2ddc44c8364eaf7f56dcd5f8d1346f1251ffb949c834ed2c684b64eeeeedfceeN

Sharing

Copy URL

Twitter E-mail

General

Target

2ddc44c8364eaf7f56dcd5f8d1346f1251ffb949c834ed2c684b64eeeeedfceeN
Size

3.0MB
MD5

22330ac876aa20f446242c0f17272e40
SHA1

7956f2b738cf78e0c8068a2f621b42b72f3f5566
SHA256

2ddc44c8364eaf7f56dcd5f8d1346f1251ffb949c834ed2c684b64eeeeedfcee
SHA512

5505d4ab0cf63346c0ffdeab974fa8aa5f38f150e103f385ae7003085b9017101b21b7d943e200d57ae3443f732af675f419980179c0c1d7c355adfdda03ab6d
SSDEEP

49152:Ya6IBvRubraUW812TTXqj2o5k3Kyk/cPqmojQ/GG6fRE7Ddw6+Cwv:RnhRuxWadaU/6qmbf6fRD+wv

Score

1^/10

Malware Config

Signatures

Files

2ddc44c8364eaf7f56dcd5f8d1346f1251ffb949c834ed2c684b64eeeeedfceeN
.exe windows:5 windows x86 arch:x86

a8bba8d8f63b2f6c3fc6d63b1efc4cdc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:a5:11:a5:65:dc:10:22:cc:d7:ba:41:e2:e4:18:fe:65
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25-06-2012 09:04

Not After

26-06-2015 09:04

Subject

CN=337 Technology Limited,O=337 Technology Limited,L=香港,ST=香港,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:3d:27:c9:37:d1:6b:39:6f:d0:7a:37:0f:66:7d:e6:e2:14:01:4c
Signer

Actual PE Digest

fc:3d:27:c9:37:d1:6b:39:6f:d0:7a:37:0f:66:7d:e6:e2:14:01:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ecyber\sc\bin.32\e7zInstaller.pdb

Imports

kernel32

GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
FindFirstFileW
SetFileTime
FindClose
SetFileAttributesW
CreateDirectoryW
GetModuleFileNameW
GetTempFileNameA
RemoveDirectoryW
FindNextFileW
DeleteFileW
GetTempPathA
LocalFree
WideCharToMultiByte
MultiByteToWideChar
CreateMutexW
GetProcAddress
GetModuleHandleW
GetEnvironmentVariableW
Sleep
CreateProcessW
WaitForSingleObject
GetStringTypeW
FlushFileBuffers
WriteConsoleW
LCMapStringW
SetStdHandle
HeapReAlloc
LoadLibraryW
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapFree
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapSize
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetFileType
DeleteCriticalSection
GetStartupInfoW
RaiseException
SetLastError
InterlockedIncrement
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetEndOfFile

user32

wsprintfW

shell32

ord165
CommandLineToArgvW
ord680
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8bba8d8f63b2f6c3fc6d63b1efc4cdc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:a5:11:a5:65:dc:10:22:cc:d7:ba:41:e2:e4:18:fe:65Certificate

Extended Key Usages

Key Usages

fc:3d:27:c9:37:d1:6b:39:6f:d0:7a:37:0f:66:7d:e6:e2:14:01:4cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

version

shlwapi

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 21KB

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 17KB - Virtual size: 17KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:a5:11:a5:65:dc:10:22:cc:d7:ba:41:e2:e4:18:fe:65
Certificate

fc:3d:27:c9:37:d1:6b:39:6f:d0:7a:37:0f:66:7d:e6:e2:14:01:4c
Signer

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 21KB

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 17KB - Virtual size: 17KB