autoruns[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

autoruns.exe
Size

333KB
MD5

ef0a8318e9aaff7c047792a67d682c89
SHA1

b10fe2f1abb3e6d84cde269f837f910fc04f4a6e
SHA256

67584c7a2ae4abca03b96682c8e5871d9e05ee1ccebb482a8f3ab216eee001f7
SHA512

eb98b024f9fcad0de35af2d9dafe41fe0b0cf33cdd20109a805baeece6a5f54ebe2b62e254845269d40384d94d445ff7cc684defe76ca073f406ae984dd028ad
SSDEEP

6144:QSR5rsqEllx+RdVKxMqVUZesek4oZO6eR7f:1RRs55+RnKxMqVkeDHlzf

Score

1^/10

Malware Config

Signatures

Files

autoruns.exe
.exe windows:4 windows x86 arch:x86

a3aa5b4d019f15f2aa49e69845317b82

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:f3:a1:53:89:75:05:b5:aa:4a:c3:36:7e:43:09:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/01/2005, 00:00

Not After

28/01/2006, 23:59

Subject

CN=Sysinternals,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=Sysinternals,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Remove
CreateToolbarEx
ord17
ImageList_Draw

ws2_32

WSCDeinstallProvider
WSCGetProviderPath
WSCEnumProtocols
WSAStartup

kernel32

SetFileAttributesA
CreateDirectoryA
GetProfileStringA
WritePrivateProfileStringA
WriteProfileStringA
GetPrivateProfileStringA
DeleteFileA
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
Sleep
OpenProcess
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
ExitThread
InterlockedIncrement
GetModuleFileNameA
InterlockedDecrement
CreateSemaphoreA
InitializeCriticalSection
TlsAlloc
SearchPathA
FindClose
FindNextFileA
FindFirstFileA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
InterlockedExchange
MoveFileA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
WriteFile
HeapSize
TerminateProcess
ExitProcess
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
TlsFree
GetCurrentThreadId
RaiseException
GetVersionExA
GetCommandLineA
GetStartupInfoA
CreateThread
ResumeThread
HeapReAlloc
HeapFree
HeapAlloc
RtlUnwind
RemoveDirectoryA
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetStdHandle
FlushFileBuffers
GetDateFormatA
GetTimeFormatA
GetFileAttributesA
GetVersion
GetModuleHandleA
LocalAlloc
lstrcmpA
LocalFree
FormatMessageA
MulDiv
lstrcpyA
lstrlenA
lstrcatA
GetTickCount
CreateFileA
ReadFile
SetFilePointer
WideCharToMultiByte
GetWindowsDirectoryA
ExpandEnvironmentStringsA
TlsSetValue
LoadLibraryA
GetProcAddress
GetLocaleInfoA
GetNumberFormatA
GetCurrentProcess
GetLastError
CloseHandle
TlsGetValue
QueryPerformanceCounter
GetCurrentProcessId
SetEndOfFile
GetFileType
GetSystemTimeAsFileTime

user32

CreateDialogParamA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DrawMenuBar
LoadStringA
PostQuitMessage
InvalidateRgn
DialogBoxParamA
RegisterClassExA
MapWindowPoints
ModifyMenuA
GetSysColorBrush
ChildWindowFromPoint
GetPropA
GetClassNameA
DeferWindowPos
BeginDeferWindowPos
EnumChildWindows
EndDeferWindowPos
OffsetRect
UnionRect
BeginPaint
LoadImageA
RegisterWindowMessageA
ReleaseCapture
DrawFrameControl
EndPaint
SetPropA
GetWindowLongA
SetWindowLongA
EnableWindow
EndDialog
TrackPopupMenu
EnableMenuItem
DeleteMenu
GetSubMenu
InsertMenuA
SetDlgItemTextA
EnumDisplaySettingsA
FindWindowA
GetWindowThreadProcessId
SetForegroundWindow
FindWindowExA
WaitForInputIdle
CloseClipboard
OpenClipboard
EmptyClipboard
SetClipboardData
GetMenu
CheckMenuItem
SetWindowTextA
DestroyIcon
LoadIconA
SetWindowPos
GetWindowRect
IsIconic
IsZoomed
GetDlgItem
SetTimer
GetParent
GetCursorPos
CreateWindowExA
CallWindowProcA
GetSysColor
GetClientRect
GetSystemMetrics
IntersectRect
InvalidateRect
GetFocus
GetDC
DrawTextA
ReleaseDC
MoveWindow
ShowWindow
ClientToScreen
ScreenToClient
DestroyWindow
DefWindowProcA
MessageBoxA
PostMessageA
SetFocus
LoadCursorA
SetCursor
SendMessageA
PtInRect

gdi32

SetBkMode
SelectObject
SetTextColor
GetTextMetricsA
CreateSolidBrush
GetTextExtentPoint32A
ExtTextOutA
DeleteDC
CreateFontIndirectA
GetDeviceCaps
CreateCompatibleDC
GetObjectA
GetStockObject
DeleteObject
SetBkColor

comdlg32

FindTextA
GetOpenFileNameA
GetSaveFileNameA
ChooseFontA

advapi32

RegOpenKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegEnumKeyA
RegQueryValueA
GetTokenInformation
LookupAccountSidA
EqualSid
FreeSid
AllocateAndInitializeSid
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegDeleteKeyA
RegUnLoadKeyA
RegLoadKeyA

shell32

ShellExecuteA
SHGetFileInfoA
ShellExecuteExA

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3aa5b4d019f15f2aa49e69845317b82

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

2f:f3:a1:53:89:75:05:b5:aa:4a:c3:36:7e:43:09:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 188KB - Virtual size: 186KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 88KB - Virtual size: 87KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

2f:f3:a1:53:89:75:05:b5:aa:4a:c3:36:7e:43:09:c7
Certificate

.text
Size: 188KB - Virtual size: 186KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 88KB - Virtual size: 87KB