SecuriteInfo[.]com[.]Trojan[.]Rootkit[.]9133[.]5010[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Rootkit.9133.5010.exe
Size

624KB
MD5

8b57e89138fe59d41116ab3ce47a626e
SHA1

e5da878d658dbd4e2fd8beb07921f2627de2e00d
SHA256

c4c2ca012053be383007f96446064ec028fc77582b4d3a97f620b13cf19bb01b
SHA512

0411249ab0f559796d4ff70978ff6ea0838bb2ce049d3e4b338a39f5079fce462c31546032b3e5e17e56aba309bc6d4c5217d98c961c2ed8ad3346aaf07a23f8
SSDEEP

6144:5DOdQZstPf/k2OGD2CFKYOpjg3OjUAUG:5aWstPEG2CFKpnUA

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Trojan.Rootkit.9133.5010.exe
.exe windows:4 windows x86 arch:x86

2d751ee9b26b126aac9dd871118f7b63

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e5:3c:90:ff:0f:75:f5:b9:76:0b:dc:cd:91:d1:a2:84:1d:41:5c:85
Signer

Actual PE Digest

e5:3c:90:ff:0f:75:f5:b9:76:0b:dc:cd:91:d1:a2:84:1d:41:5c:85

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

comctl32

InitCommonControlsEx

common

?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?TrimRight@CTXStringW@@QAEAAV1@PB_W@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@_WABV0@@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
??0CTXStringW@@QAE@PA_W@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??1CTXStringW@@QAE@XZ
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?OnExitCoreCenter@Misc@Util@@YAXXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
??BCTXStringW@@QBEPB_WXZ

gf

?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z

kernel32

CreateFileMappingW
HeapAlloc
GlobalLock
MapViewOfFile
HeapFree
GlobalAlloc
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
UnmapViewOfFile
EnterCriticalSection
GetCurrentProcess
AllocConsole
LeaveCriticalSection
RaiseException
GetModuleFileNameW
GetModuleHandleW
SetLastError
CloseHandle
lstrcmpW
GetLastError
WaitForSingleObject
SetUnhandledExceptionFilter
GetEnvironmentVariableW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
SetEnvironmentVariableW
HeapCreate
InterlockedIncrement
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
GetProcessHeap
InterlockedCompareExchange
lstrlenW
MulDiv
CreateMutexW
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateFileW
GetCommandLineW
LocalFree
InterlockedDecrement
ReleaseMutex
lstrcpynW
FlushInstructionCache
GlobalUnlock

user32

ReleaseCapture
GetClassNameW
SetCapture
GetWindowTextLengthW
SetTimer
GetClassInfoExW
SendMessageW
GetKeyState
PostMessageW
LoadCursorW
RegisterWindowMessageW
RegisterClassExW
DefWindowProcW
CreateWindowExW
UnregisterClassA
SetParent
FindWindowExW
InSendMessage
ShowWindow
TrackMouseEvent
GetPropW
RemovePropW
SetPropW
GetParent
PostQuitMessage
SetWindowPos
GetSysColor
BeginPaint
GetWindowTextW
IsChild
GetWindowLongW
DestroyWindow
SetWindowTextW
GetClientRect
GetFocus
IsWindow
CharNextW
SetFocus
InvalidateRgn
DestroyAcceleratorTable
GetWindow
CreateAcceleratorTableW
KillTimer
PeekMessageW
FillRect
MessageBoxW
GetDesktopWindow
DispatchMessageW
InvalidateRect
TranslateMessage
RedrawWindow
SetWindowLongW
GetMessageW
EndPaint
GetDlgItem
CallWindowProcW
ClientToScreen
GetDC
ScreenToClient
ReleaseDC
MoveWindow
PostThreadMessageW

gdi32

CreateCompatibleBitmap
GetStockObject
CreateCompatibleDC
GetObjectW
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps

advapi32

RegQueryValueW
RegCloseKey
RegOpenKeyExW

shell32

CommandLineToArgvW

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CLSIDFromString
CoUninitialize
CoGetClassObject
CoInitializeEx
OleLockRunning
OleInitialize
CLSIDFromProgID
CoInitialize
CoCreateInstance

oleaut32

OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
GetErrorInfo

livelog

?DOLOG@@YAXPB_WZZ
?GetAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?IsDoLog@@YAHXZ

shlwapi

PathFileExistsW

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbghelp

MiniDumpWriteDump

msvcr80

malloc
setlocale
_purecall
__iob_func
freopen
_recalloc
wcsrchr
_wctime64_s
_time64
wcschr
wcsstr
memset
_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
memmove_s
free
_vscwprintf
memcpy_s
??_V@YAXPAX@Z
vswprintf_s
ldiv
?what@exception@std@@UBEPBDXZ
swprintf_s
??0exception@std@@QAE@ABV01@@Z
memcpy
_invalid_parameter_noinfo
_wtoi64
??3@YAXPAX@Z
_amsg_exit
__wgetmainargs
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_cexit

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d751ee9b26b126aac9dd871118f7b63

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

e5:3c:90:ff:0f:75:f5:b9:76:0b:dc:cd:91:d1:a2:84:1d:41:5c:85Signer

Headers

File Characteristics

PDB Paths

Imports

comctl32

common

gf

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

livelog

shlwapi

msvcp80

version

dbghelp

msvcr80

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

e5:3c:90:ff:0f:75:f5:b9:76:0b:dc:cd:91:d1:a2:84:1d:41:5c:85
Signer

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB