0d42c76532e1f811ba1e34911976f04fa2616dbe9af1f6f9cdf75193ad9f482b[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0d42c76532e1f811ba1e34911976f04fa2616dbe9af1f6f9cdf75193ad9f482b.exe
Size

399KB
MD5

52f3d33b2ce1ae6640a20e19506b7acb
SHA1

09833b92ef643b687fc0e51c7bc6316011e30604
SHA256

0d42c76532e1f811ba1e34911976f04fa2616dbe9af1f6f9cdf75193ad9f482b
SHA512

f42ec9e70e823b9e8730a501d07c6c0a058a115799719ec903c1c872727278df0a6a2e794a9c1b7b0eb2cb054966e1d77e145772f9c81a4d603bcbced89a82c6
SSDEEP

12288:eBTKRTSs8TSQS9VfUn04DBxGJK9iYH3yNMZEbikDT:YKRES/65uCKT

Score

1^/10

Malware Config

Signatures

Files

0d42c76532e1f811ba1e34911976f04fa2616dbe9af1f6f9cdf75193ad9f482b.exe
.exe windows:5 windows x86 arch:x86

630e143197957138e0ff0c79adca7372

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:87:18:a7:54:f2:73:1d:87:ce:dd:cb:1e:57:0c:6c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/08/2015, 00:00

Not After

16/08/2016, 23:59

Subject

CN=\"TORRENT\"\, OOO,O=\"TORRENT\"\, OOO,POSTALCODE=236006,STREET=Admirala Tribuca\, 37,L=Kaliningrad,ST=Kaliningrad,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:07:f1:9b:36:02:03:b1:c0:66:43:75:94:6b:fa:d4:f4:7d:58:58
Signer

Actual PE Digest

b2:07:f1:9b:36:02:03:b1:c0:66:43:75:94:6b:fa:d4:f4:7d:58:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipAlloc
GdipFree
GdipCloneImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipLoadImageFromStream
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSaveImageToStream
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdipGetImageHeight

kernel32

GetModuleHandleW
LocalFlags
WriteFile
OpenProcess
Sleep
FormatMessageW
GetFileAttributesW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
GetLastError
SetLastError
RegisterWaitForSingleObject
LocalAlloc
CreateFileMappingW
CreateEventW
WaitForMultipleObjects
lstrcmpiW
GetCurrentThreadId
DuplicateHandle
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
UnregisterWaitEx
LocalFree
MulDiv
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
InterlockedDecrement
InterlockedExchange
ResetEvent
WideCharToMultiByte
FindResourceExW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
MoveFileW
SetEvent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
ExpandEnvironmentStringsA
GetFileAttributesA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
RtlUnwind
GetCommandLineW
LoadLibraryExW
GetProcAddress
ExitThread
CreateThread
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
GetProcessHeap
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedCompareExchange
WaitForSingleObject
SetFilePointerEx
InterlockedIncrement
UnmapViewOfFile
MapViewOfFile
CreateMutexW
GetConsoleMode
GetConsoleCP
OutputDebugStringW
HeapReAlloc
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
SetStdHandle
WriteConsoleW
InitializeCriticalSection

user32

PostMessageW
LoadBitmapW
FillRect
GetDlgItem
LoadIconW
AdjustWindowRect
MoveWindow
UpdateWindow
MessageBoxW
DrawTextExW
SetCursor
LoadCursorW
CheckDlgButton
IsDlgButtonChecked
PostQuitMessage
BeginPaint
GetMessageW
FindWindowW
GetWindowTextW
GetSysColorBrush
GetSysColor
GetClientRect
GetWindowRect
SetWindowLongW
RegisterClassW
GetWindowLongW
SetWindowTextW
DestroyIcon
GetIconInfo
SendMessageW
GetDC
ReleaseDC
GetSystemMetrics
DestroyWindow
RemovePropW
RegisterWindowMessageW
SetTimer
KillTimer
DrawTextW
EndPaint
TranslateMessage
RegisterClassExW
ShowWindow
SendMessageTimeoutW
IsWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
DispatchMessageW
EnableWindow

gdi32

SetBkMode
GetDeviceCaps
GetObjectW
CreateFontW
SetBkColor
DeleteObject
SelectObject
DeleteDC
GetStockObject
CreateCompatibleDC
BitBlt
SetTextColor
GetCharWidth32W

advapi32

CryptAcquireContextW
RegQueryValueExW
RegEnumKeyExA
RegQueryInfoKeyW
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptHashData
ConvertSidToStringSidW
CryptDestroyHash
CryptCreateHash
LookupAccountNameW
CryptGetHashParam
CryptReleaseContext

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHGetFileInfoW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx
CoUninitialize
GetHGlobalFromStream
CoCreateInstance

oleaut32

VarI4FromStr
VarUI8FromStr

winhttp

WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetTimeouts
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption

urlmon

ObtainUserAgentString

shlwapi

StrCmpNA
PathAppendW
AssocQueryStringW
AssocQueryStringA
StrCmpNW

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

630e143197957138e0ff0c79adca7372

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

13:87:18:a7:54:f2:73:1d:87:ce:dd:cb:1e:57:0c:6cCertificate

Extended Key Usages

Key Usages

b2:07:f1:9b:36:02:03:b1:c0:66:43:75:94:6b:fa:d4:f4:7d:58:58Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

urlmon

shlwapi

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 16KB - Virtual size: 39KB

.rsrc Size: 64KB - Virtual size: 64KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

13:87:18:a7:54:f2:73:1d:87:ce:dd:cb:1e:57:0c:6c
Certificate

b2:07:f1:9b:36:02:03:b1:c0:66:43:75:94:6b:fa:d4:f4:7d:58:58
Signer

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 16KB - Virtual size: 39KB

.rsrc
Size: 64KB - Virtual size: 64KB