2ae1695bdbecdb7f6d27805414e27b7cb1f2d714f9b005496abc79cfd0776f57N

Sharing

Copy URL Twitter E-mail

General

Target

2ae1695bdbecdb7f6d27805414e27b7cb1f2d714f9b005496abc79cfd0776f57N
Size

2.9MB
MD5

968499a90a14f8fc7949c2a53c8e4e10
SHA1

9be2ccf514b5bba55e6517bc2b48be4600d34bdd
SHA256

2ae1695bdbecdb7f6d27805414e27b7cb1f2d714f9b005496abc79cfd0776f57
SHA512

456d0b77efacca61f7c9814400e15b901324ac0d62ea0d95f13656bc7afb77b4c64be23ddef443b3dc48c97ee21030827cdccbbf75a01aa1b0083a3cb5ff8282
SSDEEP

49152:aGW+n9O5OLieju6EcTWnGZ8aEQHv8FJ9AE7BhvoNBPNpfqreSCUnD0DEWdCz4qQ:NnA5OLieju6aGZ8aNuAElhSD3gY4C

Score

1^/10

Malware Config

Signatures

Files

2ae1695bdbecdb7f6d27805414e27b7cb1f2d714f9b005496abc79cfd0776f57N
.exe windows:5 windows x86 arch:x86

cb41acd7b00b277e4243b9e9f05d709f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:19:03:ac:ad:f9:53:6f:b0:43:22:4f:86:a7:db:05
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/06/2016, 00:00

Not After

26/08/2019, 12:00

Subject

SERIALNUMBER=1897511,CN=SafeNet Canada\, Inc.,O=SafeNet Canada\, Inc.,POSTALCODE=K2E 7M6,STREET=Suite 200+STREET=20 Colonnade Road,L=Ottawa,ST=Ontario,C=CA,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:53:f4:2b:e4:a5:e1:8a:41:72:cd:a7:c4:94:77:48:63:4c:a4:9a:2c:1c:cf:09:b2:b5:64:a7:97:4e:d2:ca
Signer

Actual PE Digest

27:53:f4:2b:e4:a5:e1:8a:41:72:cd:a7:c4:94:77:48:63:4c:a4:9a:2c:1c:cf:09:b2:b5:64:a7:97:4e:d2:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Unicode\setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comctl32

ord17

kernel32

SizeofResource
LoadResource
FindResourceW
GlobalUnlock
GlobalLock
GlobalFree
GetTickCount
GetExitCodeThread
CreateThread
CopyFileW
InterlockedIncrement
GetVersionExW
CompareStringA
CompareStringW
CreateEventW
InterlockedDecrement
QueryPerformanceFrequency
lstrcatW
GetTempFileNameW
LoadLibraryW
FreeLibrary
GetProcAddress
GetSystemDefaultLangID
GetUserDefaultLangID
lstrcmpW
lstrcmpiW
VerLanguageNameW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
MoveFileW
GetPrivateProfileStringW
CreateDirectoryW
SetFileAttributesW
GetSystemTimeAsFileTime
LocalFree
FormatMessageW
GetSystemInfo
MulDiv
RaiseException
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
GetModuleHandleW
GetVersion
GetLocalTime
IsValidLocale
GetFileAttributesW
GetCommandLineW
lstrcpyA
VirtualQuery
IsBadReadPtr
FlushFileBuffers
SetEndOfFile
GetDriveTypeW
GetLocaleInfoW
GetCurrentThread
GetDiskFreeSpaceW
GetExitCodeProcess
LocalAlloc
GetModuleFileNameW
GlobalAlloc
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
LCMapStringA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
SetThreadContext
GetStringTypeA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
FatalAppExitA
GetModuleHandleA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
lstrcpynA
lstrcmpA
SearchPathW
lstrlenW
VirtualProtect
SystemTimeToFileTime
QueryPerformanceCounter
SetEvent
ResetEvent
GetCurrentProcessId
GetEnvironmentVariableW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetDateFormatW
GetTimeFormatW
GetCurrentDirectoryW
FindResourceExW
OpenProcess
GetProcessTimes
LockResource
ExpandEnvironmentStringsW
GetTempPathW
SetErrorMode
GetWindowsDirectoryW
lstrcpyW
GetSystemDirectoryW
SetCurrentDirectoryW
CreateProcessW
WaitForSingleObject
DeleteFileW
RemoveDirectoryW
Sleep
ExitProcess
GetCurrentProcess
DuplicateHandle
TerminateProcess
MoveFileExW
GetThreadContext
VirtualProtectEx
WriteProcessMemory
LoadLibraryA
FlushInstructionCache
lstrcpynW
GetProcessHeap
HeapAlloc
HeapFree
WriteFile
ReadFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
lstrlenA
GetLastError
SetLastError
GetStringTypeW
ResumeThread
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
InterlockedExchange
WriteConsoleA
GetConsoleOutputCP

