86ab1543464500ccdbda0c7c5f30d40628f0892a19a07e5eaa21ddb2774c7ab7[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

86ab1543464500ccdbda0c7c5f30d40628f0892a19a07e5eaa21ddb2774c7ab7.exe
Size

208KB
MD5

3add94fe3f9cbeddf525f2d212c0d093
SHA1

53d1182d535f720d41d7cffe0316f3fb56e026ad
SHA256

86ab1543464500ccdbda0c7c5f30d40628f0892a19a07e5eaa21ddb2774c7ab7
SHA512

d66fcee4cd245f856547ab1dc6e62a117f387df608b2e7440081b690472be28de55137b5c0b920db2d819780ed6d7fd18c862c4f5c7211a2ba8acff2ac642fc1
SSDEEP

3072:ZUpRi1s+S52fNiQGUaqcJeGwxruUIiau038t6eTNzW+XERycnR3FPEtprO8OFb56:F1wuNiQj4hwBEu0MYqVmXBFPEjRiGdh

Score

1^/10

Malware Config

Signatures

Files

86ab1543464500ccdbda0c7c5f30d40628f0892a19a07e5eaa21ddb2774c7ab7.exe
.exe windows:4 windows x86 arch:x86

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-09-2006 00:00

Not After

26-10-2009 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:11:8e:9c:09:a9:5a:5a:10:ea:6b:7d:c9:4f:54:4b:83:14:06:26
Signer

Actual PE Digest

4e:11:8e:9c:09:a9:5a:5a:10:ea:6b:7d:c9:4f:54:4b:83:14:06:26

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
lstrcpynW
OpenWaitableTimerW
GlobalAlloc
WaitForSingleObject
SetLocaleInfoW
GetSystemTime
GetCurrentThreadId
GetStartupInfoW
OpenEventW
EnumCalendarInfoW
EnumTimeFormatsA
GetStringTypeA
GetLocaleInfoA
lstrlen
lstrcatW
GetModuleHandleA
GlobalGetAtomNameA
CreateFileMappingA
GetAtomNameA
OpenMutexA
MultiByteToWideChar
OpenSemaphoreA
GetProcAddress
IsValidLocale
CreateSemaphoreA
CreateSemaphoreW
SleepEx
GetSystemDirectoryW
OpenEventA
GetThreadLocale
OpenProcess
ExpandEnvironmentStringsA
GetVersionExW
SearchPathW

user32

GetMenuItemID
GetDlgItemTextA
wvsprintfA
RegisterWindowMessageA
LoadMenuA
GetClassInfoExW
GetSysColor
CheckMenuItem
DeleteMenu
GetMenuStringA
PostQuitMessage
SetActiveWindow
LoadImageA
DestroyCursor
GetWindowRect
GetCapture
GetCapture
DrawTextW
keybd_event
LoadIconA
DefFrameProcW
SendDlgItemMessageA
CharLowerW
SetParent
CheckRadioButton
ClientToScreen
MessageBoxIndirectA
PeekMessageW
GetDC
CascadeWindows

gdi32

GetStockObject
GetCharABCWidthsI
GetMetaFileW
UpdateICMRegKeyA
AddFontResourceA
CreateEllipticRgn
GetICMProfileW
GetTextMetricsA
RemoveFontResourceW
OffsetClipRgn
CreatePen
CreateDIBPatternBrushPt
SetMapMode
CreatePolyPolygonRgn
SetLayout
EnumFontsW
GetDCPenColor
SetTextCharacterExtra

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegReplaceKeyW

winmm

mciGetErrorStringA
mmioSetBuffer
timeKillEvent
waveInMessage
WOWAppExit
midiInReset

wsock32

WSAAsyncGetProtoByNumber
WSAIsBlocking
GetAddressByNameW
bind
ntohs
inet_addr
WSASetLastError
ntohl

Sections

.vk
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kaEndn
Size: 1KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kbIe
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Y
Size: 5KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DaBZis
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YHIHtd
Size: 3KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3Certificate

Extended Key Usages

Key Usages

4e:11:8e:9c:09:a9:5a:5a:10:ea:6b:7d:c9:4f:54:4b:83:14:06:26Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winmm

wsock32

Sections

.vk Size: 11KB - Virtual size: 11KB

.kaEndn Size: 1KB - Virtual size: 449KB

.kbIe Size: 3KB - Virtual size: 20KB

.Y Size: 5KB - Virtual size: 443KB

.DaBZis Size: 9KB - Virtual size: 8KB

.YHIHtd Size: 3KB - Virtual size: 192KB

.rsrc Size: 169KB - Virtual size: 169KB

.reloc Size: 1024B - Virtual size: 992B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

4e:11:8e:9c:09:a9:5a:5a:10:ea:6b:7d:c9:4f:54:4b:83:14:06:26
Signer

.vk
Size: 11KB - Virtual size: 11KB

.kaEndn
Size: 1KB - Virtual size: 449KB

.kbIe
Size: 3KB - Virtual size: 20KB

.Y
Size: 5KB - Virtual size: 443KB

.DaBZis
Size: 9KB - Virtual size: 8KB

.YHIHtd
Size: 3KB - Virtual size: 192KB

.rsrc
Size: 169KB - Virtual size: 169KB

.reloc
Size: 1024B - Virtual size: 992B