84553c2f4085cc9ed47323ffd1b25bac55e216ba65b9ff45873bf6702da2553e[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

84553c2f4085cc9ed47323ffd1b25bac55e216ba65b9ff45873bf6702da2553e.exe
Size

72.7MB
MD5

7e62abcaf3030a9400fb60b5f2ee2484
SHA1

464edfd28fe39ebc0d2dae76660b3c6f1a047864
SHA256

84553c2f4085cc9ed47323ffd1b25bac55e216ba65b9ff45873bf6702da2553e
SHA512

70acf354e63538416f4583f3e535b5f9fc9778ea571629f81c7e00eb2c694c97b55dab4a6b39c8e6f9aafb6aa84eeb86665267fd39317dd2e309f8b18bd8478a
SSDEEP

24576:hqL7dQcuoTT1lzFvE6cW6fra3jZU1qTZrgWax0+F1OO/:hqnPsc6fW9UUTWtl

Score

1^/10

Malware Config

Signatures

Files

84553c2f4085cc9ed47323ffd1b25bac55e216ba65b9ff45873bf6702da2553e.exe
.exe windows:4 windows x86 arch:x86

b214bce09c2713602d5f942f9ac78b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-07-2015 00:00

Not After

26-07-2018 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-07-2015 00:00

Not After

13-07-2018 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13-12-2016 07:00

Not After

13-12-2021 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ca:07:e5:0a:56:f3:59:44:c2:9c:bd:9a:c4:0a:6b:30:d5:a3:52:73:12:3c:6e:5b:a2:9e:63:2b:d9:1d:00:a7
Signer

Actual PE Digest

ca:07:e5:0a:56:f3:59:44:c2:9c:bd:9a:c4:0a:6b:30:d5:a3:52:73:12:3c:6e:5b:a2:9e:63:2b:d9:1d:00:a7

Digest Algorithm

sha256

PE Digest Matches

false

a0:48:a5:11:fa:58:1c:8f:34:99:3f:3f:0a:22:3e:27:22:2d:66:91
Signer

Actual PE Digest

a0:48:a5:11:fa:58:1c:8f:34:99:3f:3f:0a:22:3e:27:22:2d:66:91

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
CompareStringA
CompareStringW
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetFileType
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
GetLocalTime
FindResourceA
GlobalAddAtomA
GetProfileStringA
InterlockedExchange
GetSystemTime
GetTimeZoneInformation
ExitThread
CreateThread
HeapReAlloc
GetDriveTypeW
RaiseException
HeapFree
HeapAlloc
RtlUnwind
GetStartupInfoW
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
FindResourceExW
GetCurrentDirectoryW
GlobalFlags
FindNextFileW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetVolumeInformationW
FindFirstFileW
FindClose
UnlockFile
LockFile
SetFilePointer
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProfileIntW
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetProcessVersion
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetFullPathNameW
GetTempFileNameW
GetFileAttributesW
GlobalFree
lstrcmpW
lstrcmpA
lstrcmpiA
GetCurrentThread
GlobalGetAtomNameW
CreateEventW
SuspendThread
SetEvent
LoadLibraryA
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
InterlockedDecrement
InterlockedIncrement
MulDiv
GetModuleHandleA
SetLastError
lstrlenA
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
LoadResource
LockResource
SetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
FlushFileBuffers
WriteFile
ReadFile
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
CreateFileW
MultiByteToWideChar
GetWindowsDirectoryW
GetModuleFileNameW
LoadLibraryW
WideCharToMultiByte
FreeLibrary
GetCurrentProcess
GetTempPathW
CreateDirectoryW
GetFileAttributesExW
GetLongPathNameW
GetShortPathNameW
GetLastError
LocalFree
MoveFileW
DeleteFileW
SetThreadPriority
Sleep
AttachConsole
GenerateConsoleCtrlEvent
FreeConsole
TerminateProcess
CreateProcessW
GetExitCodeProcess
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
GetVersionExW
lstrcpynW
lstrcpyW
WaitForSingleObject
ResumeThread
FindResourceW
GetTickCount
lstrlenW
GetCurrentDirectoryA

