657e9723db159b74f8c916212bf8f8ec106e8c60e4f3bad502e10d57fa77ed68N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

657e9723db159b74f8c916212bf8f8ec106e8c60e4f3bad502e10d57fa77ed68N.exe
Size

218KB
MD5

74a6718b3fabc02eba876975f97e5be0
SHA1

8b96a5bec584f170089cbbe8a117ec3f88bd3177
SHA256

657e9723db159b74f8c916212bf8f8ec106e8c60e4f3bad502e10d57fa77ed68
SHA512

b448a6dedf96fcea4dd2cb8af352553f38d10df628287c89e8f7f515d1235d1654c91c0a13e0c1e9cac02f8df4ab842b9616789beb013bfbc3f22a2ebce83776
SSDEEP

3072:Evm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:S1SyAJp6rjn1gOObn4b6h9h

Score

1^/10

Malware Config

Signatures

Files

657e9723db159b74f8c916212bf8f8ec106e8c60e4f3bad502e10d57fa77ed68N.exe
.exe windows:4 windows x86 arch:x86

5dbe4621616d081e3440b0469a9471ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-09-2006 00:00

Not After

24-11-2007 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2
Signer

Actual PE Digest

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
GetComputerNameA
GetCalendarInfoA
TlsAlloc
CreateDirectoryW
GetMailslotInfo
GetModuleFileNameW
GetCalendarInfoW
GetPriorityClass
GetUserDefaultLCID
GlobalFindAtomA
GetProcAddress
FindAtomW
FileTimeToLocalFileTime
EnumDateFormatsW
OpenEventA
GetLocaleInfoW
lstrcmpiW
SetLocaleInfoW
GetEnvironmentVariableW
GetExitCodeProcess
MulDiv
SetUnhandledExceptionFilter
GetNamedPipeInfo
EndUpdateResourceW
SetComputerNameA
GetProcessHeap
SetPriorityClass
FreeResource
GetModuleHandleW
QueryPerformanceFrequency
GetFileAttributesW
CompareStringA
LoadLibraryA
IsDebuggerPresent
HeapCreate
CreateNamedPipeW
GetThreadPriority
OpenMutexW
ExpandEnvironmentStringsA
lstrcmpi
GetEnvironmentStringsA
FileTimeToDosDateTime
GetCommandLineA
lstrcpynW
GetDiskFreeSpaceW
lstrcmp
GetCurrentDirectoryA

user32

AnimateWindow
GetWindowRgn
GetClassInfoA
CreateDialogParamA
GetClassInfoExW
EnumChildWindows
RegisterClassA
DrawTextA
SetFocus
MessageBoxIndirectW
MonitorFromPoint
ClientToScreen
DefWindowProcA
LoadImageA
ActivateKeyboardLayout
GetTopWindow
LoadMenuIndirectA
MessageBoxA
GetDC
UnregisterClassW
mouse_event
GetMenuState
SetCursor
ShowCursor
IsDlgButtonChecked
CheckDlgButton
SetParent
keybd_event
DrawTextW
SetDlgItemInt
FrameRect
RegisterClassExW
RemoveMenu
SendMessageA
TrackPopupMenuEx
GetForegroundWindow
LoadMenuA
GetDlgItemTextW
CreateDialogIndirectParamW
SetDlgItemTextW
MessageBeep
SetActiveWindow
CharNextA
GetMenu
UpdateLayeredWindow
SetWindowLongA
CloseWindow
MessageBoxW
EndDialog
IsIconic
CreateAcceleratorTableA

gdi32

PtInRegion
SetWorldTransform
CreateEnhMetaFileW
CreateDCW
CreateMetaFileW
TranslateCharsetInfo
EnumFontsA
ScaleViewportExtEx
CreateCompatibleDC
GetDIBits
RemoveFontResourceW
SetPixel
GetEnhMetaFileDescriptionA

advapi32

RegCreateKeyExW
RegOpenKeyW
RegRestoreKeyA
RegOpenKeyA
RegSaveKeyW
RegReplaceKeyA

shlwapi

SHDeleteEmptyKeyA
PathFindNextComponentW
StrCpyW
PathStripPathA
SHCopyKeyW
PathIsURLW
SHRegQueryInfoUSKeyW
PathCreateFromUrlA

oleaut32

VarR4FromR8

winmm

mciSendStringW
mciSendStringA

winspool.drv

DeleteFormA

Sections

.sX
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RqVY
Size: 1KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lziQh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EXGwv
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 167KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 4KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.E
Size: 4KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dbe4621616d081e3440b0469a9471ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

oleaut32

winmm

winspool.drv

Sections

.sX Size: 4KB - Virtual size: 4KB

.RqVY Size: 1KB - Virtual size: 255KB

.i Size: 14KB - Virtual size: 13KB

.lziQh Size: 4KB - Virtual size: 4KB

.EXGwv Size: 4KB - Virtual size: 142KB

.data Size: 167KB - Virtual size: 535KB

.I Size: 4KB - Virtual size: 279KB

.E Size: 4KB - Virtual size: 452KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 950B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2
Signer

.sX
Size: 4KB - Virtual size: 4KB

.RqVY
Size: 1KB - Virtual size: 255KB

.i
Size: 14KB - Virtual size: 13KB

.lziQh
Size: 4KB - Virtual size: 4KB

.EXGwv
Size: 4KB - Virtual size: 142KB

.data
Size: 167KB - Virtual size: 535KB

.I
Size: 4KB - Virtual size: 279KB

.E
Size: 4KB - Virtual size: 452KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 950B