GenKey[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

GenKey.exe
Size

881KB
MD5

9f0981b81aefb71f373ce1566a8fcc74
SHA1

32c74200d76f54a8e763c26852d1d05f1cbbf181
SHA256

242c5f784e383565113d0f7b77c7198fd9eff07d4ca99f2d82483a34048a0c3c
SHA512

5eee6cafacf7c96571bf496e4171de7f784f0baa89bc65699ec15fac5ffcaf791dd1808c24715af7c62e6cd5feccae5d6bc62e68c6b16e5b8621dbf7548863e1
SSDEEP

12288:2HPHXSK/D/3Nb+b2OuK3NTbXgEk7Sb5yVmtdkEKA7WZKx8QUpqIoQ8K11ko96h3g:2vnp+iOt3l6A7WZqg3osOA

Score

1^/10

Malware Config

Signatures

Files

GenKey.exe
.exe windows x86

73b2458f2ae1016470dd953088d6e9f1

Code Sign

48:d7:b8:db:d2:e8:6f:89:e5:8d:a0:b7:54:51:3a:c5
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

07/06/2010, 00:00

Not After

26/06/2011, 23:59

Subject

CN=JSC CYBERPLAT,OU=JSC CYBERPLAT.COM,O=JSC CYBERPLAT,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:bc:c5:d8:7e:91:c1:41:cf:4b:5c:97:58:d1:6e:16:49:3e:e8:8a
Signer

Actual PE Digest

af:bc:c5:d8:7e:91:c1:41:cf:4b:5c:97:58:d1:6e:16:49:3e:e8:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
VirtualAlloc
GetSystemInfo
VirtualQuery
Sleep
ExitProcess
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
HeapCreate
VirtualFree
HeapReAlloc
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
RaiseException
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetTickCount
SetErrorMode
GetFileTime
GetFileSizeEx
GetOEMCP
GetCPInfo
FindResourceExA
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
GetModuleHandleW
GetFullPathNameA
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetThreadLocale
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
VirtualProtect
GetCurrentProcessId
GlobalAddAtomA
WaitForSingleObject
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetVersionExA
DeviceIoControl
GetCurrentProcess
SetPriorityClass
GetVolumeInformationA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
FormatMessageA
LocalFree
GetFileSize
SetFilePointer
SetEndOfFile
GetTempFileNameA
OutputDebugStringA
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
MoveFileA
CopyFileA
lstrlenW
MultiByteToWideChar
lstrlenA
lstrcmpiA
CreateMutexA
GetTempPathA
CreateDirectoryA
GetLastError
DeleteFileA
RemoveDirectoryA
CreateFileA
WriteFile
CloseHandle
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryA
CreateFileW

user32

RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindowTextLengthA
GetWindowTextA
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
SetWindowContextHelpId
SetPropA
GetCapture
SetActiveWindow
MapDialogRect
SetWindowPos
GetPropA
RemovePropA
GetAsyncKeyState
SetFocus
GetDlgItem
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
LoadStringA
ShowWindow
MessageBoxA
GetMenuCheckMarkDimensions
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowLongA
LoadIconA
GetClientRect
GetWindowRect
PostMessageA
UpdateWindow
SendMessageA
KillTimer
SetTimer
LoadBitmapA
EnableWindow
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
SetWindowTextA
GetWindow
PostThreadMessageA
RegisterClipboardFormatA
DestroyMenu
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
UnregisterClassA
LoadCursorA
GetSysColorBrush
CharUpperA
MoveWindow
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
EndDialog
EndPaint

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
CreateRectRgnIndirect
EnumFontFamiliesExA
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
ExtSelectClipRgn
CreateCompatibleDC
BitBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
CryptGenKey
CryptExportKey
CryptImportKey
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptVerifySignatureA
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysFreeString

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable

Sections

.text
Size: 655KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73b2458f2ae1016470dd953088d6e9f1

Code Sign

48:d7:b8:db:d2:e8:6f:89:e5:8d:a0:b7:54:51:3a:c5Certificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

af:bc:c5:d8:7e:91:c1:41:cf:4b:5c:97:58:d1:6e:16:49:3e:e8:8aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

wininet

Sections

.text Size: 655KB - Virtual size: 655KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 22KB - Virtual size: 52KB

.rsrc Size: 59KB - Virtual size: 58KB

48:d7:b8:db:d2:e8:6f:89:e5:8d:a0:b7:54:51:3a:c5
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

af:bc:c5:d8:7e:91:c1:41:cf:4b:5c:97:58:d1:6e:16:49:3e:e8:8a
Signer

.text
Size: 655KB - Virtual size: 655KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 22KB - Virtual size: 52KB

.rsrc
Size: 59KB - Virtual size: 58KB