SecuriteInfo[.]com[.]Program[.]Unwanted[.]1364[.]7514[.]2623[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Program.Unwanted.1364.7514.2623.exe
Size

42.5MB
MD5

43ca1ea4a10e992c4c48085b8e8bc69b
SHA1

1d03a0d37d9be7ce703d034abea3e754e6ebc4b2
SHA256

fb95ac6e639e2e70bccf34921bd0ab868dc1abb8917ed56b28b73e02e2c96fe1
SHA512

71eeaf2f5e10c1d0135ce0bbe60e5f8b965bdc180eefeff99813af35bf9a493b4de1457506c51226c4d4d7007198ca58d07be1740a6f1a326a286c70f6e59f80
SSDEEP

786432:/gNsw3znhr1JaOo2FsVPPt8aEWJbxteXi0DwMdubhPTS9:/isyznhrc2Fslt8aXdQS0sP7S

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Program.Unwanted.1364.7514.2623.exe
.exe windows:5 windows x86 arch:x86

4e96b11dc774bb826232ae325fb1370a

Code Sign

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2015, 00:00

Not After

06/03/2017, 23:59

Subject

CN=AVANQUEST SOFTWARE,O=AVANQUEST SOFTWARE,L=Paris,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2015, 00:00

Not After

06/03/2017, 23:59

Subject

CN=AVANQUEST SOFTWARE,O=AVANQUEST SOFTWARE,L=Paris,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:ee:1c:75:09:8e:4a:59:a8:cc:0c:60:61:18:8c:07:4d:cb:c6:66:ab:83:4f:d1:92:9f:73:3d:20:2d:e5:4b
Signer

Actual PE Digest

55:ee:1c:75:09:8e:4a:59:a8:cc:0c:60:61:18:8c:07:4d:cb:c6:66:ab:83:4f:d1:92:9f:73:3d:20:2d:e5:4b

Digest Algorithm

sha256

PE Digest Matches

true

ed:d0:6f:1e:b6:95:85:34:e1:2a:7b:9e:73:a9:1d:f2:ac:b7:bc:fb
Signer

Actual PE Digest

ed:d0:6f:1e:b6:95:85:34:e1:2a:7b:9e:73:a9:1d:f2:ac:b7:bc:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Mes Documents\Visual Studio 2013\Projects\PackageSetup\Setup\Release_Unicode\Setup.pdb

Imports

kernel32

AddAtomW
GetAtomNameW
OpenProcess
SetLastError
GetPriorityClass
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
LockResource
GetVersion
GetExitCodeProcess
CreateMutexW
LoadLibraryExW
GetModuleFileNameW
GetPrivateProfileStructW
GetSystemDirectoryW
GetWindowsDirectoryW
RemoveDirectoryW
GetSystemDefaultLangID
GetShortPathNameW
MoveFileExW
GetLocalTime
GetModuleFileNameA
GetTimeFormatA
GetTimeFormatW
GlobalAlloc
GlobalHandle
GlobalFree
GetFileType
DuplicateHandle
GetFileSize
GetTempFileNameW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleW
LoadLibraryW
lstrlenW
lstrcatW
lstrcpyW
lstrcmpiW
FormatMessageW
GetTickCount
SetFilePointerEx
SetFilePointer
Sleep
GetVolumeInformationW
InitAtomTable
InterlockedIncrement
InterlockedDecrement
lstrlenA
IsBadWritePtr
IsBadReadPtr
CreateProcessW
DeleteAtom
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
WriteConsoleW
SetStdHandle
GetStdHandle
GetCurrentThreadId
GetCurrentThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetCommandLineW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwind
OutputDebugStringW
IsDebuggerPresent
GetStringTypeW
EncodePointer
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLangID
GetCurrentDirectoryW
GetCurrentProcess
LocalFree
LocalAlloc
GlobalUnlock
GlobalLock
GetProcAddress
FreeLibrary
CreateFileW
GetDiskFreeSpaceExW
FindResourceW
ReadFile
WriteFile
SizeofResource
LoadResource
FreeResource
WideCharToMultiByte
FindFirstFileA
DeleteFileA
SetFileAttributesA
CreateFileA
SetCurrentDirectoryW
GetComputerNameA
lstrcpynW
CompareFileTime
SystemTimeToFileTime
GetSystemTime
GetFileTime
MultiByteToWideChar
GetTempPathW
DecodePointer
GetFileSizeEx
FileTimeToSystemTime
TerminateProcess
WaitForSingleObject
GetExitCodeThread
CreateThread
GetLocaleInfoW
GetVersionExW
FindNextFileW
FindFirstFileW
GetFileAttributesW
GetFileAttributesA
SetFileAttributesW
CreateDirectoryW
SetEndOfFile
DosDateTimeToFileTime
LocalFileTimeToFileTime
CloseHandle
SetFileTime
FindClose
DeleteFileW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateDirectoryA
LoadLibraryExA

