8947656554b85d61aec5be6314a6d2b4e84beb3a0c81f6ea19ef866be816e4fe[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8947656554b85d61aec5be6314a6d2b4e84beb3a0c81f6ea19ef866be816e4fe.exe
Size

208KB
MD5

7c2199f774f6f8b252d1812248488a2f
SHA1

03d8a6cb97c32e12fdd8cf6f831817f16b73d817
SHA256

8947656554b85d61aec5be6314a6d2b4e84beb3a0c81f6ea19ef866be816e4fe
SHA512

83c2c31240045e4b9eca25664e85d5178f06abddb7ece724f713ffe30e237bde6114b21e408a622838b1c45ef545bcd8f927e8d6fb74aee02b8c2ba933251c07
SSDEEP

3072:OUpRi1s+S52fNiQGUaqcJeGwxruUIiau038t6eTNzW+XERycnR3FPEtprO8OFb5q:k1wuNiQj4hwBEu0MYqVmXBFPEjRiGdJ

Score

1^/10

Malware Config

Signatures

Files

8947656554b85d61aec5be6314a6d2b4e84beb3a0c81f6ea19ef866be816e4fe.exe
.exe windows:4 windows x86 arch:x86

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-09-2006 00:00

Not After

26-10-2009 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

75:c6:f6:e2:34:52:b0:1f:fd:4c:4f:42:e6:80:52:23:b1:f0:12:8f
Signer

Actual PE Digest

75:c6:f6:e2:34:52:b0:1f:fd:4c:4f:42:e6:80:52:23:b1:f0:12:8f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
lstrcpynW
OpenWaitableTimerW
GlobalAlloc
WaitForSingleObject
SetLocaleInfoW
GetSystemTime
GetCurrentThreadId
GetStartupInfoW
OpenEventW
EnumCalendarInfoW
EnumTimeFormatsA
GetStringTypeA
GetLocaleInfoA
lstrlen
lstrcatW
GetModuleHandleA
GlobalGetAtomNameA
CreateFileMappingA
GetAtomNameA
OpenMutexA
MultiByteToWideChar
OpenSemaphoreA
GetProcAddress
IsValidLocale
CreateSemaphoreA
CreateSemaphoreW
SleepEx
GetSystemDirectoryW
OpenEventA
GetThreadLocale
OpenProcess
ExpandEnvironmentStringsA
GetVersionExW
SearchPathW

user32

GetMenuItemID
GetDlgItemTextA
wvsprintfA
RegisterWindowMessageA
LoadMenuA
GetClassInfoExW
GetSysColor
CheckMenuItem
DeleteMenu
GetMenuStringA
PostQuitMessage
SetActiveWindow
LoadImageA
DestroyCursor
GetWindowRect
GetCapture
GetCapture
DrawTextW
keybd_event
LoadIconA
DefFrameProcW
SendDlgItemMessageA
CharLowerW
SetParent
CheckRadioButton
ClientToScreen
MessageBoxIndirectA
PeekMessageW
GetDC
CascadeWindows

gdi32

GetStockObject
GetCharABCWidthsI
GetMetaFileW
UpdateICMRegKeyA
AddFontResourceA
CreateEllipticRgn
GetICMProfileW
GetTextMetricsA
RemoveFontResourceW
OffsetClipRgn
CreatePen
CreateDIBPatternBrushPt
SetMapMode
CreatePolyPolygonRgn
SetLayout
EnumFontsW
GetDCPenColor
SetTextCharacterExtra

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegReplaceKeyW

winmm

mciGetErrorStringA
mmioSetBuffer
timeKillEvent
waveInMessage
WOWAppExit
midiInReset

wsock32

WSAAsyncGetProtoByNumber
WSAIsBlocking
GetAddressByNameW
bind
ntohs
inet_addr
WSASetLastError
ntohl

Sections

.vk
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kaEndn
Size: 1KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kbIe
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Y
Size: 5KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DaBZis
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YHIHtd
Size: 3KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3Certificate

Extended Key Usages

Key Usages

75:c6:f6:e2:34:52:b0:1f:fd:4c:4f:42:e6:80:52:23:b1:f0:12:8fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winmm

wsock32

Sections

.vk Size: 11KB - Virtual size: 11KB

.kaEndn Size: 1KB - Virtual size: 449KB

.kbIe Size: 3KB - Virtual size: 20KB

.Y Size: 5KB - Virtual size: 443KB

.DaBZis Size: 9KB - Virtual size: 8KB

.YHIHtd Size: 3KB - Virtual size: 192KB

.rsrc Size: 169KB - Virtual size: 169KB

.reloc Size: 1024B - Virtual size: 992B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

75:c6:f6:e2:34:52:b0:1f:fd:4c:4f:42:e6:80:52:23:b1:f0:12:8f
Signer

.vk
Size: 11KB - Virtual size: 11KB

.kaEndn
Size: 1KB - Virtual size: 449KB

.kbIe
Size: 3KB - Virtual size: 20KB

.Y
Size: 5KB - Virtual size: 443KB

.DaBZis
Size: 9KB - Virtual size: 8KB

.YHIHtd
Size: 3KB - Virtual size: 192KB

.rsrc
Size: 169KB - Virtual size: 169KB

.reloc
Size: 1024B - Virtual size: 992B