ProdInst64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ProdInst64.exe
Size

869KB
MD5

d6a9f7753db37c3e52efbbe9d26e2018
SHA1

106b13192fd596d13e7e33d64a3759167f1c5cd9
SHA256

27eacf01cd4a4a919b8b9bab23286efc3e1a9c12e7ee246f189dd8a82ed5f395
SHA512

59f6ed198fbd42d861041a28ca53f03ce61a05f57ebce04abc7656599acb842c3e57021c8da6ec7c492b3cb6687111619c693ec964ec35b38aa418fd36b4f435
SSDEEP

24576:w/K50nNEIAvIpoMA1zLK2ZhMLB5PavsQUr:w/K50vSIpoMbCMLB5Pa0X

Score

1^/10

Malware Config

Signatures

Files

ProdInst64.exe
.exe windows x64

5b8dc26e64de88d0ddd6808b6ab1fbb1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

18/12/2011, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:db:6a:29:9d:ee:d8:9d:96:25:20:80:0f:8a:d5:9c:50:c6:fe:92
Signer

Actual PE Digest

90:db:6a:29:9d:ee:d8:9d:96:25:20:80:0f:8a:d5:9c:50:c6:fe:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupCloseFileQueue
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupInitDefaultQueueCallback
SetupQueueCopySectionW
SetupQueueDeleteSectionW
SetupSetDirectoryIdW
SetupOpenFileQueue
SetupGetLineTextW
CMP_WaitNoPendingInstallEvents
SetupFindNextLine
SetupGetFieldCount
SetupGetStringFieldW
SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstallParamsW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsExW
SetupFindFirstLineW

kernel32

GetStartupInfoW
GetDriveTypeW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
ExitThread
CreateThread
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryA
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
RtlVirtualUnwind
SetEnvironmentVariableA
SetEnvironmentVariableW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
DeleteFileW
GetLastError
Sleep
LoadLibraryW
GetProcAddress
SizeofResource
LockResource
LoadResource
GetWindowsDirectoryW
GetTempPathW
FindResourceW
GetSystemDirectoryW
CreateEventW
WaitForSingleObject
CreateDirectoryW
GetModuleFileNameW
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
RemoveDirectoryW
GetCurrentThread
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
CreateProcessW
GetExitCodeProcess
CloseHandle
GetVersionExW
GetFullPathNameW
FormatMessageW
LocalFree
InitializeCriticalSection
GetLocalTime
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
FreeLibrary
SetLastError
CreateFileW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
MoveFileW
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GetModuleHandleA
lstrlenA
WritePrivateProfileStringW
GetCurrentProcessId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
FreeResource
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalLock
GlobalUnlock
lstrlenW
MulDiv
GlobalFree
GlobalAlloc
LoadLibraryA
GetTickCount
GetSystemInfo
ReadFile
WriteFile
MoveFileExW
CopyFileW
GetModuleHandleW
HeapFree
HeapAlloc
LoadLibraryExW
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetProcessHeap

user32

RegisterClipboardFormatW
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
CharUpperW
UnregisterClassW
DestroyMenu
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
IsDialogMessageW
SetDlgItemTextW
CheckRadioButton
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetClassLongPtrW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
PostThreadMessageW
GetClassNameW
ValidateRect
CopyRect
IsWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ReleaseCapture
PtInRect
ClientToScreen
SetCapture
InvalidateRect
GetCapture
RemovePropW
SetWindowLongPtrW
GetPropW
SetPropW
GetWindowLongPtrW
GetParent
ReleaseDC
GetDC
FillRect
GetSysColor
GetClientRect
WindowFromDC
SetProcessDefaultLayout
GetWindowLongW
IsIconic
SetForegroundWindow
SystemParametersInfoW
MessageBeep
LoadStringW
LoadIconW
LoadBitmapW
UnhookWindowsHookEx
MessageBoxW
SetWindowsHookExW
CallNextHookEx
SetWindowLongW
SetWindowPos
CallWindowProcW
ExitWindowsEx
KillTimer
LoadCursorW
SetCursor
SendMessageW
SetTimer
EnableWindow
GetWindowRect
GetSystemMetrics
SetWindowTextW
PostMessageW
FindWindowExW
GetLastActivePopup
UnregisterClassA

gdi32

GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetViewportExtEx
CreateCompatibleDC
CreateBrushIndirect
GetObjectW
CreateFontW
SelectObject
SetStretchBltMode
CreateSolidBrush
GetDeviceCaps
CreateFontIndirectW
SetTextColor
DeleteObject
CreateRectRgnIndirect
GetClipBox
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetMapMode
GetWindowExtEx

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

GetPrintProcessorDirectoryW
DocumentPropertiesW
GetPrinterW
DeletePrinterDriverW
EnumPrinterDriversW
ClosePrinter
DeletePrinter
OpenPrinterW
EnumPrintersW
ord204
GetPrinterDriverDirectoryW

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
StartServiceW
CloseServiceHandle
ControlService
EnumDependentServicesW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
FreeSid
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteW

shlwapi

SHDeleteKeyW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathAppendW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysStringLen
SysFreeString
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantCopy

oleacc

LresultFromObject
CreateStdAccessibleObject

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msi

ord141
ord137
ord8
ord88
ord190
ord92
ord32
ord159
ord160
ord118

Sections

.text
Size: 558KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b8dc26e64de88d0ddd6808b6ab1fbb1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

90:db:6a:29:9d:ee:d8:9d:96:25:20:80:0f:8a:d5:9c:50:c6:fe:92Signer

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

oleacc

version

msi

Sections

.text Size: 558KB - Virtual size: 557KB

.rdata Size: 202KB - Virtual size: 201KB

.data Size: 28KB - Virtual size: 54KB

.pdata Size: 41KB - Virtual size: 40KB

.rsrc Size: 32KB - Virtual size: 31KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

90:db:6a:29:9d:ee:d8:9d:96:25:20:80:0f:8a:d5:9c:50:c6:fe:92
Signer

.text
Size: 558KB - Virtual size: 557KB

.rdata
Size: 202KB - Virtual size: 201KB

.data
Size: 28KB - Virtual size: 54KB

.pdata
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 32KB - Virtual size: 31KB