db2a9fce5653dfaceada1f8ad418df53dec5ade876157b310d35706034094a66N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

db2a9fce5653dfaceada1f8ad418df53dec5ade876157b310d35706034094a66N.exe
Size

208KB
MD5

262d31a33d2d3c41ef2b558d1ce118c0
SHA1

ce795722a2bb9ffd00dcc7ea5c14fe132857a1a4
SHA256

db2a9fce5653dfaceada1f8ad418df53dec5ade876157b310d35706034094a66
SHA512

0e163bd3b822e199d3e18313eb629780ca7248a284123ba96174c4c6d7a786d03777d859457227c08b6010ed860eecd95da0b630e288f360da2659fbf057c8a6
SSDEEP

3072:ZUpRi1s+S52fNiQGUaqcJeGwxruUIiau038t6eTNzW+XERycnR3FPEtprO8OFb5+:F1wuNiQj4hwBEu0MYqVmXBFPEjRiGdz

Score

1^/10

Malware Config

Signatures

Files

db2a9fce5653dfaceada1f8ad418df53dec5ade876157b310d35706034094a66N.exe
.exe windows:4 windows x86 arch:x86

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-09-2006 00:00

Not After

26-10-2009 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4
Signer

Actual PE Digest

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
lstrcpynW
OpenWaitableTimerW
GlobalAlloc
WaitForSingleObject
SetLocaleInfoW
GetSystemTime
GetCurrentThreadId
GetStartupInfoW
OpenEventW
EnumCalendarInfoW
EnumTimeFormatsA
GetStringTypeA
GetLocaleInfoA
lstrlen
lstrcatW
GetModuleHandleA
GlobalGetAtomNameA
CreateFileMappingA
GetAtomNameA
OpenMutexA
MultiByteToWideChar
OpenSemaphoreA
GetProcAddress
IsValidLocale
CreateSemaphoreA
CreateSemaphoreW
SleepEx
GetSystemDirectoryW
OpenEventA
GetThreadLocale
OpenProcess
ExpandEnvironmentStringsA
GetVersionExW
SearchPathW

user32

GetMenuItemID
GetDlgItemTextA
wvsprintfA
RegisterWindowMessageA
LoadMenuA
GetClassInfoExW
GetSysColor
CheckMenuItem
DeleteMenu
GetMenuStringA
PostQuitMessage
SetActiveWindow
LoadImageA
DestroyCursor
GetWindowRect
GetCapture
GetCapture
DrawTextW
keybd_event
LoadIconA
DefFrameProcW
SendDlgItemMessageA
CharLowerW
SetParent
CheckRadioButton
ClientToScreen
MessageBoxIndirectA
PeekMessageW
GetDC
CascadeWindows

gdi32

GetStockObject
GetCharABCWidthsI
GetMetaFileW
UpdateICMRegKeyA
AddFontResourceA
CreateEllipticRgn
GetICMProfileW
GetTextMetricsA
RemoveFontResourceW
OffsetClipRgn
CreatePen
CreateDIBPatternBrushPt
SetMapMode
CreatePolyPolygonRgn
SetLayout
EnumFontsW
GetDCPenColor
SetTextCharacterExtra

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegReplaceKeyW

winmm

mciGetErrorStringA
mmioSetBuffer
timeKillEvent
waveInMessage
WOWAppExit
midiInReset

wsock32

WSAAsyncGetProtoByNumber
WSAIsBlocking
GetAddressByNameW
bind
ntohs
inet_addr
WSASetLastError
ntohl

Sections

.vk
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kaEndn
Size: 1KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kbIe
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Y
Size: 5KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DaBZis
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YHIHtd
Size: 3KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3Certificate

Extended Key Usages

Key Usages

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winmm

wsock32

Sections

.vk Size: 11KB - Virtual size: 11KB

.kaEndn Size: 1KB - Virtual size: 449KB

.kbIe Size: 3KB - Virtual size: 20KB

.Y Size: 5KB - Virtual size: 443KB

.DaBZis Size: 9KB - Virtual size: 8KB

.YHIHtd Size: 3KB - Virtual size: 192KB

.rsrc Size: 169KB - Virtual size: 169KB

.reloc Size: 1024B - Virtual size: 992B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4
Signer

.vk
Size: 11KB - Virtual size: 11KB

.kaEndn
Size: 1KB - Virtual size: 449KB

.kbIe
Size: 3KB - Virtual size: 20KB

.Y
Size: 5KB - Virtual size: 443KB

.DaBZis
Size: 9KB - Virtual size: 8KB

.YHIHtd
Size: 3KB - Virtual size: 192KB

.rsrc
Size: 169KB - Virtual size: 169KB

.reloc
Size: 1024B - Virtual size: 992B