SecuriteInfo[.]com[.]Program[.]Unwanted[.]4695[.]22711[.]1092[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Program.Unwanted.4695.22711.1092.dll
Size

3.2MB
MD5

4a38f09ffa29021bef01a9f46f192d20
SHA1

3b604218b6907f697e5e9e7dd6d2a1128fb3cc8a
SHA256

d97f137640170ce5bd67635e47661ccf6cea256a42395f9c9612e80f1d068d7d
SHA512

5ac7a0fcee5b9878c8ef4ae0e2455ce25059757d536af11051eb2c3726f3b1682c308eec2a83f754b89dfa3b8c94ea33ea8d9c4182f39e941af12086718aa9b1
SSDEEP

49152:Xy9jC5327LeAyDW06K6mBzsITo59wpGlU+2StoJrtf5ink3:XyjO32fyDW0Gm5sIToTwYTgh5

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Program.Unwanted.4695.22711.1092.dll
.dll windows x86

c4588fd2849d4a9bbd8c2d5d7cb7a52b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:ee:7e:f0:43:82:1e:76:14:3e:95:10:55:33:89:e1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/03/2017, 00:00

Not After

29/03/2019, 23:59

Subject

CN=Lavasoft Limited,O=Lavasoft Limited,L=Sliema,ST=Sliema,C=MT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:ee:7e:f0:43:82:1e:76:14:3e:95:10:55:33:89:e1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/03/2017, 00:00

Not After

29/03/2019, 23:59

Subject

CN=Lavasoft Limited,O=Lavasoft Limited,L=Sliema,ST=Sliema,C=MT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a0:53:79:97:8b:51:94:47:81:74:b6:ff:3e:8f:27:3f:34:0d:ea:37:30:fa:61:3c:e0:ab:a0:9f:6d:2e:02:e8
Signer

Actual PE Digest

a0:53:79:97:8b:51:94:47:81:74:b6:ff:3e:8f:27:3f:34:0d:ea:37:30:fa:61:3c:e0:ab:a0:9f:6d:2e:02:e8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lavasoft Limited,O=Lavasoft Limited,L=Sliema,ST=Sliema,C=MT

17/03/2019, 05:12
Valid: false

44:ad:d6:3d:3d:67:6f:3c:39:43:8e:c1:a1:97:b2:61:fa:3a:c8:53
Signer

Actual PE Digest

44:ad:d6:3d:3d:67:6f:3c:39:43:8e:c1:a1:97:b2:61:fa:3a:c8:53

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lavasoft Limited,O=Lavasoft Limited,L=Sliema,ST=Sliema,C=MT

17/03/2019, 05:12
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
FindCloseUrlCache

wtsapi32

WTSQueryUserToken

winhttp

WinHttpCloseHandle
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData

ws2_32

htons
ntohs
getsockname
setsockopt
recv
WSAGetLastError
socket
WSASetLastError
closesocket
getsockopt
ioctlsocket
WSACleanup
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
send
accept
listen
freeaddrinfo
getaddrinfo
htonl
ntohl
gethostname
bind
WSAStartup

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx

kernel32

GetVolumeInformationW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetFullPathNameW
MoveFileExW
GetLongPathNameW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
DeleteFileW
FindFirstFileW
FindClose
LocalAlloc
InterlockedIncrement
InterlockedDecrement
RaiseException
DeleteCriticalSection
MultiByteToWideChar
GetFileSize
FindResourceW
LoadResource
LeaveCriticalSection
ReadFile
GetModuleFileNameW
CreateFileW
EnterCriticalSection
GlobalFree
LockResource
CreateEventA
WaitForSingleObject
SetEvent
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetVersion
GetSystemTime
GetModuleFileNameA
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
GetFullPathNameA
CreateFileA
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
VirtualFree
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
FormatMessageW
GetVersionExW
GetFileAttributesA
GetFileAttributesW
FlushFileBuffers
GetTempPathW
VirtualAlloc
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetTempPathA
AreFileApisANSI
DeleteFileA
CreateDirectoryW
GetLastError
GetCurrentDirectoryW
LocalFileTimeToFileTime
LocalFree
OutputDebugStringW
OpenProcess
TerminateProcess
RemoveDirectoryW
FindNextFileW
SetFileAttributesW
GetExitCodeProcess
WaitForMultipleObjects
WTSGetActiveConsoleSessionId
GetFileInformationByHandle
InterlockedExchange
SizeofResource
FindResourceExW
LoadLibraryExW
TerminateThread
CreateEventW
ResetEvent
ReadDirectoryChangesW
CancelIo
CreateThread
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
SetLastError
GetWindowsDirectoryW
SetEnvironmentVariableW
GetPrivateProfileStringW
FileTimeToLocalFileTime
GetDriveTypeW
GetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
ResumeThread
GetShortPathNameW
DuplicateHandle
DeviceIoControl
FindFirstFileExW
Sleep
HeapAlloc
GetProcessHeap
HeapFree
GetProcessAffinityMask
HeapDestroy
HeapReAlloc
GlobalMemoryStatusEx
GetFileSizeEx
SetFilePointerEx
VerSetConditionMask
SleepEx
VerifyVersionInfoA
ExpandEnvironmentStringsA
IsDebuggerPresent
DecodePointer
EncodePointer
GetStringTypeW
GetComputerNameW
ExpandEnvironmentStringsW
CreateProcessW
CopyFileW
CloseHandle
GetCurrentProcess
OpenEventW
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetCommandLineA
ExitThread
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
PeekNamedPipe
SetEnvironmentVariableA
GetModuleHandleA
GetStringTypeExW
LCMapStringA
GetStringTypeExA
lstrlenA
OpenEventA
LoadLibraryExA
SetFileTime

user32

GetClassNameW
LoadStringW
CloseDesktop
wsprintfW
EnumDesktopWindows
LoadStringA
SendMessageW
GetDesktopWindow
OpenInputDesktop

advapi32

RegEnumKeyW
OpenProcessToken
GetUserNameW
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptImportKey
CryptReleaseContext
CryptVerifySignatureW
CryptAcquireContextW
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetLengthSid
MakeSelfRelativeSD
GetSecurityDescriptorSacl
AddAce
RegSetKeySecurity
IsValidSid
GetSecurityDescriptorOwner
InitializeAcl
MakeAbsoluteSD
RegGetKeySecurity
GetSecurityDescriptorLength
GetAce
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorControl
CopySid
GetAclInformation
RegCreateKeyExW
ConvertSidToStringSidW
LookupAccountNameW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
CreateProcessAsUserW
CryptAcquireContextA
CryptGenRandom
CryptGetHashParam
CryptEncrypt
GetTokenInformation

shell32

SHGetFolderPathW

ole32

CoCreateGuid
StringFromGUID2
OleRun
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VarBstrCat
SysAllocStringLen
SysAllocString
VariantClear
LoadTypeLi
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayCreate
VariantInit
VariantChangeType
LoadRegTypeLi
GetErrorInfo
SysStringLen
SysFreeString

shlwapi

SHDeleteKeyW
PathFileExistsW

psapi

GetModuleFileNameExW
EnumProcessModules

dnsapi

DnsQuery_W
DnsFree

Exports

Exports

?CreateSettingsModule@detail@settings@asw@@YA?AV?$shared_ptr@VISettingsModule@settings@asw@@@std@@XZ
CheckCache
CreateSettingsModuleRaw
DeInit
DisableExtension
EnableExtension
FreeString
GetBrowserProperties
GetDataFromBackend
GetExtensions
GetIEBrowserRank
GetInstalledBrowsers
GetProtectorInfos
IgnoreExtension
IgnoreExtensionFor
Init
IsExtensionEnabled
IsExtensionIgnored
IsSearchproviderHijacked
LoadExtensions
RemovePlugin
ResetBrowserSettings
SendResultToBackend
SendResultsToBackend2
SetRemoteDialogCallback
UnignoreExtension
UpdateCache

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4588fd2849d4a9bbd8c2d5d7cb7a52b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

76:ee:7e:f0:43:82:1e:76:14:3e:95:10:55:33:89:e1Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

76:ee:7e:f0:43:82:1e:76:14:3e:95:10:55:33:89:e1Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

a0:53:79:97:8b:51:94:47:81:74:b6:ff:3e:8f:27:3f:34:0d:ea:37:30:fa:61:3c:e0:ab:a0:9f:6d:2e:02:e8Signer

Signature Validations

Verification

17/03/2019, 05:12 Valid: false

44:ad:d6:3d:3d:67:6f:3c:39:43:8e:c1:a1:97:b2:61:fa:3a:c8:53Signer

Signature Validations

Verification

17/03/2019, 05:12 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

wtsapi32

winhttp

ws2_32

userenv

crypt32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

dnsapi

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 527KB - Virtual size: 527KB

.data Size: 37KB - Virtual size: 57KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 185KB - Virtual size: 184KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

76:ee:7e:f0:43:82:1e:76:14:3e:95:10:55:33:89:e1
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

76:ee:7e:f0:43:82:1e:76:14:3e:95:10:55:33:89:e1
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

a0:53:79:97:8b:51:94:47:81:74:b6:ff:3e:8f:27:3f:34:0d:ea:37:30:fa:61:3c:e0:ab:a0:9f:6d:2e:02:e8
Signer

17/03/2019, 05:12
Valid: false

44:ad:d6:3d:3d:67:6f:3c:39:43:8e:c1:a1:97:b2:61:fa:3a:c8:53
Signer

17/03/2019, 05:12
Valid: false

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 527KB - Virtual size: 527KB

.data
Size: 37KB - Virtual size: 57KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 185KB - Virtual size: 184KB