pagedfrg[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pagedfrg.exe
Size

210KB
MD5

24898ba51cbaad01a046541cc0a8d26f
SHA1

301bb9951b3363c2a7d9fcd75830aace96afee9c
SHA256

19ce7dffdc417dc1ec126d9e1390f05f931b15ac5f67e8b528dfe55b6bfc3d38
SHA512

a492f1111aeac336e9a8cb981d148201205c6928788784027304d86e8579ff2f11104b35ca917b3058c9f52bf0b1522631a17f9c3f7915c94f882510bdc3c3c5
SSDEEP

1536:uhaJeqI4KNLGLY9NmE8zkt6KSdkmVnTA6uv6d3RXYI5/wRf5UyWaOVWcL21HaeF:AaJrLUMot6JZYFJ56VWY2cO

Score

1^/10

Malware Config

Signatures

Files

pagedfrg.exe
.exe windows:4 windows x86

bd450e46d8e9a796db50878d454ea94a

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

21:c6:2d:44:65:d6:c5:c9:b3:b6:44:70:1c:8a:a3:6d:64:53:58:da
Signer

Actual PE Digest

21:c6:2d:44:65:d6:c5:c9:b3:b6:44:70:1c:8a:a3:6d:64:53:58:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
CreateEventA
GetVersion
LocalFree
LoadLibraryA
LocalAlloc
LCMapStringA
GetStringTypeW
GetStringTypeA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
SetStdHandle
RtlUnwind
GetFileType
DeleteFileA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
WriteFile
ExitProcess
GetStartupInfoA
HeapAlloc
LCMapStringW
HeapFree
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
OpenProcess
GetCommandLineA
DeviceIoControl
DuplicateHandle
CreateThread
TerminateThread
SetEvent
WaitForSingleObject
GetDriveTypeA
GetProcAddress
GetModuleHandleA
SetLastError
CreateFileA
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentProcess
GetLastError
GetStdHandle
CloseHandle

user32

EndDialog
SendMessageA
SetWindowTextA
DialogBoxIndirectParamA
LoadIconA
RegisterClassExA
CreateDialogParamA
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
IsDlgButtonChecked
GetDlgItemTextA
WinHelpA
GetDlgItem
EnableWindow
SendDlgItemMessageA
InflateRect
CheckDlgButton
SetDlgItemTextA
LoadCursorA
GetWindowRect
GetClientRect
CreateWindowExA
SetWindowPos
ShowWindow
PostQuitMessage
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
DefWindowProcA
PostMessageA
MessageBoxA

gdi32

SetMapMode
StartDocA
StartPage
EndPage
EndDoc
GetStockObject
GetObjectA
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
GetDeviceCaps

comctl32

ord17

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegCreateKeyA

shell32

ShellExecuteA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd450e46d8e9a796db50878d454ea94a

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

21:c6:2d:44:65:d6:c5:c9:b3:b6:44:70:1c:8a:a3:6d:64:53:58:daSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

comdlg32

advapi32

shell32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 112KB - Virtual size: 253KB

.rsrc Size: 44KB - Virtual size: 40KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

21:c6:2d:44:65:d6:c5:c9:b3:b6:44:70:1c:8a:a3:6d:64:53:58:da
Signer

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 112KB - Virtual size: 253KB

.rsrc
Size: 44KB - Virtual size: 40KB