63961bc6dfdf5c5114b368249d90d2a7b16c9d6368138f2ac8d7b68ef48240dbN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

63961bc6dfdf5c5114b368249d90d2a7b16c9d6368138f2ac8d7b68ef48240dbN.exe
Size

1.7MB
MD5

fe1309f1f33d4fc8d2d190c307e71490
SHA1

5b7e19b245da1f9cafa322e4c433d0e65c0cb6cd
SHA256

63961bc6dfdf5c5114b368249d90d2a7b16c9d6368138f2ac8d7b68ef48240db
SHA512

12351b6d24ffc0c202a0dd2d4ee00ec1de3e33c5351d586c303b789a656a3f4f328839e13ca4a2332975ae94117f318771b7e02221bace644b92c6f525e9845a
SSDEEP

24576:KjlJdSTTnJOpyTACBeccWvEQS3/M9DLwOSyjaWEYdLCDWMqDloROYy0erBftrEHD:nTVUWvEt3URPjkALCDWM+OkY6c

Score

1^/10

Malware Config

Signatures

Files

63961bc6dfdf5c5114b368249d90d2a7b16c9d6368138f2ac8d7b68ef48240dbN.exe
.exe windows:4 windows x86 arch:x86

0ba4d558e77d68fccf57e1fc8501b0dd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:47:1f:7b:ed:57:b9:69:ba:f0:16:92:03:b9:cf:63
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

08-12-2014 00:00

Not After

06-12-2016 23:59

Subject

CN=Clickteam,O=Clickteam,L=Paris,ST=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

94:81:27:a5:a2:44:30:5d:e3:61:27:e5:5f:b1:bc:c2:49:7d:0b:72
Signer

Actual PE Digest

94:81:27:a5:a2:44:30:5d:e3:61:27:e5:5f:b1:bc:c2:49:7d:0b:72

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetFileType
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
LockResource
LoadResource
FindResourceA
lstrcpynA
SetCurrentDirectoryA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryExA
GetCurrentDirectoryA
GetStdHandle
GetCurrentThreadId
GetVersionExA
lstrcmpA
MapViewOfFile
CloseHandle
CreateFileMappingA
GetFileSize
CreateFileA
UnmapViewOfFile
GetFileTime
IsBadReadPtr
SizeofResource
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetACP
HeapSize
TerminateProcess
HeapReAlloc
ExitThread
CreateThread
GetSystemTimeAsFileTime
ExitProcess
GetCommandLineA
GetStartupInfoA
GetSystemTime
GetTimeZoneInformation
SetEnvironmentVariableA
CreateDirectoryA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
FindResourceExA
GetTempFileNameA
GetTempPathA
DeleteFileA
GetDriveTypeA
FormatMessageA
SetLastError
GetLastError
GetProfileStringA
GetOEMCP
GetCPInfo
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrlenW
GlobalFlags
GetProfileIntA
GetProcessVersion
GetTickCount
GetCurrentThread
FindNextFileA
VirtualProtect
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
ResumeThread
WaitForSingleObject
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
FindFirstFileA
FindClose
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetCurrentProcess
DuplicateHandle
MulDiv
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
WriteFile
GlobalLock
GlobalUnlock
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
SetThreadPriority
LeaveCriticalSection
Sleep
MultiByteToWideChar
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalFree
GetFileAttributesA
SearchPathA
GetWindowsDirectoryA
CopyFileA
LoadLibraryA
GetVolumeInformationA
GetComputerNameA
lstrcpyA
lstrcatA
GetExitCodeProcess
GetLocalTime
lstrlenA
WinExec
GetDiskFreeSpaceA

user32

DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
InsertMenuA
CreateMenu
CharNextA
GetNextDlgGroupItem
RemoveMenu
wvsprintfA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetScrollRange
GetScrollPos
GetTopWindow
MessageBoxA
RegisterClassA
GetWindowTextLengthA
GetDlgCtrlID
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
TranslateAcceleratorA
TrackPopupMenu
GetWindowTextA
GetWindowPlacement
LockWindowUpdate
IsClipboardFormatAvailable
DestroyCursor
GetNextDlgTabItem
ShowScrollBar
SetScrollPos
EnableScrollBar
FrameRect
ShowCursor
LoadIconA
GetMessageA
GetDesktopWindow
RegisterClipboardFormatA
GetKeyboardState
ToAsciiEx
LoadAcceleratorsA
CopyAcceleratorTableA
CreateAcceleratorTableA
TranslateMessage
DispatchMessageA
WaitMessage
DrawStateA
GetKeyboardLayout
MapVirtualKeyExA
IsCharLowerA
CreatePopupMenu
SetMenuDefaultItem
InvertRect
GetMenuDefaultItem
UnionRect
ValidateRect
CharUpperBuffA
DrawFrameControl
IsMenu
GetClassLongA
GetMenuItemInfoA
GetMenuStringA
DestroyMenu
CheckMenuItem
WindowFromPoint
CharUpperA
IsChild
GetClassInfoA
DestroyAcceleratorTable
BeginDeferWindowPos
EqualRect
EndDeferWindowPos
GetMenuItemCount
GetMenuItemID
ModifyMenuA
DeleteMenu
IsIconic
GetMenu
SetMenu
SystemParametersInfoA
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
DrawIconEx
WinHelpA
MessageBeep
IsRectEmpty
CopyImage
GetIconInfo
GetFocus
MapVirtualKeyA
IsZoomed
PostThreadMessageA
PeekMessageA
PostQuitMessage
LoadImageA
DestroyIcon
GetAsyncKeyState
CopyRect
DrawTextA
IsWindowVisible
SetTimer
KillTimer
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
GetSystemMenu
AppendMenuA
SetRect
GetSystemMetrics
AdjustWindowRect
GetDCEx
GetMessagePos
ScreenToClient
EnumChildWindows
SetRectEmpty
EnableMenuItem
UnhookWindowsHookEx
RegisterClassExA
GetClassInfoExA
RegisterWindowMessageA
SetWindowsHookExA
CallNextHookEx
ClientToScreen
SetCursorPos
ReleaseCapture
GetWindowDC
DrawFocusRect
GetCapture
SetCapture
SetFocus
CallWindowProcA
BeginPaint
EndPaint
DefWindowProcA
GetKeyState
GetWindowThreadProcessId
SetParent
UnpackDDElParam
ReuseDDElParam
SetWindowContextHelpId
ShowOwnedPopups
MapDialogRect
GrayStringA
TabbedTextOutA
GetMenuState
LoadCursorA
SetCursor
GetDlgItem
DialogBoxParamA
RedrawWindow
GetWindowLongA
IsDlgButtonChecked
EndDialog
CheckDlgButton
SetWindowPos
DestroyWindow
GetParent
SetWindowRgn
BringWindowToTop
ShowWindow
UpdateWindow
CreateWindowExA
SetWindowLongA
PtInRect
SendDlgItemMessageA
GetSysColorBrush
InflateRect
OffsetRect
DrawEdge
FillRect
LoadBitmapA
IsWindow
PostMessageA
LoadMenuA
GetSubMenu
GetCursorPos
GetWindow
GetWindowRect
GetClassNameA
LoadStringA
wsprintfA
IntersectRect
GetSysColor
GetDC
ReleaseDC
GetClientRect
MapWindowPoints
InvalidateRect
EnableWindow
SendMessageA
ShowCaret
HideCaret
UnregisterClassA
GetKeyNameTextA

gdi32

StretchBlt
GetPixel
SetPixel
GetBkColor
Polygon
CreateDIBSection
Ellipse
OffsetRgn
GetTextColor
ExtFloodFill
SetPaletteEntries
PtInRegion
CreatePolygonRgn
FrameRgn
SetPixelV
GetClipBox
SaveDC
RestoreDC
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
MoveToEx
LineTo
SelectPalette
ExtSelectClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
GetMapMode
SetRectRgn
DPtoLP
EnumFontFamiliesExA
LPtoDP
CopyMetaFileA
GetDIBits
CreateDIBitmap
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateRectRgnIndirect
GetPaletteEntries
GetNearestPaletteIndex
IntersectClipRect
GetTextExtentPoint32A
SelectClipRgn
DeleteDC
CreateCompatibleBitmap
SetBkMode
SetTextAlign
GetStockObject
SetTextColor
CreateFontIndirectA
CreateBitmap
CreatePatternBrush
PatBlt
CreateHatchBrush
SelectObject
Rectangle
CreateRectRgn
CombineRgn
DeleteObject
CreateSolidBrush
GetObjectA
CreateCompatibleDC
BitBlt
CreatePen
RealizePalette
StretchDIBits
SetBkColor
ExtTextOutA
GetDeviceCaps
GetSystemPaletteEntries
GetTextExtentPointA
CreatePalette

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
RegSetValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegCreateKeyA
SetFileSecurityA
GetFileSecurityA
RegQueryValueA

shell32

DragFinish
ExtractIconA
SHBrowseForFolderA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
DragQueryFileA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_DrawEx
ImageList_Draw
ImageList_GetImageInfo
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_ReplaceIcon

oledlg

ord8

ole32

CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemFree
ReleaseStgMedium
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
CoGetClassObject
OleDuplicateData
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

winmm

PlaySoundA

Sections

.text
Size: 960KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ba4d558e77d68fccf57e1fc8501b0dd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1e:47:1f:7b:ed:57:b9:69:ba:f0:16:92:03:b9:cf:63Certificate

Extended Key Usages

Key Usages

94:81:27:a5:a2:44:30:5d:e3:61:27:e5:5f:b1:bc:c2:49:7d:0b:72Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

winmm

Sections

.text Size: 960KB - Virtual size: 956KB

.rdata Size: 188KB - Virtual size: 184KB

.data Size: 40KB - Virtual size: 60KB

.rsrc Size: 456KB - Virtual size: 455KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1e:47:1f:7b:ed:57:b9:69:ba:f0:16:92:03:b9:cf:63
Certificate

94:81:27:a5:a2:44:30:5d:e3:61:27:e5:5f:b1:bc:c2:49:7d:0b:72
Signer

.text
Size: 960KB - Virtual size: 956KB

.rdata
Size: 188KB - Virtual size: 184KB

.data
Size: 40KB - Virtual size: 60KB

.rsrc
Size: 456KB - Virtual size: 455KB