plesk-installer-cn[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

plesk-installer-cn.exe
Size

11.0MB
MD5

5e64788ba8b0a23b6c6c423dcb372f78
SHA1

0306414e489e51d1b761b87d62be89b985e34554
SHA256

3bfd03caf1a0a4a7dfc0719eb1f8e4629c931593e2d3bd8ce5f4d743fd4a76cc
SHA512

412f274ccb3df3e8d02d0a621bb79ac1e78f1c1f4af1c9b07a966f0ef3e7c9a161afa3c9326ed7ca81738603fde0f305cfc94ed68d78d8470aca74f289a281c1
SSDEEP

98304:Uhmn+T2amvIrrUVguhTKSiM4W9CVVeNhQte/IkRo2bUZT9M4JLKGVGH0FsFpmL:UhOWU63M4W9CVUhQ0QWCKGgmL

Score

1^/10

Malware Config

Signatures

Files

plesk-installer-cn.exe
.exe windows x86

bab46ee3f545ea28dd3cc6f374521428

Code Sign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:0d:8e:7b:88:93:ab
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

04/04/2014, 09:08

Not After

04/04/2017, 09:08

Subject

CN=Parallels International GmbH,O=Parallels International GmbH,L=Schaffhausen,ST=Schaffhausen,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:c7:39:65:c6:66:d1:cd
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

16/02/2016, 07:00

Not After

16/02/2021, 07:00

Subject

CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7c:1e:40:33:60:06:eb:e9:91:61:65:72:ea:ad:71:7b:2c:e7:c9:87
Signer

Actual PE Digest

7c:1e:40:33:60:06:eb:e9:91:61:65:72:ea:ad:71:7b:2c:e7:c9:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
FindFirstFileExA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
SetEnvironmentVariableA
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetACP
HeapReAlloc
GetCommandLineW
GetCommandLineA
SetStdHandle
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
QueryPerformanceFrequency
GetModuleHandleExW
ExitProcess
WriteConsoleW
HeapSize
HeapFree
HeapAlloc
LoadLibraryExW
RtlUnwind
InterlockedPushEntrySList
GetProcessHeap
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
AreFileApisANSI
SetFilePointerEx
GetFullPathNameW
GetFileAttributesExW
CreateWaitableTimerA
ResumeThread
SetWaitableTimer
ReleaseSemaphore
OpenEventA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
SetFileTime
GetFileTime
SetEndOfFile
DeviceIoControl
CreateFileW
LoadLibraryW
CreateEventW
WaitForMultipleObjectsEx
ResetEvent
InitializeCriticalSection
CloseHandle
ReadConsoleW
WaitForSingleObjectEx
GetCurrentThreadId
SetEvent
GetSystemTimeAsFileTime
LocalFree
GetLastError
CreateDirectoryW
GetFileAttributesW
GetProcAddress
IsDebuggerPresent
Sleep
GetStdHandle
FormatMessageW
GetModuleHandleW
GetEnvironmentVariableW
SetEnvironmentVariableW
OutputDebugStringA
WideCharToMultiByte
GetConsoleScreenBufferInfo
GetCurrentProcess
GetSystemInfo
GetModuleHandleA
GetVersionExA
GetExitCodeProcess
CreateThread
WaitForMultipleObjects
WriteFile
ReadFile
SetHandleInformation
CreatePipe
CreateProcessW
GetCurrentThread
SetFileAttributesW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
GetTempFileNameW
SetLastError
FindClose
GetTickCount
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
GetCurrentProcessId
DuplicateHandle
FormatMessageA
GetModuleFileNameA
CreateProcessA
MultiByteToWideChar
FreeConsole
GetConsoleTitleA
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
VerSetConditionMask
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
SleepEx
GetFileType
PeekNamedPipe
ExpandEnvironmentStringsA
FindNextFileA
GlobalMemoryStatus
GetSystemTime
SystemTimeToFileTime
FlushConsoleInputBuffer
InterlockedDecrement
LocalAlloc
ReleaseMutex
WaitForSingleObject
FileTimeToSystemTime
CreateMutexW
GetModuleFileNameW
RaiseException
GetTempPathW
GetCurrentDirectoryW
RemoveDirectoryW
ExpandEnvironmentStringsW
CreateEventA

