80c912a1fa810ae218c565e963cfd6cbefd50ebbdab0fa8f9233a6fb84d4a8f4N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

80c912a1fa810ae218c565e963cfd6cbefd50ebbdab0fa8f9233a6fb84d4a8f4N.exe
Size

204KB
MD5

868582e6f68e39386be840e57a5487e0
SHA1

4ab211bab613c38767875fc969bb034d72f10a03
SHA256

80c912a1fa810ae218c565e963cfd6cbefd50ebbdab0fa8f9233a6fb84d4a8f4
SHA512

cfec054f165655e94c8e6bc4633bc9c58ae8bd8a93a02cf31014c82829688147ebed39c5f1052936a15fa0d666c4516c92eb3976f1402617d560d0f7af665b02
SSDEEP

3072:HFeODNAUrSqDMKKVILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbu:HFeGpfMtboVBJtNWyPnYG4fUbu

Score

1^/10

Malware Config

Signatures

Files

80c912a1fa810ae218c565e963cfd6cbefd50ebbdab0fa8f9233a6fb84d4a8f4N.exe
.exe windows:4 windows x86 arch:x86

e60c81803d69802a44293b77dcfe8006

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20-01-2010 00:00

Not After

24-01-2012 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ab:b8:36:24:17:19:74:da:e2:94:1a:ad:bd:c7:ad:07:6e:52:51
Signer

Actual PE Digest

51:ab:b8:36:24:17:19:74:da:e2:94:1a:ad:bd:c7:ad:07:6e:52:51

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
SetLocaleInfoA
GetLocalTime
lstrcmpi
AddAtomA
SetEvent
lstrcatA
EnumDateFormatsA
GetProcAddress
OpenEventA
GetModuleFileNameA
GetExpandedNameW
GetSystemInfo
GetCurrentThread
DuplicateHandle
DeleteAtom
GetModuleHandleA
GetShortPathNameW
GetEnvironmentVariableA
GetLastError
GetDiskFreeSpaceA
GetFullPathNameW
CreateEventA
GetProcessHeaps
BeginUpdateResourceA
lstrcpynA
SuspendThread
CreateEventW
InitializeCriticalSection
TlsAlloc
GetProcessHeap
GetSystemDefaultLangID
GetLocaleInfoW
GetComputerNameA
SetErrorMode
CreateSemaphoreW
SetPriorityClass
CompareStringA
SearchPathA
CreateDirectoryA
SetCurrentDirectoryW
ExitThread
GetCommandLineA
SetComputerNameA
IsBadStringPtrA

user32

GetDCEx
WaitMessage
IsWindow
ArrangeIconicWindows
CharPrevW
MoveWindow
GetClassInfoExW
GetCursorPos
CharLowerA
GetIconInfo
CreateDesktopW
CallWindowProcW
LoadMenuW
DefWindowProcA
MonitorFromRect
GetClientRect
EndMenu
SetDlgItemInt
GetParent

gdi32

DescribePixelFormat
SetDCBrushColor
ResizePalette
StartPage
ModifyWorldTransform
GetClipBox
GetBkMode
ExtFloodFill
EnumICMProfilesA
CreateRoundRectRgn
GetPolyFillMode
GetCharABCWidthsI
SetSystemPaletteUse
CreateSolidBrush
GetMetaFileA
SetBkMode

advapi32

RegCreateKeyW
RegRestoreKeyA
RegFlushKey

shlwapi

SHGetValueW
StrRetToStrW
PathIsUNCW
StrRetToStrA
StrDupA
StrStrA

comdlg32

GetSaveFileNameA
GetOpenFileNameW
ReplaceTextW
PrintDlgExW

oleaut32

LoadTypeLib
GetRecordInfoFromGuids

version

GetFileVersionInfoW
VerInstallFileW

inetcomm

HrAttachDataFromFile
MimeOleCreateByteStream
HrAthGetFileName
CreateRASTransport
MimeOleSetBodyPropA
GetDllMajorVersion

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VqkkjU
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uZgjfC
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hEYO
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lNjS
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.duM
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xkix
Size: 2KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XEio
Size: 1024B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HGPN
Size: 1024B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e60c81803d69802a44293b77dcfe8006

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

51:ab:b8:36:24:17:19:74:da:e2:94:1a:ad:bd:c7:ad:07:6e:52:51Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comdlg32

oleaut32

version

inetcomm

Sections

.text Size: 11KB - Virtual size: 11KB

.VqkkjU Size: 512B - Virtual size: 4KB

.uZgjfC Size: 1024B - Virtual size: 4KB

.hEYO Size: 1KB - Virtual size: 31KB

.lNjS Size: 3KB - Virtual size: 8KB

.duM Size: 512B - Virtual size: 6KB

.xkix Size: 2KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 10KB

.XEio Size: 1024B - Virtual size: 37KB

.HGPN Size: 1024B - Virtual size: 212KB

.rsrc Size: 164KB - Virtual size: 163KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

51:ab:b8:36:24:17:19:74:da:e2:94:1a:ad:bd:c7:ad:07:6e:52:51
Signer

.text
Size: 11KB - Virtual size: 11KB

.VqkkjU
Size: 512B - Virtual size: 4KB

.uZgjfC
Size: 1024B - Virtual size: 4KB

.hEYO
Size: 1KB - Virtual size: 31KB

.lNjS
Size: 3KB - Virtual size: 8KB

.duM
Size: 512B - Virtual size: 6KB

.xkix
Size: 2KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 10KB

.XEio
Size: 1024B - Virtual size: 37KB

.HGPN
Size: 1024B - Virtual size: 212KB

.rsrc
Size: 164KB - Virtual size: 163KB