SecuriteInfo[.]com[.]BScope[.]TrojanDropper[.]Dinwod[.]16769[.]5740[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.BScope.TrojanDropper.Dinwod.16769.5740.exe
Size

2.9MB
MD5

1f587492bd6d6225cc925f18f0407c51
SHA1

cba138593246ea4e1d8572708f7cb7747ae0eb81
SHA256

8a847c605bde4c3a8f73142c60ba675f71c56cfe874ee872a871e1f336a622da
SHA512

9e23be44583afec87cf12e46af0e3b694a667be3ce14bfd8ec503246591519fe8a958f42a592627d9fd0e7b911e551e755d03f4184707eb836a56b782924bb37
SSDEEP

49152:B85/PEQ3oMcdqllfgaYChNxZvlv57O4qGgUcPL8Jr9hg6krnMRfKZhf:B85/8Q3ov4lfQCHZH7xtior9hg6koRy7

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.BScope.TrojanDropper.Dinwod.16769.5740.exe
.exe windows:5 windows x86

e4bf5fe72e8f452d5a4586d1455d2f63

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:e2:51:4c:ed:6a:6c:b6:1e:6f:88:f1:f9:54:2b:41
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16-07-2012 00:00

Not After

16-07-2013 23:59

Subject

CN=PPStream Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PPStream Inc.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:ef:41:9c:3c:ab:d8:d1:24:cd:1b:2f:cb:88:44:cf:5e:2a:ea:2b
Signer

Actual PE Digest

4d:ef:41:9c:3c:ab:d8:d1:24:cd:1b:2f:cb:88:44:cf:5e:2a:ea:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
ResetEvent
ReleaseMutex
CreateThread
GetModuleFileNameA
CreateProcessA
TerminateProcess
SetDllDirectoryA
SetEnvironmentVariableA
LoadLibraryExA
GetEnvironmentVariableA
GetCurrentThreadId
GetComputerNameA
TerminateThread
GetFileAttributesA
CreateDirectoryA
InterlockedExchange
GetTempPathA
DeleteFileA
GetFileAttributesW
GetFileSize
LoadLibraryExW
lstrcpyA
lstrcmpA
lstrcpynA
RaiseException
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
ReadFile
PeekNamedPipe
CreateProcessW
GetStartupInfoW
CreatePipe
OutputDebugStringW
SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalAlloc
GlobalFree
ReleaseSemaphore
SetEvent
InterlockedDecrement
WaitForMultipleObjects
InterlockedIncrement
CreateSemaphoreW
CreateEventW
DeleteFileW
CreateDirectoryW
CloseHandle
CreateFileW
WaitForSingleObject
CreateMutexW
OpenMutexW
GetTickCount
lstrcmpW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
HeapFree
GetProcessHeap
HeapAlloc
FreeResource
ExitProcess
MultiByteToWideChar
lstrlenA
GetCurrentThread
GetCurrentProcess
GetProcAddress
LoadLibraryW
VirtualQuery
GetModuleHandleW
FormatMessageA
GetVersionExW
WriteFile
CreateFileA
lstrcpynW
GetModuleFileNameW
SetUnhandledExceptionFilter
Sleep
GetLastError
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
GetLocaleInfoW
GetTimeZoneInformation
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetModuleHandleA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetConsoleCtrlHandler
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
IsValidCodePage
GetOEMCP
GetStartupInfoA
SetHandleCount
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
GetStdHandle
GetConsoleMode
GetConsoleCP
LockResource
SizeofResource
GetTempPathW
FatalAppExitA
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
CompareStringA
RtlUnwind
ExitThread
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
InterlockedCompareExchange
RemoveDirectoryW
UnlockFile
LockFile
MoveFileW
FindNextFileW
SetEndOfFile
GetLongPathNameW
MoveFileExW
GetCurrentProcessId
GetSystemInfo
lstrcatW
SetFileAttributesW
GetTempFileNameW
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
ResumeThread
GlobalLock
GlobalUnlock
MulDiv
DosDateTimeToFileTime
DuplicateHandle
GetFileType
GetACP
FileTimeToSystemTime
GetSystemTime
FindFirstFileW
FindClose
FlushFileBuffers
lstrlenW