user32

GetCursorPos
TrackPopupMenu
DestroyMenu
CreatePopupMenu
ShowWindow
CreateWindowExA
RegisterClassA
AppendMenuA
DispatchMessageA
TranslateMessage
GetMessageA
LoadStringA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
FindWindowA
MessageBoxW
DefWindowProcA
LoadIconA

advapi32

RegisterEventSourceA
ReportEventA
SetServiceStatus
LookupAccountNameW
OpenProcessToken
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
IsValidSid
EqualSid
AllocateAndInitializeSid
GetSidSubAuthority
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
DeleteAce
GetAce
LookupAccountSidW
LookupPrivilegeValueW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CloseServiceHandle
ControlService
EnumDependentServicesW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetSidLengthRequired
GetSidSubAuthorityCount
LogonUserW
ConvertSidToStringSidW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetFileSecurityW
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
ReportEventW
RegisterEventSourceW
CloseEventLog
RegisterServiceCtrlHandlerA
OpenServiceA
ChangeServiceConfig2A
CreateServiceA
DeleteService
OpenSCManagerA
DeregisterEventSource

ws2_32

ioctlsocket
shutdown
WSAGetLastError
ntohs
WSACleanup
WSASetLastError
getsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
socket
setsockopt
__WSAFDIsSet
accept
bind
closesocket
connect
getpeername
getsockname
htonl
htons
inet_ntoa
listen
ntohl
recv
send
select
WSAStartup

wldap32

ord46
ord143
ord35
ord211
ord30
ord200
ord301
ord50
ord60
ord41
ord22
ord26
ord27
ord32
ord79
ord33

normaliz

IdnToAscii

winmm

timeGetTime

shlwapi

PathStripToRootW
PathIsRelativeW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathCombineW
PathCanonicalizeW

netapi32

NetUserModalsGet
NetApiBufferFree
NetUserGetLocalGroups

msi

ord45
ord205
ord141
ord137
ord88
ord111
ord190
ord70

rpcrt4

UuidCreate
UuidToStringW
UuidCreateSequential
RpcStringFreeW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetIpAddrTable

shell32

Shell_NotifyIconA
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW

oleaut32

SysFreeString
SysStringLen

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bab46ee3f545ea28dd3cc6f374521428

Code Sign

07Certificate

Key Usages

04:0d:8e:7b:88:93:abCertificate

Extended Key Usages

Key Usages

62:c7:39:65:c6:66:d1:cdCertificate

Extended Key Usages

Key Usages

7c:1e:40:33:60:06:eb:e9:91:61:65:72:ea:ad:71:7b:2c:e7:c9:87Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wldap32

normaliz

winmm

shlwapi

netapi32

msi

rpcrt4

version

iphlpapi

shell32

oleaut32

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 5.3MB - Virtual size: 5.3MB

.data Size: 80KB - Virtual size: 108KB

.tls Size: 1KB - Virtual size: 1KB

.gfids Size: 2KB - Virtual size: 1KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 301KB - Virtual size: 300KB

07
Certificate

04:0d:8e:7b:88:93:ab
Certificate

62:c7:39:65:c6:66:d1:cd
Certificate

7c:1e:40:33:60:06:eb:e9:91:61:65:72:ea:ad:71:7b:2c:e7:c9:87
Signer

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 5.3MB - Virtual size: 5.3MB

.data
Size: 80KB - Virtual size: 108KB

.tls
Size: 1KB - Virtual size: 1KB

.gfids
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 301KB - Virtual size: 300KB