SecuriteInfo[.]com[.]Trojan[.]Siggen16[.]43571[.]24558[.]29997[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Siggen16.43571.24558.29997.exe
Size

54.9MB
MD5

e445b0ee7d6793af5077cf82e42a7b2f
SHA1

318b0dfe18f9a359f0ec93e7b76459a9afc77129
SHA256

d96f17e47adecaaac39b45b412dc5ad640771a8b01eb69af8bf51d619f86d7da
SHA512

936db4603e81cee1a010fd385c810c07d6b5e7e1fef8496446b7f9f4015f16ecaf1dde6f6c4d78be56f33da0359354f0185670dc66aceb3a5d053a8e51472183
SSDEEP

1572864:O0ftYnxgQ4gRWTDqxvhnZ6uXGF7+SKd2rEeitB:9mxOLexJjStr8B

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Trojan.Siggen16.43571.24558.29997.exe
.exe windows:5 windows x86 arch:x86

1d7c6a6bf6e60e9e3d2eb632c6342fa6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:df:09:9e:8d:36:54:43:eb:18:42:b5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/08/2018, 09:38

Not After

27/08/2021, 09:38

Subject

CN=DVDFab Software Inc.,O=DVDFab Software Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:23:87:42:c3:a0:9c:1a:f6:fe:ba:d3:5a:db:5d:e1:e2:be:d5:6f
Signer

Actual PE Digest

92:23:87:42:c3:a0:9c:1a:f6:fe:ba:d3:5a:db:5d:e1:e2:be:d5:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\setup\Release\SetupProxyCommon.pdb

Imports

kernel32

CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
OutputDebugStringA
GetLastError
GetModuleFileNameA
CloseHandle
WriteConsoleW
SetStdHandle
TerminateProcess
Sleep
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
CreateDirectoryW
GetTempPathW
OutputDebugStringW
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
HeapSize
GetModuleHandleExW
ExitProcess
GetProcessHeap
LCMapStringW
GetModuleFileNameW
GetCommandLineW
GetStartupInfoW
TlsFree
GetStdHandle
VirtualAlloc
VirtualFree
GetModuleHandleA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSection
WriteFile
ReadFile
SetEndOfFile
LoadLibraryExW
GetConsoleMode
EncodePointer
DecodePointer
GetStringTypeW
HeapFree
HeapAlloc
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
HeapReAlloc
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue

user32

MessageBoxW

advapi32

RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW

shlwapi

PathAppendW
PathFileExistsW
StrChrW
StrCpyNW

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 800KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d7c6a6bf6e60e9e3d2eb632c6342fa6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

26:df:09:9e:8d:36:54:43:eb:18:42:b5Certificate

Extended Key Usages

Key Usages

92:23:87:42:c3:a0:9c:1a:f6:fe:ba:d3:5a:db:5d:e1:e2:be:d5:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 800KB - Virtual size: 800KB

.reloc Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

26:df:09:9e:8d:36:54:43:eb:18:42:b5
Certificate

92:23:87:42:c3:a0:9c:1a:f6:fe:ba:d3:5a:db:5d:e1:e2:be:d5:6f
Signer

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 800KB - Virtual size: 800KB

.reloc
Size: 7KB - Virtual size: 7KB