f27ceba40085c7140c5c32b6d9c187199038df0c37905bfcd87e1b795f56c22c

Sharing

Copy URL

Twitter E-mail

General

Target

f27ceba40085c7140c5c32b6d9c187199038df0c37905bfcd87e1b795f56c22c
Size

1.1MB
MD5

4863a5fb57c3b6d44efecbd190e877b1
SHA1

09ec1d3ec7aa69c88c5e573fa7f0d6041a9e015c
SHA256

f27ceba40085c7140c5c32b6d9c187199038df0c37905bfcd87e1b795f56c22c
SHA512

7de6e8feface79293bd677972b732c59eaff681585d9eed835f2290fc141a4f0964c47b82a97efbc97d4db8120b69560ceed8f0a3faa6e575e946592ac904145
SSDEEP

24576:BguyjPyu08DHvMzIPvXZKZEMMMMMMMUrEH76:/yzy6DoInjMMMMMMM+

Score

1^/10

Malware Config

Signatures

Files

f27ceba40085c7140c5c32b6d9c187199038df0c37905bfcd87e1b795f56c22c
.exe windows:4 windows x86 arch:x86

b0bd1960c1af51ea1304b07fbbe0376d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

02-08-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23-08-2013 00:00

Not After

23-09-2024 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:9b:8b:bf:20:1b:dc:2c:97:58:10:72:2b:d8:94:26:b1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2014 16:11

Not After

06-09-2017 00:58

Subject

CN=June Fabrics Technology Inc.,O=June Fabrics Technology Inc.,L=Fairfax,ST=VA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\test3\Android\PdaGate\Release\PdaNet.pdb

Imports

winmm

PlaySoundA

shlwapi

UrlEscapeA
SHDeleteValueA
PathRemoveFileSpecA
PathAppendA
SHGetValueA

rasapi32

RasSetEntryPropertiesA
RasHangUpA
RasDialA
RasEnumEntriesA
RasSetEntryDialParamsA
RasGetEntryPropertiesA
RasEnumDevicesA

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA

ws2_32

gethostbyname
ntohl
closesocket
send
ntohs
recv
connect
setsockopt
ioctlsocket
WSAGetLastError
inet_addr
inet_ntoa
htons
WSACleanup
sendto
select
__WSAFDIsSet
recvfrom
htonl
WSALookupServiceBeginW
WSALookupServiceNextW
WSALookupServiceEnd
WSAStartup
socket

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

kernel32

HeapSize
GetCurrentThread
TlsAlloc
ReadConsoleInputA
SetConsoleMode
TlsSetValue
TlsFree
GetCPInfo
TlsGetValue
GetStdHandle
ExitProcess
HeapCreate
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapDestroy
FatalAppExitA
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
lstrlenW
CloseHandle
CreateThread
lstrlenA
GetCurrentThreadId
GetModuleFileNameA
DeleteFileA
CreateEventA
WaitForSingleObject
ResetEvent
RaiseException
SetLastError
Sleep
TerminateThread
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
GetOEMCP
GetVersionExA
SetEvent
CreateFileA
InterlockedIncrement
InterlockedDecrement
lstrcmpiA
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetOverlappedResult
WaitForMultipleObjects
DeviceIoControl
CancelIo
WriteFile
ReadFile
WriteProfileStringA
lstrcmpA
lstrcpyA
lstrcpynA
SetCommTimeouts
WinExec
lstrcatA
CreateSemaphoreA
ReleaseSemaphore
GetTickCount
OutputDebugStringA
InterlockedExchange
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapReAlloc
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetEnvironmentStringsW
GetThreadLocale
GetLocaleInfoA
GetACP
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
SetConsoleCtrlHandler
GetLocaleInfoW
SetFilePointer
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
PeekConsoleInputA
DeleteCriticalSection
GetNumberOfConsoleInputEvents

user32

BringWindowToTop
PostMessageA
GetClassInfoExA
LoadCursorA
GetMessageA
RegisterClassExA
CreateWindowExA
IsWindowVisible
SetTimer
KillTimer
PostQuitMessage
SetForegroundWindow
IsWindow
GetKeyState
CharNextA
DestroyWindow
PeekMessageA
DispatchMessageA
TranslateMessage
EnableWindow
IsChild
CallWindowProcA
LoadImageA
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
MessageBoxA
ShowWindow
GetClientRect
GetWindowRect
SetWindowPos
SetWindowTextA
SendMessageA
GetWindowLongA
SetWindowLongA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
FindWindowA
FlashWindowEx
GetActiveWindow
DispatchMessageW
GetMessageW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
IsWindowUnicode
MsgWaitForMultipleObjects
RegisterDeviceNotificationA
RegisterWindowMessageA
GetCursorPos
LoadMenuA
GetSubMenu
DeleteMenu
EnableMenuItem
CheckMenuItem
ModifyMenuA
TrackPopupMenu
DestroyMenu
GetDoubleClickTime
DefWindowProcA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoTaskMemFree
OleUninitialize
CoTaskMemRealloc
CLSIDFromProgID
StringFromIID
CoTaskMemAlloc
CoInitialize
CoUninitialize
OleInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
VariantCopy
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
LoadTypeLi
VarBstrCat
VarUI4FromStr
SysFreeString
DispCallFunc

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

iphlpapi

GetAdaptersInfo

gdi32

CreateDCA
DeleteObject
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
DeleteDC
CreateCompatibleDC

Sections

.text
Size: 756KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0bd1960c1af51ea1304b07fbbe0376d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

11:21:9b:8b:bf:20:1b:dc:2c:97:58:10:72:2b:d8:94:26:b1Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

winmm

shlwapi

rasapi32

wininet

ws2_32

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

wtsapi32

iphlpapi

gdi32

Sections

.text Size: 756KB - Virtual size: 754KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 52KB - Virtual size: 72KB

.rsrc Size: 60KB - Virtual size: 57KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

11:21:9b:8b:bf:20:1b:dc:2c:97:58:10:72:2b:d8:94:26:b1
Certificate

.text
Size: 756KB - Virtual size: 754KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 52KB - Virtual size: 72KB

.rsrc
Size: 60KB - Virtual size: 57KB