user32

ExitWindowsEx
CharUpperW
wvsprintfW
SendDlgItemMessageW
CharPrevW
LoadImageW
CreateDialogParamW
MoveWindow
SetCursor
GetDlgItemTextW
GetWindow
SetFocus
EnableWindow
SetDlgItemTextW
SetForegroundWindow
SetActiveWindow
GetDlgCtrlID
FillRect
GetSysColor
GetSysColorBrush
SendMessageW
IsDialogMessageW
GetWindowRect
GetSystemMetrics
SetRect
FindWindowW
IntersectRect
SubtractRect
IsWindow
DestroyWindow
CreateDialogIndirectParamW
CharNextW
MessageBoxW
WaitForInputIdle
GetWindowLongW
SetWindowLongW
GetClientRect
ClientToScreen
SetWindowPos
GetWindowDC
ReleaseDC
EndPaint
BeginPaint
EndDialog
SetWindowTextW
GetDlgItem
ShowWindow
DialogBoxIndirectParamW
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageW
wsprintfW
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostMessageW
KillTimer
PostQuitMessage
SetTimer
GetDC

gdi32

GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
UnrealizeObject
SelectPalette
RealizePalette
CreateFontW
SetBkMode
SetTextColor
GetObjectW
GetDeviceCaps
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
CreateDIBitmap
DeleteDC
DeleteObject
GetStockObject
TranslateCharsetInfo

advapi32

RegEnumKeyW
RegCreateKeyW
LookupPrivilegeValueW
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromProgID
CoInitialize
CoCreateGuid
CreateItemMoniker
GetRunningObjectTable
StringFromGUID2
ProgIDFromCLSID
CoUninitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantClear
VarBstrFromDate
SysStringByteLen
GetErrorInfo
VarUI4FromStr
SystemTimeToVariantTime
CreateErrorInfo
SysAllocStringByteLen
SysAllocString
LoadTypeLi
RegisterTypeLi
SetErrorInfo
VariantChangeType
SysFreeString
SysAllocStringLen
SysReAllocStringLen
SysStringLen
VarBstrCat

rpcrt4

UuidCreate
RpcStringFreeW
UuidFromStringW
UuidToStringW

Sections

.text
Size: 697KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb41acd7b00b277e4243b9e9f05d709f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0a:19:03:ac:ad:f9:53:6f:b0:43:22:4f:86:a7:db:05Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

27:53:f4:2b:e4:a5:e1:8a:41:72:cd:a7:c4:94:77:48:63:4c:a4:9a:2c:1c:cf:09:b2:b5:64:a7:97:4e:d2:caSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

Sections

.text Size: 697KB - Virtual size: 696KB

.rdata Size: 164KB - Virtual size: 164KB

.data Size: 10KB - Virtual size: 34KB

.rsrc Size: 321KB - Virtual size: 320KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0a:19:03:ac:ad:f9:53:6f:b0:43:22:4f:86:a7:db:05
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

27:53:f4:2b:e4:a5:e1:8a:41:72:cd:a7:c4:94:77:48:63:4c:a4:9a:2c:1c:cf:09:b2:b5:64:a7:97:4e:d2:ca
Signer

.text
Size: 697KB - Virtual size: 696KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 10KB - Virtual size: 34KB

.rsrc
Size: 321KB - Virtual size: 320KB