CNET_245764[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

CNET_245764.exe
Size

1.5MB
MD5

2e5eb3b32319ed7c484a08305d79fdee
SHA1

e86a08fabf19c4f52406298d22bc975716cf5573
SHA256

670090018138da28a6b2dcbac61bc8abacb24285b496809c0fa6a4a031a35dd2
SHA512

bc62b9a86dad8d21eb29da6149d9bbabbe72bc0d28f7d28524f20954a49109f95ccb983e25d77d8e4debf285a97648e14ccc74a973489d2f808252221b0f3fbc
SSDEEP

49152:jDislNkT1Ke0BVCuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuudJ:TvVCuuuuuuuuuuuuuuuuuuuuuuuuuuug

Score

1^/10

Malware Config

Signatures

Files

CNET_245764.exe
.exe windows:4 windows x86

a487cb4ac2b5f96d6f6d517b8bdbb1e3

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18-10-2012 14:38

Not After

20-05-2022 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

19-05-2022 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:d4:0c:94:ac:c2:95:42:b9:af:45:3c:ad:47:85:c3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10-09-2010 00:00

Not After

06-10-2013 23:59

Subject

CN=Analytical Design Solutions\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Analytical Design Solutions\, Inc,L=York,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a9:6e:ae:34:b5:14:77:51:86:d6:a3:e9:c4:34:88:d8:3f:bb:8e:a4
Signer

Actual PE Digest

a9:6e:ae:34:b5:14:77:51:86:d6:a3:e9:c4:34:88:d8:3f:bb:8e:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetOptionW
DeleteUrlCacheEntryW
FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetCrackUrlW
InternetConnectW
InternetOpenW

psapi

GetProcessMemoryInfo
GetModuleBaseNameW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mfc80u

ord3901
ord741
ord3198
ord3204
ord2311
ord1925
ord3311
ord4234
ord1582
ord2086
ord5727
ord589
ord6061
ord283
ord5638
ord4109
ord330
ord1271
ord6279
ord1605
ord3590
ord3902
ord3599
ord3678
ord4755
ord2132
ord4347
ord3883
ord1416
ord4074
ord4112
ord1472
ord900
ord3629
ord777
ord2121
ord1476
ord1386
ord3677
ord4535
ord757
ord566
ord3327
ord4475
ord2832
ord5209
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord4451
ord1600
ord6726
ord5156
ord5137
ord6099
ord1619
ord1620
ord3913
ord765
ord6718
ord686
ord454
ord3163
ord2936
ord2843
ord1604
ord1603
ord1941
ord2049
ord3903
ord5943
ord3900
ord3108
ord5940
ord5567
ord3393
ord2712
ord4108
ord4111
ord6062
ord3754
ord2647
ord5798
ord4118
ord6060
ord6085
ord3982
ord2154
ord5827
ord5828
ord2137
ord1303
ord1311
ord5311
ord6715
ord1718
ord6716
ord314
ord6751
ord3882
ord1155
ord1049
ord763
ord1121
ord3824
ord2239
ord5562
ord1149
ord1087
ord5226
ord3603
ord3460
ord635
ord395
ord4259
ord4271
ord1297
ord2164
ord5144
ord3939
ord1908
ord4013
ord2418
ord2419
ord2986
ord5352
ord940
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord2609
ord2399
ord2237
ord1058
ord3642
ord4314
ord6278
ord2365
ord4946
ord709
ord501
ord3990
ord5558
ord496
ord1194
ord5201
ord287
ord2260
ord4388
ord1220
ord590
ord331
ord2241
ord2244
ord2243
ord4244
ord2651
ord3395
ord4669
ord4162
ord4439
ord1135
ord1156
ord5161
ord4336
ord2255
ord2369
ord3508
ord3249
ord6018
ord266
ord265
ord5400
ord2460
ord2362
ord3519
ord3448
ord1720
ord3570
ord2361
ord2151
ord1545
ord6173
ord6167
ord909
ord581
ord1200
ord1162
ord764
ord620
ord587
ord577
ord605
ord776
ord293
ord354
ord3176
ord269
ord575
ord1085
ord1198
ord4256
ord4480
ord3943
ord2638
ord315
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord6700
ord282
ord6111
ord1479
ord5485
ord2261
ord4101
ord5524
ord4100
ord2895
ord280
ord897
ord762
ord1086
ord1148
ord1274
ord4094
ord2085
ord3238
ord3946
ord6140
ord1946
ord1079
ord896
ord899
ord6171
ord774
ord5803
ord2366
ord5199
ord4206
ord4729
ord3755
ord3756
ord894
ord870
ord1118
ord4574
ord6063
ord3927
ord6086
ord5829
ord1894
ord3635
ord1785
ord1883
ord2155
ord3189
ord2077
ord1536
ord6721
ord5911
ord1393
ord4226
ord5210
ord2985
ord4255
ord3158
ord572
ord760
ord5178
ord4884
ord2011
ord1662
ord1661
ord1542
ord6720
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord1548
ord2381
ord1904

msvcr80

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
iswspace
_wtoi64
towlower
rand
strrchr
_wtol
wcscmp
memmove
realloc
strlen
malloc
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
__FrameUnwindFilter
_crt_debugger_hook
_i64tow_s
srand
memcpy
_set_invalid_parameter_handler
wcschr
atoi
_snprintf_s
_purecall
memcmp
qsort
wcsstr
_wcsnicmp
free
_vsnwprintf_s
__argc
__wargv
swscanf_s
memset
wcslen
_snwprintf_s
_wtoi
_wcsicmp
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcsrchr

