ServiceModelReg[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ServiceModelReg.exe
Size

216KB
MD5

2f03fabc62e03f5e9bc4e1f2838d5e74
SHA1

39bd6e3469312aa04874d0d170662b995b34617e
SHA256

37f6336417636037c029572e51105ff7dfff3b9033948f3c303c817b35cc32a3
SHA512

0099e464f7a3b14b1559e347c0f0b2ff10a246abcd8d040b7d648761a14060beb34131c7eb8c64ac5297e50be5a6cfb2e72595fea0de4b372213afdc2ac7a9c3
SSDEEP

3072:C1XLhX+lyZcAoCi67gbwZG9p7kddIIMIJ24NEV6DtHb5reWhAwh0HzEmo73:YVX5ZrouvZGAdIIekDV6weTo73

Score

1^/10

Malware Config

Signatures

Files

ServiceModelReg.exe
.exe windows:6 windows x86

26ba5e98e3d3fd48d60ad89ff894a8be

Code Sign

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:d0:9b:5c:6b:71:62:60:d1:bc:4f:35:d4:0f:8f:a3:ce:22:50:5e:1b:ee:7b:a9:d5:f0:45:62:85:57:8e:e9
Signer

Actual PE Digest

65:d0:9b:5c:6b:71:62:60:d1:bc:4f:35:d4:0f:8f:a3:ce:22:50:5e:1b:ee:7b:a9:d5:f0:45:62:85:57:8e:e9

Digest Algorithm

sha256

PE Digest Matches

true

e9:e6:c4:10:05:50:0c:e5:c4:8d:f9:6b:af:4e:b2:a1:2b:46:ae:8b
Signer

Actual PE Digest

e9:e6:c4:10:05:50:0c:e5:c4:8d:f9:6b:af:4e:b2:a1:2b:46:ae:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
OpenSCManagerA
OpenServiceW
QueryServiceStatus
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
EnumDependentServicesW
ControlService
CreateServiceW
DeleteService
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
ChangeServiceConfig2W
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetServiceObjectSecurity
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExW
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegQueryValueExW
RegEnumKeyW

kernel32

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetSystemTime
GetTempPathW
CreateFileW
Sleep
WriteFile
LoadLibraryW
GetProcAddress
FreeLibrary
GetLocaleInfoW
SetThreadUILanguage
GetUserDefaultLCID
GetSystemDefaultLCID
ConvertDefaultLocale
HeapSize
GetFileAttributesW
LoadLibraryExW
CloseHandle
GetCurrentProcess
LocalFree
GetModuleHandleA
lstrcmpiA
IsDBCSLeadByte
WideCharToMultiByte
LeaveCriticalSection
RaiseException
EnterCriticalSection
FindResourceA
LoadLibraryExA
GetModuleFileNameA
InitializeCriticalSectionEx
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
IsWow64Process
GetVersionExW
GetSystemDirectoryW
CreateProcessW
WaitForSingleObject
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
lstrlenW
GetEnvironmentVariableW
DecodePointer
ReadFile
FlushFileBuffers
SetStdHandle
LCMapStringW
SetFilePointerEx
GetConsoleCP
OutputDebugStringW
RtlUnwind
GetStringTypeW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
HeapDestroy
MultiByteToWideChar
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
EncodePointer
GetFileAttributesExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ReadConsoleW

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysStringLen
VarUI4FromStr
GetErrorInfo
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen

user32

CharNextA
LoadStringW

httpapi

HttpSetServiceConfiguration
HttpDeleteServiceConfiguration
HttpTerminate
HttpQueryServiceConfiguration
HttpInitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26ba5e98e3d3fd48d60ad89ff894a8be

Code Sign

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

65:d0:9b:5c:6b:71:62:60:d1:bc:4f:35:d4:0f:8f:a3:ce:22:50:5e:1b:ee:7b:a9:d5:f0:45:62:85:57:8e:e9Signer

e9:e6:c4:10:05:50:0c:e5:c4:8d:f9:6b:af:4e:b2:a1:2b:46:ae:8bSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

httpapi

version

Sections

.text Size: 179KB - Virtual size: 179KB

.data Size: 5KB - Virtual size: 13KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

65:d0:9b:5c:6b:71:62:60:d1:bc:4f:35:d4:0f:8f:a3:ce:22:50:5e:1b:ee:7b:a9:d5:f0:45:62:85:57:8e:e9
Signer

e9:e6:c4:10:05:50:0c:e5:c4:8d:f9:6b:af:4e:b2:a1:2b:46:ae:8b
Signer

.text
Size: 179KB - Virtual size: 179KB

.data
Size: 5KB - Virtual size: 13KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB