SecuriteInfo[.]com[.]Trojan[.]DownLoader25[.]39664[.]26529[.]5230

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.DownLoader25.39664.26529.5230
Size

1.1MB
MD5

d9ba2307dca552fc4208e86f72911d62
SHA1

491b2c9f6981f905494c93519b7acdc97dc6acf0
SHA256

16c01453dcdb1edd72cd50ca118ceb02ac2a3e6389d5c7005ef9a28ce5e50097
SHA512

42bc110debc46acbdce5286abed41c16a7a0b69eb4a5b7eef2a6a4a614f440c311f8e438fec6312b292fc8b365079aad0baf9ccead65b7eb94b2acb949a9479b
SSDEEP

12288:VYms52lqW25iK8sTqm+8GDoocqjZj+bXCTsLeibMDCS+gScO:K52lqW25iK8sP+8eh4STGbMDx+6O

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Trojan.DownLoader25.39664.26529.5230
.exe windows:5 windows x86 arch:x86

e531cf8bdfadab553ebba38fca97280d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:14:f2:cf:6d:87:1e:01:9a:b0:8d:5c:a4:85:46:57
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/10/2016, 00:00

Not After

25/10/2019, 23:59

Subject

SERIALNUMBER=3780902,CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130953616e204d6174656f,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:2d:4c:e7:25:2c:89:63:41:32:f2:2f:e2:49:0c:77:ce:f9:5a:78
Signer

Actual PE Digest

82:2d:4c:e7:25:2c:89:63:41:32:f2:2f:e2:49:0c:77:ce:f9:5a:78

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\work\Trunk2012\Client\Installer\BootstrapperClient\bin\Release\RobloxPlayerLauncher.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetTempPathW
DeleteFileW
GetVersionExW
GetSystemTime
lstrcmpW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
InterlockedDecrement
ReleaseMutex
CreateMutexW
SetEvent
ResetEvent
SetEndOfFile
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointer
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetOEMCP
GetACP
IsValidCodePage
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
ReadFile
LoadLibraryExW
ExitThread
CreateThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
RtlUnwind
OpenEventW
CreateEventW
CloseHandle
GetStringTypeW
DecodePointer
EncodePointer
GetLastError
CreateEventA
FormatMessageA
LocalFree
CreateSemaphoreA
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
DeleteCriticalSection
ReleaseSemaphore
InterlockedIncrement
lstrlenW
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
DuplicateHandle
LoadLibraryW
FreeLibrary
CreateProcessW
RaiseException
TerminateProcess
GetTickCount
GetUserGeoID
GetGeoInfoW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
Sleep
GetLocalTime
OpenProcess
CreateDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetDiskFreeSpaceExW
SetFileAttributesW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetShortPathNameW
FormatMessageW
CreateFileW
GetFileAttributesW
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
InterlockedExchange
InterlockedExchangeAdd
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
SetLastError
TlsGetValue
TlsSetValue
TlsFree
GetFileAttributesExW
GetFileSizeEx
MulDiv
SystemTimeToFileTime
OpenEventA
GetCurrentProcessId
CreateWaitableTimerW
ResumeThread
WaitForSingleObjectEx
GetExitCodeProcess
lstrcpyW
lstrcatW
WriteFile
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
HeapDestroy
HeapReAlloc
HeapSize

user32

LoadBitmapW
InvalidateRect
SetWindowLongW
CallWindowProcW
GetParent
GetWindowRect
CreateWindowExW
DefWindowProcW
SendMessageW
GetWindowLongW
AllowSetForegroundWindow
CharNextW
CharUpperW
MessageBoxA
ShowWindow
ReleaseDC
SetWindowTextW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
SetFocus
SetWindowPos
MessageBoxW
PostThreadMessageW
GetWindowThreadProcessId
EnumWindows
GetDlgItem
GetWindowTextW
BeginPaint
FillRect
EndPaint
LoadIconW
RegisterClassW
GetSystemMetrics
GetDC
PostQuitMessage
SetTimer
KillTimer
DestroyWindow
EnableWindow
IsWindowVisible
SetForegroundWindow
PostMessageW

gdi32

Rectangle
SelectObject
CreatePen
GetDeviceCaps
SetTextColor
CreateSolidBrush
DeleteObject
SetBkMode
CreateFontW
GetStockObject

advapi32

GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
GetSidSubAuthority
CheckTokenMembership
DuplicateToken
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
IsValidSid
GetLengthSid
CopySid
OpenProcessToken
OpenThreadToken
GetSidLengthRequired
InitializeSid
RegSetValueExW
RegCreateKeyExW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegFlushKey

shell32

ShellExecuteW
SHGetFolderPathAndSubDirW
ShellExecuteExW

ole32

CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
StringFromGUID2

oleaut32

VariantClear
VariantInit
RegisterTypeLi
SysAllocString
SysFreeString

shlwapi

PathAddBackslashW
StrCpyW
StrStrW
SHDeleteKeyW
StrCmpNW
PathFileExistsW
StrCmpW
StrDupW
StrRChrW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

sensapi

IsNetworkAlive

userenv

UnloadUserProfile

ws2_32

select
WSARecv
WSASend
ioctlsocket
setsockopt
WSAGetLastError
getaddrinfo
freeaddrinfo
connect
getsockopt
socket
htons
sendto
gethostbyname
WSASetLastError
WSAStartup
WSACleanup
closesocket
WSASocketW

wininet

InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetOptionW
HttpSendRequestW
InternetCloseHandle
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetReadFile
InternetQueryDataAvailable
InternetOpenW

comctl32

InitCommonControlsEx
_TrackMouseEvent

psapi

GetProcessImageFileNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e531cf8bdfadab553ebba38fca97280d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

07:14:f2:cf:6d:87:1e:01:9a:b0:8d:5c:a4:85:46:57Certificate

Extended Key Usages

Key Usages

82:2d:4c:e7:25:2c:89:63:41:32:f2:2f:e2:49:0c:77:ce:f9:5a:78Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

sensapi

userenv

ws2_32

wininet

comctl32

psapi

iphlpapi

Sections

.text Size: 434KB - Virtual size: 433KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 39KB - Virtual size: 48KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 388KB - Virtual size: 388KB

.reloc Size: 62KB - Virtual size: 62KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

07:14:f2:cf:6d:87:1e:01:9a:b0:8d:5c:a4:85:46:57
Certificate

82:2d:4c:e7:25:2c:89:63:41:32:f2:2f:e2:49:0c:77:ce:f9:5a:78
Signer

.text
Size: 434KB - Virtual size: 433KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 39KB - Virtual size: 48KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 388KB - Virtual size: 388KB

.reloc
Size: 62KB - Virtual size: 62KB