1ba20aecf05f1f69608ac667b0d17d81ddc92ea3a9f24a020c32280ec7128fe7N

Sharing

Copy URL Twitter E-mail

General

Target

1ba20aecf05f1f69608ac667b0d17d81ddc92ea3a9f24a020c32280ec7128fe7N
Size

313KB
MD5

3abe1a9830afff0f9e26e3623c2fafa0
SHA1

6d462b1b4d6d30ebdfe6b8dc13fe33bd6eff2916
SHA256

1ba20aecf05f1f69608ac667b0d17d81ddc92ea3a9f24a020c32280ec7128fe7
SHA512

9583de3be46ef6abfffd90ba0e8b8a9c9b13e703b81d8e50e6944b67aba804c6d065c7cd347b3eb8b67731c6241a670c1c4dc6bf7040110092f4f92841860dc4
SSDEEP

6144:pRXKqPQ7RgVRj/ncIfagkrfZT2QKh3PfcKrKywD6O:mq4FgVRj/ncMC/KpdGy2

Score

1^/10

Malware Config

Signatures

Files

1ba20aecf05f1f69608ac667b0d17d81ddc92ea3a9f24a020c32280ec7128fe7N
.exe windows:5 windows x86 arch:x86

c2e9513bf87a9fbb99c9e872c43b84ed

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:e6:5a:d8:07:b8:49:7b:07:49:d4:15:68:d6:26:d0
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/07/2015, 00:00

Not After

13/07/2018, 12:00

Subject

CN=Mozilla Corporation,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:48:90:33:2c:fc:7c:13:3c:4a:49:4a:af:57:cf:ef:d8:59:d6:e0
Signer

Actual PE Digest

33:48:90:33:2c:fc:7c:13:3c:4a:49:4a:af:57:cf:ef:d8:59:d6:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\obj-firefox\toolkit\mozapps\update\updater\updater.pdb

Imports

kernel32

CopyFileW
WideCharToMultiByte
GetTempFileNameW
LocalAlloc
SetLastError
GetCurrentProcess
FreeLibrary
WriteFile
GetDriveTypeW
DeleteFileW
MoveFileW
DecodePointer
CreateProcessW
GetTimeZoneInformation
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
FlushFileBuffers
SetFilePointerEx
LocalFree
MoveFileExW
UnlockFile
CloseHandle
GetLastError
FormatMessageW
GetPrivateProfileStringW
OpenProcess
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
SetEndOfFile
SetFilePointer
LockFile
GetLongPathNameW
FindNextFileW
FindFirstFileW
Sleep
MultiByteToWideChar
DeactivateActCtx
GetModuleFileNameW
ActivateActCtx
CreateActCtxW
LoadLibraryExW
SetDllDirectoryW
GetModuleHandleW
GetProcAddress
HeapSize
GetSystemDirectoryW
LCMapStringW
CompareStringW
GetFullPathNameW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
CreateDirectoryW
SetStdHandle
RemoveDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetFileAttributesW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
ReadFile
ExitProcess
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW

user32

SetTimer
wsprintfW
GetWindowLongW
GetWindowRect
GetDC
SetWindowPos
ScreenToClient
ReleaseDC
EndDialog
SetWindowTextW
OffsetRect
SendMessageW
CopyRect
LoadIconW
SetWindowLongW
GetClientRect
GetDlgItem
DrawTextW
GetDesktopWindow
GetParent
DialogBoxParamW

gdi32

SelectObject

advapi32

SystemFunction036
CloseServiceHandle
OpenSCManagerA
StartServiceW
QueryServiceConfigW
OpenServiceW
QueryServiceStatusEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptDestroyKey
CryptVerifySignatureA
CryptAcquireContextA
CryptCreateHash
CryptHashData
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

wintrust

WinVerifyTrust

shell32

ShellExecuteExW

shlwapi

PathStripToRootW
PathCommonPrefixW
PathRemoveFileSpecW
PathAppendW
PathUnquoteSpacesW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2e9513bf87a9fbb99c9e872c43b84ed

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:e6:5a:d8:07:b8:49:7b:07:49:d4:15:68:d6:26:d0Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:48:90:33:2c:fc:7c:13:3c:4a:49:4a:af:57:cf:ef:d8:59:d6:e0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

wintrust

shell32

shlwapi

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 3KB - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 236B

.rsrc Size: 95KB - Virtual size: 95KB

.reloc Size: 7KB - Virtual size: 7KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:e6:5a:d8:07:b8:49:7b:07:49:d4:15:68:d6:26:d0
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:48:90:33:2c:fc:7c:13:3c:4a:49:4a:af:57:cf:ef:d8:59:d6:e0
Signer

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 236B

.rsrc
Size: 95KB - Virtual size: 95KB

.reloc
Size: 7KB - Virtual size: 7KB