SecuriteInfo[.]com[.]W32[.]Chindo[.]ABGE[.]tr[.]dldr[.]5847[.]13776[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.W32.Chindo.ABGE.tr.dldr.5847.13776.exe
Size

1.0MB
MD5

8d390c6bd60451e09f972e3981f11864
SHA1

4740ced1564fa524b35b57c9bd8aa8a5de0bf6ba
SHA256

2d8d362f803f98e2fbfdc3b47bbce5e27b7ebb784e3db12e688eb1f577ea4d4b
SHA512

882d9069b7346d68782988d9497f85b62f0f87fdb699087f66944eea36729486f441ab6354b51a8afeb0ece31b7a476e7b12856d074d7bf79d2b0a0b7464d8ed
SSDEEP

24576:o4tLZr4LiB7owL/2JhtuSgMuFVnERrpff5+z0:o4tLZXNoXJTIVHER9ffMz0

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.W32.Chindo.ABGE.tr.dldr.5847.13776.exe
.exe windows:4 windows x86 arch:x86

992799489abdfa2b4523ac8406f98fe7

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
Process32FirstW
CreateEventW
Process32NextW
GetDiskFreeSpaceExW
DeleteFileW
GetCurrentProcess
MulDiv
lstrcmpW
FlushInstructionCache
SetLastError
WideCharToMultiByte
lstrlenA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
SetThreadAffinityMask
FileTimeToSystemTime
WaitForMultipleObjectsEx
ResetEvent
SetFilePointer
SetEndOfFile
SystemTimeToTzSpecificLocalTime
CreateDirectoryW
WriteFile
CopyFileW
FlushFileBuffers
MoveFileW
RemoveDirectoryW
GetFileAttributesExW
GetPrivateProfileIntA
InterlockedExchange
WritePrivateProfileStringA
FormatMessageA
GetCommandLineA
GetSystemDirectoryW
GetVolumeInformationA
GetSystemDirectoryA
GetModuleFileNameA
OutputDebugStringA
LocalFree
GetExitCodeThread
GetLocalTime
CreateFileA
ReadFileEx
CancelIo
GetUserDefaultLCID
VirtualFree
VirtualAlloc
GetOEMCP
GlobalFree
DeviceIoControl
FlushViewOfFile
GetOverlappedResult
lstrcmpA
LocalAlloc
FileTimeToLocalFileTime
lstrcpyW
WritePrivateProfileStringW
OpenMutexW
GetDriveTypeW
GetLogicalDrives
GetVersionExW
GetTempPathW
SetCurrentDirectoryW
GetCurrentThread
CompareStringA
SetStdHandle
GetPrivateProfileStringA
GlobalUnlock
CreateFileW
ReadFile
GetFileAttributesW
GlobalAlloc
GetPrivateProfileStringW
GetTickCount
SetEvent
GlobalLock
SetErrorMode
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
GetModuleHandleA
GetSystemInfo
ExitThread
CreateThread
GetTimeFormatA
GetDateFormatA
GetStartupInfoW
RtlUnwind
ExitProcess
LCMapStringA
LCMapStringW
WriteConsoleW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
GetStdHandle
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetFileSize
ResumeThread
SuspendThread
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
CreateToolhelp32Snapshot
lstrcmpiW
CreateFileMappingW
OpenThread
EnterCriticalSection
GetLastError
RaiseException
lstrlenW
GetConsoleOutputCP
GetModuleFileNameW
Thread32Next
IsBadWritePtr
LeaveCriticalSection
LoadLibraryW
Thread32First
InitializeCriticalSection
GetProcessHeap
WaitForSingleObject
HeapFree
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
SetUnhandledExceptionFilter
HeapAlloc
CreateProcessW
FreeLibrary
VirtualQuery
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
LockResource
MultiByteToWideChar
SizeofResource
GetModuleHandleW
LoadResource
FindResourceW
FindResourceExW
SetEnvironmentVariableA
CreateMutexW
CompareStringW

user32

PostThreadMessageW
KillTimer
PostQuitMessage
ClientToScreen
DialogBoxParamW
UnregisterClassA
DestroyWindow
GetWindowTextLengthW
EndDialog
DestroyAcceleratorTable
ScreenToClient
RegisterWindowMessageW
IsChild
SetCapture
GetFocus
GetParent
InvalidateRgn
CreateAcceleratorTableW
SetFocus
GetClassInfoExW
GetDC
GetClassNameW
ReleaseDC
GetDlgItem
RedrawWindow
GetDesktopWindow
SetWindowPos
GetCursorPos
IsWindow
ReleaseCapture
SetWindowTextW
CallWindowProcW
GetWindow
MoveWindow
EndPaint
SetWindowRgn
SetTimer
FillRect
PostMessageW
TrackMouseEvent
LoadCursorW
GetClientRect
BeginPaint
wsprintfW
GetForegroundWindow
RegisterClassExW
LoadIconW
InvalidateRect
GetWindowLongW
GetWindowTextW
SetWindowLongW
ShowWindow
CreateWindowExW
GetSystemMetrics
SendMessageW
UpdateWindow
DefWindowProcW
GetMessageW
CharNextW
TranslateMessage
DispatchMessageW
GetSysColor

gdi32

DeleteDC
CreateDIBSection
StretchBlt
SetDIBColorTable
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetDIBColorTable
GetObjectW
CreateRoundRectRgn
CreatePen
BitBlt
CreateSolidBrush
GetDeviceCaps
TextOutW
GetTextExtentPointW
SetBkMode
SetTextColor
SetTextCharacterExtra
GetStockObject

advapi32

BuildExplicitAccessWithNameW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHFileOperationW
ShellExecuteW
SHBrowseForFolderW

ole32

CoGetClassObject
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromString
StringFromCLSID
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString
DispCallFunc
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VarUI4FromStr

shlwapi

PathIsDirectoryW
PathFileExistsW
PathFileExistsA

ws2_32

htonl
ntohl
gethostbyname
inet_ntoa
WSACleanup
ntohs
closesocket
socket
sendto
inet_addr
WSAStartup
setsockopt
htons
getsockname
getsockopt
send
__WSAFDIsSet
bind
WSAAsyncSelect
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAIoctl
recvfrom
WSAEventSelect
WSAWaitForMultipleEvents
ioctlsocket
connect
select
WSAGetLastError
recv

gdiplus

GdiplusShutdown
GdipFree
GdipGetImageHeight
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipDrawImageI
GdipAlloc
GdipDisposeImage
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdiplusStartup

msimg32

TransparentBlt
AlphaBlend

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetSetCookieW
InternetSetOptionW

crypt32

CryptDecodeObject
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

992799489abdfa2b4523ac8406f98fe7

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

gdiplus

msimg32

iphlpapi

version

wininet

crypt32

Sections

.text Size: 516KB - Virtual size: 515KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 44KB - Virtual size: 98KB

.rsrc Size: 376KB - Virtual size: 375KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

.text
Size: 516KB - Virtual size: 515KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 44KB - Virtual size: 98KB

.rsrc
Size: 376KB - Virtual size: 375KB