user32

GetWindowLongW
IsRectEmpty
GetUpdateRect
GetCursorPos
CharNextW
IntersectRect
GetWindowTextLengthW
IsIconic
ScreenToClient
GetClientRect
SetWindowTextW
SetWindowRgn
PostMessageW
SystemParametersInfoW
MoveWindow
SetWindowPos
wsprintfW
KillTimer
MessageBoxW
RegisterDeviceNotificationW
LoadCursorW
LoadIconW
RegisterClassExW
CreateWindowExW
ShowWindow
FillRect
DrawTextW
UpdateWindow
BeginPaint
EndPaint
PostQuitMessage
DefWindowProcW
FindWindowW
GetWindowTextW
GetClassNameW
EnumChildWindows
GetSystemMetrics
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageA
CharPrevW
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
GetMonitorInfoW
MonitorFromWindow
InvalidateRgn
CreateAcceleratorTableW
GetWindowRect
OffsetRect
InflateRect
UnionRect
SetWindowLongW
IsWindow
SetFocus
EnableWindow
GetWindow
GetParent
SendMessageW
LoadImageW
MapWindowPoints
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
SetCursor
wvsprintfW
RegisterClassW
GetClassInfoExW
GetKeyState
GetDC
InvalidateRect
SetTimer
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
DestroyWindow
GetFocus
CallWindowProcW

gdi32

SetTextColor
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateRoundRectRgn
SaveDC
CombineRgn
StretchBlt
CreateDIBSection
SetStretchBltMode
ExtTextOutW
SetBkColor
LineTo
MoveToEx
SetBkMode
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
GdiFlush
GetDeviceCaps
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
DeleteDC
CreatePen
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
SelectClipRgn
ExtSelectClipRgn
RoundRect
CreateRectRgnIndirect
GetClipBox

advapi32

CryptDestroyHash
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
RegQueryValueW
SetFileSecurityW
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityW
LookupAccountNameW
CryptHashData
RegOpenKeyW
RegQueryValueExW
RegCloseKey
GetUserNameW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
CryptCreateHash

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHFileOperationW
ord165
SHGetMalloc
ShellExecuteExW

ole32

CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleLockRunning
CoUninitialize
CoInitialize

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetAttemptConnect
InternetCrackUrlW

shlwapi

StrStrIA
UrlEscapeW
StrCpyW
PathAppendW
PathRemoveFileSpecW
StrCpyNW
StrCatW
PathFileExistsW

gdiplus

GdipGetPropertyItem
GdipCreateFromHDC
GdipDrawImageRectI
GdipCloneImage
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipImageGetFrameDimensionsList

comctl32

ord17
_TrackMouseEvent

riched20

ord4

ws2_32

select
gethostbyname
inet_ntoa
ioctlsocket
ntohl
htonl
recv
send
WSACleanup
closesocket
shutdown
WSAGetLastError
connect
htons
__WSAFDIsSet
inet_addr
socket
WSAStartup

setupapi

SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW

newdev

UpdateDriverForPlugAndPlayDevicesW

version

GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

iphlpapi

GetAdaptersInfo

psapi

GetModuleInformation
GetProcessMemoryInfo

oleaut32

SysFreeString

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4bf5fe72e8f452d5a4586d1455d2f63

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

07:e2:51:4c:ed:6a:6c:b6:1e:6f:88:f1:f9:54:2b:41Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4d:ef:41:9c:3c:ab:d8:d1:24:cd:1b:2f:cb:88:44:cf:5e:2a:ea:2bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

shlwapi

gdiplus

comctl32

riched20

ws2_32

setupapi

newdev

version

winhttp

iphlpapi

psapi

oleaut32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 178KB - Virtual size: 177KB

.data Size: 14KB - Virtual size: 37KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 51KB - Virtual size: 50KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

07:e2:51:4c:ed:6a:6c:b6:1e:6f:88:f1:f9:54:2b:41
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4d:ef:41:9c:3c:ab:d8:d1:24:cd:1b:2f:cb:88:44:cf:5e:2a:ea:2b
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 178KB - Virtual size: 177KB

.data
Size: 14KB - Virtual size: 37KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 51KB - Virtual size: 50KB