369f918e483f886d9770384e79b56a90e33f694c30f761185ef1b8497f1dbb34N

Sharing

Copy URL Twitter E-mail

General

Target

369f918e483f886d9770384e79b56a90e33f694c30f761185ef1b8497f1dbb34N
Size

1005KB
MD5

2470016a3301e94d7ddfcf63a3c31c30
SHA1

1923b696a34b4d01464bc249d836ff7feac36b3c
SHA256

369f918e483f886d9770384e79b56a90e33f694c30f761185ef1b8497f1dbb34
SHA512

3b9f45c058d3c239823f446d6b6bca8b273a8c94e01f3b4a67868aeccf194c4979fcdea80d411630c8b366ee36432379e3745805fdfd00ef057c2462de6974d3
SSDEEP

24576:Tex7y2zxXDu8rdWq59wGZyEaXlYmY0t9jFyTz5yeb9tEVJm9IB8:T2hDuQ9w4wXlxh0z5yeIu9IB8

Score

1^/10

Malware Config

Signatures

Files

369f918e483f886d9770384e79b56a90e33f694c30f761185ef1b8497f1dbb34N
.exe windows:5 windows x86 arch:x86

d157e43bb07ff49b32438845d3aa5152

Code Sign

61:a5:7d:2d:6b:0c:93:d4:cd:8d:ce:5b:ba:b1:fc:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/03/2009, 00:00

Not After

17/03/2010, 23:59

Subject

CN=PlaySushi.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PlaySushi.com,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:41:aa:a6:ac:46:6c:4a:3e:b2:c3:22:b9:43:41:ff:8c:ae:3d:d7
Signer

Actual PE Digest

5c:41:aa:a6:ac:46:6c:4a:3e:b2:c3:22:b9:43:41:ff:8c:ae:3d:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrNCatA
StrToIntA
StrStrA
StrStrIA
wnsprintfA
StrChrA

rpcrt4

UuidCreate
UuidToStringA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
Sleep
CreateThread
GetLocalTime
GetVersionExA
lstrcpyA
GetTickCount
GetCurrentProcessId
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
MoveFileExA
GetExitCodeProcess
lstrcatA
GetModuleFileNameA
WinExec
GetTempPathA
lstrcmpiA
GetFileAttributesA
FindFirstFileA
FindClose
FindNextFileA
GetModuleHandleA
ExitProcess
GetLastError
CreateMutexA
MultiByteToWideChar
LocalAlloc
LocalFree
OpenProcess
TerminateProcess
GetFullPathNameA
DosDateTimeToFileTime
SetFileTime
GetFileTime
LocalFileTimeToFileTime
GetEnvironmentStringsW
lstrlenA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapReAlloc
VirtualAlloc
DeleteFileA
VirtualFree
HeapCreate
LeaveCriticalSection
EnterCriticalSection
RaiseException
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
GetLocaleInfoA
HeapSize
InitializeCriticalSectionAndSpinCount
SetStdHandle
LoadLibraryA
SetHandleCount
GetFileType
QueryPerformanceCounter
RtlUnwind
ReadFile
GetConsoleCP
GetConsoleMode
SetFilePointer
GetStringTypeA
GetStringTypeW
GetProcAddress
GetCurrentProcess
FreeLibrary
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
CreateFileA
CloseHandle
CreateToolhelp32Snapshot
Process32Next
Process32First
lstrcpynA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DeleteCriticalSection
FlushFileBuffers
SetEndOfFile
FreeEnvironmentStringsW

user32

SetWindowTextA
GetWindowDC
DrawFocusRect
GetDlgItem
EnableWindow
CheckRadioButton
IsDlgButtonChecked
GetWindowTextLengthA
RedrawWindow
DrawTextA
GetDlgCtrlID
SetCursor
SetFocus
EndPaint
GetKeyState
GetFocus
LoadBitmapA
PeekMessageA
IsWindowEnabled
BeginPaint
GetDC
GetWindowTextA
SetWindowLongA
InvalidateRect
ReleaseDC
PostMessageA
UpdateWindow
DestroyWindow
keybd_event
GetMessageA
GetWindowRect
RegisterClassExA
PostQuitMessage
LoadIconA
GetClientRect
SendMessageA
IsDialogMessageA
TranslateMessage
MapVirtualKeyA
MessageBoxA
GetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
DispatchMessageA
SystemParametersInfoA
LoadCursorA
MoveWindow
ExitWindowsEx
GetWindowThreadProcessId
EnumWindows
GetClassNameA
GetParent
FillRect

gdi32

CreateSolidBrush
BitBlt
SetTextColor
DeleteDC
CreateFontA
SetBkMode
DeleteObject
SetBkColor
CreateCompatibleDC
GetTextExtentPointA
GetObjectA
GetStockObject
TextOutA
SelectObject
CreateDIBitmap

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
OpenProcessToken
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegEnumKeyA
RegSetValueExA
RegDeleteKeyA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueA
SetFileSecurityA
AdjustTokenPrivileges
RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA
SHGetFolderPathA

ole32

CoTaskMemAlloc

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 821KB - Virtual size: 821KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d157e43bb07ff49b32438845d3aa5152

Code Sign

61:a5:7d:2d:6b:0c:93:d4:cd:8d:ce:5b:ba:b1:fc:68Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

5c:41:aa:a6:ac:46:6c:4a:3e:b2:c3:22:b9:43:41:ff:8c:ae:3d:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

rpcrt4

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 14KB - Virtual size: 23KB

.cdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 821KB - Virtual size: 821KB

.reloc Size: 14KB - Virtual size: 13KB

61:a5:7d:2d:6b:0c:93:d4:cd:8d:ce:5b:ba:b1:fc:68
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5c:41:aa:a6:ac:46:6c:4a:3e:b2:c3:22:b9:43:41:ff:8c:ae:3d:d7
Signer

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 14KB - Virtual size: 23KB

.cdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 821KB - Virtual size: 821KB

.reloc
Size: 14KB - Virtual size: 13KB