VpnSetupWatchdog[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

VpnSetupWatchdog.exe
Size

1.8MB
MD5

0a6d69abe768e506e6728a75215f759b
SHA1

23642dc15b4eac452050c34b7288ddcc58edec60
SHA256

82aa325a52fa42615aaff4a5144bebc5e70d5886ea2195a1537e0f1a69b5e845
SHA512

24c567586cffbfd8fbb62d7a0f7d753a0eb47ebe29ad57aed97bf41732af9ad67b50d1ca2d119e6ed0c2b3f260df6bc575ecbbdbef8082a18afe97a1da6ad3b3
SSDEEP

49152:JlFr307kYyvElbNSzA5mNl6RT0LVCnmx:JjPYISbNSzA5GQm

Score

1^/10

Malware Config

Signatures

Files

VpnSetupWatchdog.exe
.exe windows x86

832c43e2f15794fde8c18b1eb25aaa88

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:34:99:e1:10:4f:5e:75:e7:21:a7:f1:54:73:bb:1f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/10/2019, 00:00

Not After

20/10/2022, 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE 999,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:71:55:03:67:ae:ba:da:d4:50:0c:43:f6:a5:e4:98:7b:09:4d:f7:27:1f:d4:42:c1:34:2c:77:17:98:fa:01
Signer

Actual PE Digest

39:71:55:03:67:ae:ba:da:d4:50:0c:43:f6:a5:e4:98:7b:09:4d:f7:27:1f:d4:42:c1:34:2c:77:17:98:fa:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASetLastError
setsockopt
ntohs
htons
getsockopt
WSAStartup
getpeername
connect
closesocket
bind
WSAGetLastError
WSACleanup
__WSAFDIsSet
select
ioctlsocket
htonl
inet_addr
gethostname
WSAIoctl
getsockname
send
recv
socket
ntohl
InetNtopW
recvfrom

winhttp

WinHttpCrackUrl

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore

ntdll

VerSetConditionMask
RtlUnwind

kernel32

CreateEventW
ResetEvent
CreateMutexW
ReleaseMutex
ReleaseSemaphore
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetSystemInfo
GetVersionExW
GetCurrentProcessId
Sleep
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetThreadTimes
GetCurrentThread
ExpandEnvironmentStringsW
GetModuleFileNameW
GetFileAttributesW
LoadLibraryExW
GetWindowsDirectoryW
GetSystemDirectoryW
DeviceIoControl
GetProcessAffinityMask
VirtualAlloc
VirtualFree
VirtualProtect
SetThreadPriority
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetDriveTypeW
ReadFile
SetFileAttributesW
SetEndOfFile
MoveFileExW
LockFileEx
MapViewOfFile
UnmapViewOfFile
DuplicateHandle
GetFileAttributesExW
FindClose
HeapAlloc
GetFullPathNameW
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
GetProcAddress
GetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
InitializeCriticalSectionAndSpinCount
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
SetLastError
GetModuleHandleExW
IsDebuggerPresent
RegisterWaitForSingleObject
GetThreadPriority
GetTickCount64
GetSystemTimes
GetSystemTimeAsFileTime
FlushFileBuffers
FileTimeToSystemTime
SetFilePointerEx
UnlockFileEx
GetFileSizeEx
GetNumaHighestNodeNumber
FormatMessageA
SleepEx
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
CreateFileA
LoadLibraryW
GetVersionExA
GetWindowsDirectoryA
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
CreateThread
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
EncodePointer
SwitchToThread
WaitForSingleObjectEx
GetStringTypeW
PeekNamedPipe
FreeLibrary
GetCurrentProcess
GetNativeSystemInfo
WriteFile
CreateFileW
HeapDestroy
GetCurrentThreadId
DeleteCriticalSection
GetExitCodeProcess
WideCharToMultiByte
CloseHandle
SetEvent
GetLastError
MultiByteToWideChar
OpenProcess
OpenEventW
WaitForSingleObject
GetCommandLineW
CompareStringW
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetStdHandle
GetModuleHandleW
GetLocaleInfoW
HeapSize
HeapReAlloc
DecodePointer
InitializeCriticalSectionEx
RaiseException
LocalFree
HeapFree
GetVersion
GetProcessHeap
SetThreadAffinityMask
UnregisterWait
FreeLibraryAndExitThread
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetEnvironmentVariableW
GetFileType
GetConsoleMode
WriteConsoleW
ReadConsoleW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
GetStdHandle
GetCommandLineA
ExitProcess
IsValidLocale
GetConsoleCP

user32

RegisterClassExW
GetClassInfoExW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW

secur32

QueryContextAttributesW

dnsapi

DnsQuery_W
DnsFree

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

832c43e2f15794fde8c18b1eb25aaa88

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:34:99:e1:10:4f:5e:75:e7:21:a7:f1:54:73:bb:1fCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

39:71:55:03:67:ae:ba:da:d4:50:0c:43:f6:a5:e4:98:7b:09:4d:f7:27:1f:d4:42:c1:34:2c:77:17:98:fa:01Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winhttp

version

crypt32

ntdll

kernel32

user32

advapi32

shell32

secur32

dnsapi

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 275KB - Virtual size: 274KB

.data Size: 21KB - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 66KB - Virtual size: 65KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:34:99:e1:10:4f:5e:75:e7:21:a7:f1:54:73:bb:1f
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

39:71:55:03:67:ae:ba:da:d4:50:0c:43:f6:a5:e4:98:7b:09:4d:f7:27:1f:d4:42:c1:34:2c:77:17:98:fa:01
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 275KB - Virtual size: 274KB

.data
Size: 21KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 66KB - Virtual size: 65KB