user32

GetDlgItem
EndDialog
DialogBoxParamW
ShowWindow
SendMessageW
GetDlgItemTextA
RegisterClassExW
KillTimer
LoadMenuW
DestroyMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
SetDlgItemTextA
DestroyIcon
SetDlgItemTextW
SendDlgItemMessageW
EnableWindow
SetWindowTextW
GetWindowLongW
SetWindowLongW
SetClassLongW
LoadImageW
RegisterWindowMessageW
wsprintfA
TranslateMessage
DispatchMessageW
PeekMessageW
AttachThreadInput
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
ExitWindowsEx
SendMessageA
FindWindowA
FindWindowW
GetDlgItemTextW
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
UpdateWindow
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
InvalidateRect
RedrawWindow
wsprintfW
EnumWindows
PostMessageW
LoadCursorW
PtInRect
MapWindowPoints
ScreenToClient
GetCursorPos
SetCursor
GetWindowTextLengthW
EndPaint
BeginPaint
IsWindowUnicode
GetDlgCtrlID
CallWindowProcW
DefWindowProcW
DefWindowProcA
GetTitleBarInfo
GetSystemMetrics
GetWindowTextW
IsDialogMessageW
TranslateAcceleratorW
CreateDialogParamW
PostQuitMessage
PostThreadMessageW
GetMessageW
SetFocus
GetMonitorInfoW
MonitorFromWindow
LoadStringW
GetWindowThreadProcessId
EnumChildWindows
GetParent
GetDesktopWindow
MessageBoxW
GetWindowRect
GetClientRect

gdi32

SetWindowOrgEx
TextOutW
GetObjectW
SetTextColor
SetBkMode
SelectObject
SelectClipRgn
SaveDC
RestoreDC
OffsetWindowOrgEx
GetTextColor
GetCurrentPositionEx
DeleteObject
CreateRectRgnIndirect
CreateFontIndirectW
AbortDoc
EndPage
StartPage
EndDoc
StartDocW
GetDeviceCaps
GetTextExtentPoint32W
GetCurrentObject

comdlg32

PrintDlgW

advapi32

RegOpenKeyExA
RegCloseKey
CheckTokenMembership
GetFileSecurityW
SetFileSecurityW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
GetLengthSid
FreeSid
AllocateAndInitializeSid
OpenProcessToken
SetEntriesInAclW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
QueryServiceStatusEx
StartServiceW
RegCreateKeyW
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExW
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddAccessAllowedAce
InitializeAcl
OpenThreadToken
ImpersonateSelf
RegCreateKeyExA

shell32

Shell_NotifyIconW
SHChangeNotify
ord43
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CoCreateGuid
CoCreateInstance
CoUninitialize
CoTaskMemFree
OleInitialize
OleUninitialize
CoInitialize

shlwapi

SHDeleteKeyW
PathIsFileSpecW
PathIsRelativeW
PathIsDirectoryW
PathAppendW
PathRemoveBackslashW
PathQuoteSpacesW
PathRemoveBlanksW
PathFindFileNameW
PathMatchSpecW
PathFindFileNameA
StrToIntExW
PathRemoveExtensionW
PathCanonicalizeW
PathFindOnPathW
PathUnquoteSpacesW
PathStripPathW
PathAddBackslashW
PathStripToRootW
PathRenameExtensionW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW
PathAddBackslashA
PathAppendA
PathCombineA
PathRemoveFileSpecA
PathStripPathA
PathFindExtensionW

comctl32

InitCommonControlsEx

wininet

InternetGetConnectedStateExW
InternetGetLastResponseInfoW
InternetOpenW
HttpOpenRequestA
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCrackUrlW
HttpSendRequestA
InternetErrorDlg
InternetCloseHandle
FtpFindFirstFileW
InternetGetConnectedState
InternetCheckConnectionW
HttpQueryInfoW
FtpGetFileSize
FtpOpenFileW
InternetReadFile
InternetSetFilePointer
InternetQueryDataAvailable

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

ws2_32

gethostname
WSAStartup
WSACleanup
inet_addr
gethostbyname
recvfrom
sendto
closesocket
setsockopt
WSASocketW
gethostbyaddr
WSAGetLastError

Sections

.text
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e96b11dc774bb826232ae325fb1370a

Code Sign

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

55:ee:1c:75:09:8e:4a:59:a8:cc:0c:60:61:18:8c:07:4d:cb:c6:66:ab:83:4f:d1:92:9f:73:3d:20:2d:e5:4bSigner

ed:d0:6f:1e:b6:95:85:34:e1:2a:7b:9e:73:a9:1d:f2:ac:b7:bc:fbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

wininet

version

setupapi

ws2_32

Sections

.text Size: 529KB - Virtual size: 529KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 11KB - Virtual size: 147KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 26KB - Virtual size: 26KB

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

55:ee:1c:75:09:8e:4a:59:a8:cc:0c:60:61:18:8c:07:4d:cb:c6:66:ab:83:4f:d1:92:9f:73:3d:20:2d:e5:4b
Signer

ed:d0:6f:1e:b6:95:85:34:e1:2a:7b:9e:73:a9:1d:f2:ac:b7:bc:fb
Signer

.text
Size: 529KB - Virtual size: 529KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 11KB - Virtual size: 147KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 26KB - Virtual size: 26KB