user32

MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetTopWindow
MessageBoxW
WinHelpW
GetClassInfoW
RegisterClassW
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
DestroyWindow
CreateWindowExW
DefWindowProcW
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SystemParametersInfoW
GetWindowPlacement
wsprintfW
EndPaint
BeginPaint
GetWindowDC
SetWindowPos
LockWindowUpdate
CheckMenuItem
IsChild
GetMenu
SetMenu
IsIconic
ExitWindowsEx
DestroyIcon
GetMessageW
TranslateMessage
DispatchMessageW
InsertMenuW
FindWindowW
GetMenuStringW
CallNextHookEx
keybd_event
SetWindowsHookExW
TrackPopupMenuEx
UnhookWindowsHookEx
GetMenuItemCount
WindowFromPoint
DestroyMenu
ShowWindow
GetCapture
IntersectRect
IsRectEmpty
SetRectEmpty
ReleaseDC
DrawFocusRect
GetSysColor
SetCursor
IsWindowEnabled
SetFocus
RegisterWindowMessageW
GetWindow
CreatePopupMenu
GetMessagePos
RedrawWindow
BeginDeferWindowPos
LoadCursorW
DestroyCursor
UnregisterClassW
GetWindowTextLengthA
GetDlgCtrlID
HideCaret
ShowCaret
ExcludeUpdateRgn
OffsetRect
EndDeferWindowPos
GetSystemMenu
RemovePropW
GetPropW
CallWindowProcW
SetWindowLongW
SetPropW
GetMenuItemID
GetMenuDefaultItem
LoadIconW
KillTimer
SetTimer
SetParent
AppendMenuW
InflateRect
ClientToScreen
GetCursorPos
GetKeyState
GetNextDlgTabItem
GetClassNameW
CharUpperW
GetDCEx
GetSysColorBrush
wvsprintfW
LoadStringW
EndDialog
CreateDialogIndirectParamW
DeleteMenu
GetParent
GrayStringW
DrawTextW
TabbedTextOutW
ScreenToClient
GetFocus
InvalidateRect
PtInRect
SetCapture
ReleaseCapture
UpdateWindow
CheckMenuRadioItem
IsWindowVisible
SetActiveWindow
SetForegroundWindow
PostMessageW
LoadMenuW
GetDC
GetWindowRect
LoadBitmapW
GetSubMenu
SetMenuDefaultItem
SendMessageW
EnableWindow
GetClientRect
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
MapDialogRect
GetAsyncKeyState
ShowOwnedPopups
PostQuitMessage
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
GetDesktopWindow
TranslateAcceleratorW
LoadAcceleratorsW
GetActiveWindow
ValidateRect
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
SetRect
EnableMenuItem
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
IsWindow
GetWindowLongW
CopyRect
GetSystemMetrics

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
IntersectClipRect
SetViewportOrgEx
GetDeviceCaps
CreatePen
CreateSolidBrush
CreatePatternBrush
SetRectRgn
GetTextMetricsW
EnumFontFamiliesExW
SetMapMode
CreateRectRgn
CombineRgn
SetTextColor
SetBkMode
SetBkColor
SaveDC
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
StretchDIBits
SetDIBitsToDevice
RestoreDC
CreateDIBSection
DeleteDC
PatBlt
DeleteObject
SelectObject
GetBkMode
GetBkColor
GetTextExtentPoint32W
GetTextColor
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
GetStockObject
GetObjectW
CreateDIBitmap
ExtTextOutA
GetTextExtentPointA
CreateFontIndirectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueW
RegSetValueExW
RegCreateKeyW
RegSetValueW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragQueryFileW
SHFileOperationW
SHGetSpecialFolderPathW
DragAcceptFiles
ShellExecuteW
DragFinish
ExtractIconW

comctl32

ImageList_BeginDrag
ImageList_GetImageInfo
ImageList_DragEnter
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ImageList_DragLeave
ImageList_DragMove
ImageList_EndDrag
ord17
ImageList_Destroy
ImageList_Create
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_DrawIndirect
ImageList_ReplaceIcon

ole32

CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsW
PathFindExtensionW
PathMakePrettyW
PathFindFileNameW
PathRemoveFileSpecW
PathRenameExtensionW
PathIsRootW
PathIsDirectoryW
PathIsURLW

winhttp

WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryOption
WinHttpSetOption
WinHttpReceiveResponse

Sections

.text
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 788KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b214bce09c2713602d5f942f9ac78b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:deCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

32:58:e8:ee:54:af:5c:27Certificate

Extended Key Usages

Key Usages

ca:07:e5:0a:56:f3:59:44:c2:9c:bd:9a:c4:0a:6b:30:d5:a3:52:73:12:3c:6e:5b:a2:9e:63:2b:d9:1d:00:a7Signer

a0:48:a5:11:fa:58:1c:8f:34:99:3f:3f:0a:22:3e:27:22:2d:66:91Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

shlwapi

winhttp

Sections

.text Size: 820KB - Virtual size: 819KB

.rdata Size: 128KB - Virtual size: 126KB

.data Size: 108KB - Virtual size: 126KB

.rsrc Size: 788KB - Virtual size: 788KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

32:58:e8:ee:54:af:5c:27
Certificate

ca:07:e5:0a:56:f3:59:44:c2:9c:bd:9a:c4:0a:6b:30:d5:a3:52:73:12:3c:6e:5b:a2:9e:63:2b:d9:1d:00:a7
Signer

a0:48:a5:11:fa:58:1c:8f:34:99:3f:3f:0a:22:3e:27:22:2d:66:91
Signer

.text
Size: 820KB - Virtual size: 819KB

.rdata
Size: 128KB - Virtual size: 126KB

.data
Size: 108KB - Virtual size: 126KB

.rsrc
Size: 788KB - Virtual size: 788KB