60:11:05:4e:91:56Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

76:1a:7b:19:e1:f3:c7:7b:42:d6:44:6d:c6:56:30:a8:e3:48:0b:84:21:a3:74:58:8e:c5:e2:60:34:a9:1f:a1Signer

91:84:5f:d2:d3:8a:f2:e7:bc:86:98:b3:c4:a7:5f:08:7f:9d:3a:2dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

rpcrt4

gdiplus

shlwapi

mpr

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 356KB - Virtual size: 356KB

.data Size: 59KB - Virtual size: 82KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6b:af:ec:00:e2:a3:45:c4:42:d3:60:11:05:4e:91:56
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

6b:af:ec:00:e2:a3:45:c4:42:d3:60:11:05:4e:91:56
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

76:1a:7b:19:e1:f3:c7:7b:42:d6:44:6d:c6:56:30:a8:e3:48:0b:84:21:a3:74:58:8e:c5:e2:60:34:a9:1f:a1
Signer

91:84:5f:d2:d3:8a:f2:e7:bc:86:98:b3:c4:a7:5f:08:7f:9d:3a:2d
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 356KB - Virtual size: 356KB

.data
Size: 59KB - Virtual size: 82KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB