c5c9386c222293fe44f618673defc01b79ca40fc0ea27e205a3f725d77dda126

Sharing

Copy URL

Twitter E-mail

General

Target

c5c9386c222293fe44f618673defc01b79ca40fc0ea27e205a3f725d77dda126
Size

231KB
MD5

9f6336f11ae40b22034f19ecba4641ac
SHA1

3bf8998f30f300dc979a608faed41bd747b885eb
SHA256

c5c9386c222293fe44f618673defc01b79ca40fc0ea27e205a3f725d77dda126
SHA512

83c0508f4e30aad6508716a163496a867914b0e2821760df4ebe71b3a33a053588db068c2f6975793e5ed3a2293daf5130ca6a72ee06524dc57b444dd4875c12
SSDEEP

3072:dd2PHUXh5RidYASjd53qI02ojksuzwj42JpfmmJCZwgEE6pjTcTeuwClKWW3n/8Z:v2fOJyf+H9uAGhJkmwwjcTe+KL0Z

Score

1^/10

Malware Config

Signatures

Files

c5c9386c222293fe44f618673defc01b79ca40fc0ea27e205a3f725d77dda126
.exe windows:4 windows x86 arch:x86

1cdc80fdee083d3fb5d0897059ceff20

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

28-10-2010 09:07

Not After

28-10-2013 09:07

Subject

CN=BullGuard Ltd.,OU=IT,O=BullGuard Ltd.,L=Heathrow,ST=Middlesex,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db
Signer

Actual PE Digest

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
CreateDirectoryA
GetLogicalDrives
GetCalendarInfoA
GetStringTypeA
GetExitCodeThread
GetComputerNameA
GetExpandedNameA
EnumDateFormatsW
WinExec
ConnectNamedPipe
Sleep
GetStartupInfoW
ReadDirectoryChangesW
SetLocaleInfoW
SleepEx
GetSystemDefaultLCID
ExpandEnvironmentStringsW
LoadLibraryExA
LocalAlloc
lstrcpy
GetVolumeInformationW
GetModuleHandleA
LocalFree
GetCPInfo
GetCurrentProcess
OpenEventA
GetUserDefaultLCID
GetLocaleInfoA
OpenSemaphoreA
CreateMutexW
IsBadWritePtr
BeginUpdateResourceW
DeleteAtom
GetWindowsDirectoryW
GetEnvironmentVariableA
GetDateFormatW
CreateNamedPipeA
lstrcat
RemoveDirectoryA
FreeLibrary
ExpandEnvironmentStringsA
CopyFileExA
WaitForMultipleObjects
GetNumberFormatA
EnumCalendarInfoA
GetModuleHandleW
FindAtomW
GetSystemTime
GetStartupInfoA
GetProcessHeap
GetLongPathNameA
CopyFileA
DisconnectNamedPipe
GetEnvironmentStringsA
GetEnvironmentStringsW
MoveFileA
GetProcAddress
GetTickCount
CreateSemaphoreW
CreateEventW
GetVersionExA
SetEvent
GetDiskFreeSpaceA
GetSystemDirectoryA
GetVersion
MultiByteToWideChar
SystemTimeToFileTime

user32

PostMessageW
CopyIcon
SetCursor
InvalidateRect
MessageBoxW
SetWindowLongW
GetDlgItemTextA
IsIconic
MessageBoxA
RegisterClassExA
LoadCursorW
GetMenuInfo
CharUpperW
EndDialog
InsertMenuA
InsertMenuItemW
LoadBitmapW
GetClassInfoW
SendDlgItemMessageW
LoadCursorA
RegisterWindowMessageW
FindWindowW
CopyRect
EnumWindows
EndMenu
GetSysColorBrush
EnableMenuItem
GetKeyState
GetDCEx
GetMenuItemCount
OffsetRect
AppendMenuW
CreatePopupMenu
wsprintfA
CharNextW
LoadBitmapA
DialogBoxIndirectParamA
SetWindowTextW
mouse_event
PeekMessageW
CharPrevW
CharNextA
LoadMenuIndirectA
GetDlgItemTextW
LoadMenuA
MonitorFromRect
WaitForInputIdle
SetWindowPos
GetKeyboardLayout
LoadMenuIndirectW
MessageBoxIndirectW
SetWindowRgn
SetMenu
GetMessageW
wvsprintfA
SetCapture
CreateAcceleratorTableA
keybd_event
MoveWindow
CreateMenu
WinHelpW
CreateDialogParamA

gdi32

CreateBitmapIndirect
CreateICW
CreateDIBSection
CreateRoundRectRgn
SelectBrushLocal
CreateMetaFileA
CreateBrushIndirect
GetEnhMetaFileW

advapi32

CryptContextAddRef

shell32

ShellExecuteEx
ShellExecuteA
SHGetDataFromIDListW
SHGetDataFromIDListA
Shell_NotifyIcon
SHCreateDirectoryExA
StrNCmpA

shlwapi

PathIsRelativeA
UrlUnescapeW
SHOpenRegStreamA
PathIsSameRootA
IntlStrEqWorkerA
PathIsUNCServerA
UrlIsNoHistoryW
UrlCreateFromPathW
SHEnumValueA
SHRegQueryInfoUSKeyW
AssocQueryStringW
PathCanonicalizeA
HashData
StrChrIA
UrlGetPartA
UrlHashW

Sections

.ZQPt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qaC
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mPL
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vi
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uJiHFf
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.A
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mfAbF
Size: 3KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cdc80fdee083d3fb5d0897059ceff20

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:2b:f2:4a:45:3eCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:dbSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.ZQPt Size: 8KB - Virtual size: 8KB

.qaC Size: 92KB - Virtual size: 92KB

.mPL Size: 12KB - Virtual size: 12KB

.vi Size: 4KB - Virtual size: 21KB

.uJiHFf Size: 90KB - Virtual size: 90KB

.A Size: 5KB - Virtual size: 14KB

.mfAbF Size: 3KB - Virtual size: 140KB

.rsrc Size: 7KB - Virtual size: 6KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:2b:f2:4a:45:3e
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

a7:0a:c5:89:35:f2:fa:95:97:8a:5f:a5:cf:fd:ec:9c:45:a3:92:db
Signer

.ZQPt
Size: 8KB - Virtual size: 8KB

.qaC
Size: 92KB - Virtual size: 92KB

.mPL
Size: 12KB - Virtual size: 12KB

.vi
Size: 4KB - Virtual size: 21KB

.uJiHFf
Size: 90KB - Virtual size: 90KB

.A
Size: 5KB - Virtual size: 14KB

.mfAbF
Size: 3KB - Virtual size: 140KB

.rsrc
Size: 7KB - Virtual size: 6KB