SecuriteInfo[.]com[.]BScope[.]Trojan[.]Occamy[.]26357[.]5637[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.BScope.Trojan.Occamy.26357.5637.exe
Size

2.2MB
MD5

7958bd80dc4090750d26225070bc2e11
SHA1

9af946c8c962240fbb2449ec83485b77215d4db8
SHA256

c3a0685e511cbe40ba729b0e396862ecc14003289fde5001f2842ccfb9363c02
SHA512

6d446b0c193d69fc52dc8c3c2b0aa388f96f7cb8fbdd6f5ffe237fa53c19d0bcc173f3802a3b8b71b78a4049dc065c3f662463ed430e6baac79b6560948d4a17
SSDEEP

49152:qn7l8makU2z0uRiFXHE28w8U/lvzNdH2z+U18p/TktIww7E:Zv2o8iZE28w8UHdWSbs

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.BScope.Trojan.Occamy.26357.5637.exe
.exe windows:5 windows x86 arch:x86

c90deed7bdd4db4791b39481c8dc5bef

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:54:79:ee:6b:81:a1
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/02/2014, 21:28

Not After

03/02/2016, 21:28

Subject

CN=iScan Online\, Inc.,O=iScan Online\, Inc.,L=Plano,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:5e:62:01:31:e4:bb:80:99:f3:dc:d9:7d:11:4d:91:18:e4:34:ea
Signer

Actual PE Digest

39:5e:62:01:31:e4:bb:80:99:f3:dc:d9:7d:11:4d:91:18:e4:34:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
MultiByteToWideChar
FormatMessageA
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleA
Sleep
HeapFree
GetProcessHeap
ReleaseSemaphore
TlsAlloc
TlsFree
TlsGetValue
SetWaitableTimer
GetCurrentThreadId
GetCurrentProcessId
OpenEventA
ResetEvent
TlsSetValue
HeapAlloc
ResumeThread
GetLogicalProcessorInformation
SystemTimeToFileTime
WaitForMultipleObjectsEx
CreateWaitableTimerA
GetVersionExA
GetEnvironmentVariableA
GetNativeSystemInfo
GetWindowsDirectoryA
GetTempPathA
GetCurrentProcess
SetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
WaitForSingleObject
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetVersion
QueryPerformanceCounter
GlobalMemoryStatus
FindNextFileA
FindFirstFileA
FindClose
FlushConsoleInputBuffer
SetUnhandledExceptionFilter
GetProcessId
VirtualQueryEx
CreateFileW
InterlockedDecrement
TerminateThread
RtlCaptureContext
LoadLibraryW
CreateThread
CreateSemaphoreW
InterlockedIncrement
GetThreadContext
SuspendThread
OpenThread
WaitNamedPipeW
DuplicateHandle
lstrcpyW
TransactNamedPipe
SetNamedPipeHandleState
UnregisterWait
ConnectNamedPipe
GetOverlappedResult
DisconnectNamedPipe
ReleaseMutex
UnregisterWaitEx
FileTimeToSystemTime
CreateNamedPipeW
CreateEventW
CreateMutexW
GetProcessTimes
OpenProcess
ReadProcessMemory
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
HeapSetInformation
DeleteFileA
CreateDirectoryA
ExitThread
HeapReAlloc
GetFileInformationByHandle
SetFilePointer
GetDriveTypeA
FindFirstFileExA
SetFileAttributesA
GetFileAttributesA
CreateFileA
GetModuleHandleW
ExitProcess
GetTimeZoneInformation
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCPInfo
LCMapStringW
IsProcessorFeaturePresent
GetModuleFileNameW
GetLocaleInfoW
HeapCreate
HeapDestroy
GetCurrentThread
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
FatalAppExitA
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEndOfFile
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
lstrcmpA
LocalAlloc
LocalFree
LoadLibraryA
GetProcAddress
RegisterWaitForSingleObject
GetLastError
SetConsoleCtrlHandler
FreeLibrary
SetEvent
WaitForSingleObjectEx
GetSystemInfo
CloseHandle
WriteFile
CreateEventA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertGetNameStringA
CryptDecodeObject
CertFreeCertificateContext

user32

GetProcessWindowStation
MessageBoxW
GetDesktopWindow
MessageBoxA
GetSystemMetrics
GetUserObjectInformationW

gdi32

CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps

wldap32

ord32
ord30
ord26
ord50
ord35
ord143
ord211
ord22
ord60
ord79
ord41
ord27
ord301
ord33
ord46
ord200

ws2_32

setsockopt
getsockname
ntohs
bind
htons
recv
getpeername
closesocket
socket
connect
WSASetLastError
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket
shutdown
WSAStartup
gethostname
WSAGetLastError
gethostbyname
WSACleanup
inet_ntoa
getsockopt
send

netapi32

NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetIfEntry
GetIpAddrTable

psapi

GetProcessMemoryInfo

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c90deed7bdd4db4791b39481c8dc5bef

Code Sign

1b:e7:15Certificate

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

04:54:79:ee:6b:81:a1Certificate

Extended Key Usages

Key Usages

39:5e:62:01:31:e4:bb:80:99:f3:dc:d9:7d:11:4d:91:18:e4:34:eaSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

wintrust

crypt32

user32

gdi32

wldap32

ws2_32

netapi32

iphlpapi

psapi

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 361KB - Virtual size: 361KB

.data Size: 52KB - Virtual size: 70KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: 1024B - Virtual size: 514B

.rsrc Size: 1024B - Virtual size: 948B

.reloc Size: 71KB - Virtual size: 70KB

1b:e7:15
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

07
Certificate

04:54:79:ee:6b:81:a1
Certificate

39:5e:62:01:31:e4:bb:80:99:f3:dc:d9:7d:11:4d:91:18:e4:34:ea
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 361KB - Virtual size: 361KB

.data
Size: 52KB - Virtual size: 70KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: 1024B - Virtual size: 514B

.rsrc
Size: 1024B - Virtual size: 948B

.reloc
Size: 71KB - Virtual size: 70KB