0c5db3863d1b96f52fe9cbb00d9b933ef07b5c502e3cc48461ec13cba0cd8ceaN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0c5db3863d1b96f52fe9cbb00d9b933ef07b5c502e3cc48461ec13cba0cd8ceaN.exe
Size

208KB
MD5

1246c5382c3fea3c3a078e880865b2c0
SHA1

bead596b433ca6ca6cdb527bb608ac5a88ab4f62
SHA256

0c5db3863d1b96f52fe9cbb00d9b933ef07b5c502e3cc48461ec13cba0cd8cea
SHA512

aebc97dff6f8078d0593b2ca99bab360a878cfe581938cdab97676721ae6f72e5af0cbe87d2cb1c00587c60e47820bf462ce2340ea9faba3581a01ea73950d20
SSDEEP

3072:CUpRi1s+S52fNiQGUaqcJeGwxruUIiau038t6eTNzW+XERycnR3FPEtprO8OFb5+:A1wuNiQj4hwBEu0MYqVmXBFPEjRiGdz

Score

1^/10

Malware Config

Signatures

Files

0c5db3863d1b96f52fe9cbb00d9b933ef07b5c502e3cc48461ec13cba0cd8ceaN.exe
.exe windows:4 windows x86 arch:x86

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-09-2006 00:00

Not After

26-10-2009 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4
Signer

Actual PE Digest

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
lstrcpynW
OpenWaitableTimerW
GlobalAlloc
WaitForSingleObject
SetLocaleInfoW
GetSystemTime
GetCurrentThreadId
GetStartupInfoW
OpenEventW
EnumCalendarInfoW
EnumTimeFormatsA
GetStringTypeA
GetLocaleInfoA
lstrlen
lstrcatW
GetModuleHandleA
GlobalGetAtomNameA
CreateFileMappingA
GetAtomNameA
OpenMutexA
MultiByteToWideChar
OpenSemaphoreA
GetProcAddress
IsValidLocale
CreateSemaphoreA
CreateSemaphoreW
SleepEx
GetSystemDirectoryW
OpenEventA
GetThreadLocale
OpenProcess
ExpandEnvironmentStringsA
GetVersionExW
SearchPathW

user32

GetMenuItemID
GetDlgItemTextA
wvsprintfA
RegisterWindowMessageA
LoadMenuA
GetClassInfoExW
GetSysColor
CheckMenuItem
DeleteMenu
GetMenuStringA
PostQuitMessage
SetActiveWindow
LoadImageA
DestroyCursor
GetWindowRect
GetCapture
GetCapture
DrawTextW
keybd_event
LoadIconA
DefFrameProcW
SendDlgItemMessageA
CharLowerW
SetParent
CheckRadioButton
ClientToScreen
MessageBoxIndirectA
PeekMessageW
GetDC
CascadeWindows

gdi32

GetStockObject
GetCharABCWidthsI
GetMetaFileW
UpdateICMRegKeyA
AddFontResourceA
CreateEllipticRgn
GetICMProfileW
GetTextMetricsA
RemoveFontResourceW
OffsetClipRgn
CreatePen
CreateDIBPatternBrushPt
SetMapMode
CreatePolyPolygonRgn
SetLayout
EnumFontsW
GetDCPenColor
SetTextCharacterExtra

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegReplaceKeyW

winmm

mciGetErrorStringA
mmioSetBuffer
timeKillEvent
waveInMessage
WOWAppExit
midiInReset

wsock32

WSAAsyncGetProtoByNumber
WSAIsBlocking
GetAddressByNameW
bind
ntohs
inet_addr
WSASetLastError
ntohl

Sections

.vk
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kaEndn
Size: 1KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kbIe
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Y
Size: 5KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DaBZis
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YHIHtd
Size: 3KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cad26b1ad30c4965a5a400d4f2ba3cc

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3Certificate

Extended Key Usages

Key Usages

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winmm

wsock32

Sections

.vk Size: 11KB - Virtual size: 11KB

.kaEndn Size: 1KB - Virtual size: 449KB

.kbIe Size: 3KB - Virtual size: 20KB

.Y Size: 5KB - Virtual size: 443KB

.DaBZis Size: 9KB - Virtual size: 8KB

.YHIHtd Size: 3KB - Virtual size: 192KB

.rsrc Size: 169KB - Virtual size: 169KB

.reloc Size: 1024B - Virtual size: 992B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

1f:5f:9c:d9:ee:19:ca:4a:4b:5b:43:33:67:79:b0:64:5d:3d:65:f4
Signer

.vk
Size: 11KB - Virtual size: 11KB

.kaEndn
Size: 1KB - Virtual size: 449KB

.kbIe
Size: 3KB - Virtual size: 20KB

.Y
Size: 5KB - Virtual size: 443KB

.DaBZis
Size: 9KB - Virtual size: 8KB

.YHIHtd
Size: 3KB - Virtual size: 192KB

.rsrc
Size: 169KB - Virtual size: 169KB

.reloc
Size: 1024B - Virtual size: 992B