kernel32

VirtualQuery
IsBadReadPtr
FileTimeToLocalFileTime
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoW
GetComputerNameExW
LoadLibraryW
FreeLibrary
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
GetCommState
GetCommTimeouts
SetCommTimeouts
SetCommState
GetProcessHeap
HeapValidate
ProcessIdToSessionId
FileTimeToSystemTime
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentThreadId
GlobalLock
GlobalUnlock
GlobalGetAtomNameW
GlobalAddAtomW
SetLastError
GetCurrentDirectoryW
GetCommandLineW
PeekNamedPipe
ReadFile
CreateProcessW
CreateFileW
DeviceIoControl
CreateNamedPipeW
GetCurrentProcessId
DisconnectNamedPipe
SetUnhandledExceptionFilter
CreateEventW
SetProcessShutdownParameters
InterlockedDecrement
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
InterlockedIncrement
MulDiv
ReleaseMutex
CreateMutexW
WaitForSingleObject
GetEnvironmentVariableW
SetEvent
GetExitCodeThread
Sleep
TerminateThread
GetModuleFileNameW
GetProcAddress
GetCurrentProcess
GetProcessIoCounters
GlobalMemoryStatusEx
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceExW
CloseHandle
CreateThread
SetThreadPriority
GetLastError
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetNativeSystemInfo
GetVersionExW
InterlockedCompareExchange
GetVolumeInformationW
LocalFree
LocalAlloc
InterlockedExchange
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA

user32

EnumChildWindows
GetFocus
GetCursorInfo
SetCursorPos
RealGetWindowClassW
CallWindowProcW
EnumDisplayDevicesW
EnumDisplayMonitors
GetMonitorInfoW
InflateRect
InvalidateRect
GetSystemMenu
SetMenu
ModifyMenuW
UnregisterDeviceNotification
LoadIconW
TranslateMessage
OffsetRect
TrackMouseEvent
ExitWindowsEx
DefWindowProcW
RegisterWindowMessageW
UpdateWindow
MapWindowPoints
GetWindowRect
SetActiveWindow
BringWindowToTop
KillTimer
GetSysColor
GetWindowThreadProcessId
IsChild
SetLayeredWindowAttributes
SetCapture
SetTimer
GetSystemMetrics
PeekMessageW
GetGuiResources
EnableMenuItem
AppendMenuW
CreatePopupMenu
PostThreadMessageW
SetWindowsHookExW
GetMessageW
DispatchMessageW
UnhookWindowsHookEx
GetWindowTextW
FindWindowExW
WindowFromPoint
GetClassNameW
GetParent
CallNextHookEx
PostMessageW
GetAsyncKeyState
ToAscii
SendMessageW
GetWindowLongW
SetWindowLongW
SetForegroundWindow
SetWindowPos
SetWindowPlacement
GetWindowPlacement
EnableWindow
ShowCursor
EnumWindows
GetGUIThreadInfo
MessageBeep
ScreenToClient
GetDlgCtrlID
LoadImageW
GetDC
ReleaseDC
ReleaseCapture
PostQuitMessage
IntersectRect
SystemParametersInfoW
MsgWaitForMultipleObjects
WaitForInputIdle
FindWindowW
SendInput
UnpackDDElParam
IsWindowUnicode
ReuseDDElParam
GetDlgItem
GetClientRect
ChildWindowFromPoint

gdi32

SetTextColor
SetBkMode
GetStockObject
SetBkColor
ExtTextOutW
SetDIBits
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
GetDIBits
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetBkColor
CreateSolidBrush
DeleteObject
GetTextExtentPoint32W
CreateFontIndirectW
GetDeviceCaps

msimg32

AlphaBlend

winspool.drv

EnumJobsW
SetJobW
StartDocPrinterW
ord203
StartPagePrinter
EndDocPrinter
WritePrinter
EndPagePrinter
OpenPrinterW
ClosePrinter
ord204

advapi32

AdjustTokenPrivileges
OpenProcessToken
CryptDeriveKey
CryptSetKeyParam
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetUserNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
DeregisterEventSource
ReportEventW
LookupPrivilegeValueW
RegCloseKey

shell32

SHGetFolderPathW

comctl32

ord17

shlwapi

UrlCreateFromPathW

ole32

CoCreateInstance
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
OleSetClipboard

oleaut32

VariantCopy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType
SafeArrayPutElement
SafeArrayCreate

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

ws2_32

WSAStartup

gdiplus

GdiplusShutdown
GdipFree
GdipAlloc
GdiplusStartup
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdipDisposeImage

winmm

waveOutSetVolume
waveOutGetVolume

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

iphlpapi

GetAdaptersAddresses

msvcm80

?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z

mscoree

_CorExeMain

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 964KB - Virtual size: 962KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a487cb4ac2b5f96d6f6d517b8bdbb1e3

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

79:d4:0c:94:ac:c2:95:42:b9:af:45:3c:ad:47:85:c3Certificate

Extended Key Usages

Key Usages

a9:6e:ae:34:b5:14:77:51:86:d6:a3:e9:c4:34:88:d8:3f:bb:8e:a4Signer

Headers

File Characteristics

Imports

wininet

psapi

version

mfc80u

msvcr80

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

ws2_32

gdiplus

winmm

wtsapi32

iphlpapi

msvcm80

mscoree

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 248KB - Virtual size: 244KB

.data Size: 12KB - Virtual size: 39KB

.rsrc Size: 964KB - Virtual size: 962KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

79:d4:0c:94:ac:c2:95:42:b9:af:45:3c:ad:47:85:c3
Certificate

a9:6e:ae:34:b5:14:77:51:86:d6:a3:e9:c4:34:88:d8:3f:bb:8e:a4
Signer

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 248KB - Virtual size: 244KB

.data
Size: 12KB - Virtual size: 39KB

.rsrc
Size: 964KB - Virtual size: 962KB