8b33fb0e392900fc431052544801ba0fc12639550d88df4a7ba5b63d50fc8ae0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8b33fb0e392900fc431052544801ba0fc12639550d88df4a7ba5b63d50fc8ae0N.exe
Size

208KB
MD5

bde3643f8424dcc2fdd96f70f4452650
SHA1

ef5ad3e13b8c0346a5020d5406792e615b638f33
SHA256

8b33fb0e392900fc431052544801ba0fc12639550d88df4a7ba5b63d50fc8ae0
SHA512

0ddabd85500db6188e07966c859fcf7d0c7d00d7f53372feaa3be202c82f06ff203a38fc61216ff461016d0aa692b6a7bc205304310b2515e0a9f1b44c8389d0
SSDEEP

3072:IUpRi1s+S52fNiQGUaqcJeGwxruUIiau038t6eTNzW+XERycnR3FPEtprO8OFb5+:u1wuNiQj4hwBEu0MYqVmXBFPEjRiGdz

Score

1^/10

Malware Config

Signatures

Files

8b33fb0e392900fc431052544801ba0fc12639550d88df4a7ba5b63d50fc8ae0N.exe
.exe windows:4 windows x86 arch:x86

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-09-2006 00:00

Not After

26-10-2009 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4
Signer

Actual PE Digest

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
lstrcpynW
OpenWaitableTimerW
GlobalAlloc
WaitForSingleObject
SetLocaleInfoW
GetSystemTime
GetCurrentThreadId
GetStartupInfoW
OpenEventW
EnumCalendarInfoW
EnumTimeFormatsA
GetStringTypeA
GetLocaleInfoA
lstrlen
lstrcatW
GetModuleHandleA
GlobalGetAtomNameA
CreateFileMappingA
GetAtomNameA
OpenMutexA
MultiByteToWideChar
OpenSemaphoreA
GetProcAddress
IsValidLocale
CreateSemaphoreA
CreateSemaphoreW
SleepEx
GetSystemDirectoryW
OpenEventA
GetThreadLocale
OpenProcess
ExpandEnvironmentStringsA
GetVersionExW
SearchPathW

user32

GetMenuItemID
GetDlgItemTextA
wvsprintfA
RegisterWindowMessageA
LoadMenuA
GetClassInfoExW
GetSysColor
CheckMenuItem
DeleteMenu
GetMenuStringA
PostQuitMessage
SetActiveWindow
LoadImageA
DestroyCursor
GetWindowRect
GetCapture
GetCapture
DrawTextW
keybd_event
LoadIconA
DefFrameProcW
SendDlgItemMessageA
CharLowerW
SetParent
CheckRadioButton
ClientToScreen
MessageBoxIndirectA
PeekMessageW
GetDC
CascadeWindows

gdi32

GetStockObject
GetCharABCWidthsI
GetMetaFileW
UpdateICMRegKeyA
AddFontResourceA
CreateEllipticRgn
GetICMProfileW
GetTextMetricsA
RemoveFontResourceW
OffsetClipRgn
CreatePen
CreateDIBPatternBrushPt
SetMapMode
CreatePolyPolygonRgn
SetLayout
EnumFontsW
GetDCPenColor
SetTextCharacterExtra

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegReplaceKeyW

winmm

mciGetErrorStringA
mmioSetBuffer
timeKillEvent
waveInMessage
WOWAppExit
midiInReset

wsock32

WSAAsyncGetProtoByNumber
WSAIsBlocking
GetAddressByNameW
bind
ntohs
inet_addr
WSASetLastError
ntohl

Sections

.vk
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kaEndn
Size: 1KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kbIe
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Y
Size: 5KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DaBZis
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YHIHtd
Size: 3KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3Certificate

Extended Key Usages

Key Usages

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winmm

wsock32

Sections

.vk Size: 11KB - Virtual size: 11KB

.kaEndn Size: 1KB - Virtual size: 449KB

.kbIe Size: 3KB - Virtual size: 20KB

.Y Size: 5KB - Virtual size: 443KB

.DaBZis Size: 9KB - Virtual size: 8KB

.YHIHtd Size: 3KB - Virtual size: 192KB

.rsrc Size: 169KB - Virtual size: 169KB

.reloc Size: 1024B - Virtual size: 992B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4
Signer

.vk
Size: 11KB - Virtual size: 11KB

.kaEndn
Size: 1KB - Virtual size: 449KB

.kbIe
Size: 3KB - Virtual size: 20KB

.Y
Size: 5KB - Virtual size: 443KB

.DaBZis
Size: 9KB - Virtual size: 8KB

.YHIHtd
Size: 3KB - Virtual size: 192KB

.rsrc
Size: 169KB - Virtual size: 169KB

.reloc
Size: 1024B - Virtual size: 992B