SecuriteInfo[.]com[.]Heur[.]16784[.]23994[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Heur.16784.23994.exe
Size

4.0MB
MD5

aa980bb256f429573f4049581b650ba1
SHA1

4c96369e381d80bc0b6177b8da769717e3a62792
SHA256

0513ca1db8a4ceba9ee056184dcb2a162ecb9f21e6cf574bc1aa0e8c14126ee3
SHA512

6f7253877e34c7347e97251005788254f59cd1532a90cf8ca8c316746b6331e9b44297db530437d5d1534d2b4307d9628483528080151a43a0b57440d70db522
SSDEEP

49152:TipyCjUQreg9P4a6/gL6bgTbETJCvFtGNi/yq31Yv+W5hI5ftpkIezGBh/RSOAEg:Tij7wgLNspjx37/n

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Heur.16784.23994.exe
.dll regsvr32 windows x64

b083bb61c553d40b779603907e5c862d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2010, 00:00

Not After

01/06/2013, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wininet

InternetCanonicalizeUrlW
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetCookieA
InternetCombineUrlW
GetUrlCacheEntryInfoA
InternetCombineUrlA

kernel32

GetProcAddress
LoadLibraryW
GetModuleHandleA
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateThread
GetModuleFileNameA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
CloseHandle
FreeLibrary
CreateMutexA
DisableThreadLibraryCalls
GetModuleHandleW
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetCurrentProcess
GetLocaleInfoA
GlobalUnlock
GlobalLock
WaitForMultipleObjects
FindNextFileA
SetEnvironmentVariableA
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
lstrlenW
GetLastError
lstrlenA
GetFileAttributesA
MultiByteToWideChar
FindClose
lstrcpynA
FindFirstFileA
CreateEventA

user32

GetMessageA
GetClientRect
ScreenToClient
GetWindowRect
IsWindow
CharLowerBuffA
IntersectRect
PostMessageA
SendMessageA
SetWindowsHookExA
GetCursorPos
UnhookWindowsHookEx
CallNextHookEx
GetKeyboardState
MessageBoxA
GetKeyState
CharNextW
CharNextA
LoadIconA
LoadCursorA
RegisterClassA
DefWindowProcA
CreateWindowExA
PtInRect
TranslateMessage
DispatchMessageA
GetClassNameA
FindWindowExA
GetSystemMetrics

gdi32

GetStockObject

advapi32

RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegRestoreKeyA
RegLoadKeyA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
RegQueryValueExW
RegQueryValueExA

ole32

CoTaskMemAlloc
CoGetClassObject
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

oleaut32

SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayDestroy
VariantInit
SafeArrayPutElement
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarBstrCat
SysAllocString
VarBstrCmp
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
GetErrorInfo
SysStringLen

msvcr90

?terminate@@YAXXZ
strncpy
isdigit
_strlwr
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_initterm
_mbsnbcpy_s
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
wcsncpy
memchr
isalpha
_unlock
_strnicmp
_i64tow
fwrite
_recalloc
_resetstkoflw
__C_specific_handler
strcat_s
wcsncpy_s
strcpy_s
_time64
wcscpy
_strupr
_wcsnicmp
swscanf
strcat
_splitpath
sprintf
fopen
fgets
sscanf
fclose
wcsncmp
_purecall
strcmp
memcpy_s
_vswprintf
_mbsstr
??2@YAPEAX_K@Z
memcmp
wcsstr
wcsrchr
wcschr
??3@YAXPEAX@Z
strchr
strpbrk
strstr
__CxxFrameHandler3
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
strcpy
strlen
_stricmp
_memicmp
memcpy
memset
wcslen
memmove
_CxxThrowException
wcscmp
_wcsicmp
free
malloc
strrchr

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetListenerState
InstallNSH

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b083bb61c553d40b779603907e5c862d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcr90

urlmon

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 6KB - Virtual size: 9KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 6KB - Virtual size: 9KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 2KB