SecuriteInfo[.]com[.]Trojan[.]Siggen17[.]35688[.]9477[.]7627[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Siggen17.35688.9477.7627.exe
Size

1.7MB
MD5

702b63d3eb93cfd393dbc7f5359a9940
SHA1

3533be0ee443c84b2ddb66b39a9597209a6f0f97
SHA256

f4cbb54e6a5970d9e63f345a24546262e478941ccb673919e1ce43fed75a8bb1
SHA512

5778d06ec14c5806d1370629612d890aa9e19a5a368de6c826ad87cd42b0b712f1d8c9b18ecbcabc249dc77906d178c6b98d3814b57ca1ea379b5a110ebe0656
SSDEEP

49152:h55NuxHrnToReT+vPEYE5drWXm216k4c2SRyiUMBWht:L5IxHr8Ru+vPZkdy1Fx2SRyiUMBWr

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Trojan.Siggen17.35688.9477.7627.exe
.exe windows:4 windows x86 arch:x86

750c11ea2b916c5e2e39128ffe1d6a60

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/04/2021, 00:00

Not After

20/04/2022, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:89:40:17:6e:a5:01:5d:1d:a4:fb:7c:51:c1:ca:47:64:01:f9:35:8f:ef:75:08:c8:b3:a5:c0:87:c2:b9:3a
Signer

Actual PE Digest

93:89:40:17:6e:a5:01:5d:1d:a4:fb:7c:51:c1:ca:47:64:01:f9:35:8f:ef:75:08:c8:b3:a5:c0:87:c2:b9:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine_git\kisengine_git\product\win32\dbginfo\kinstuiofficial.pdb

Imports

kernel32

ProcessIdToSessionId
InterlockedCompareExchange
GetSystemInfo
CopyFileW
GetTempFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
FlushFileBuffers
GetSystemTimeAsFileTime
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
GetUserDefaultLangID
GetComputerNameA
GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
lstrcpyW
lstrcatW
SetFileAttributesW
DeviceIoControl
CreateFileA
LoadLibraryA
ExpandEnvironmentStringsW
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
CreateProcessW
GetSystemTime
SetUnhandledExceptionFilter
FormatMessageA
ExpandEnvironmentStringsA
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
GetModuleHandleA
VirtualProtect
GetFileType
SetStdHandle
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
LocalAlloc
OpenProcess
GetSystemDirectoryW
RemoveDirectoryW
FindClose
GetTickCount
GetFileAttributesW
SetEndOfFile
WriteFile
CreateDirectoryW
SetFilePointer
GetCurrentThread
SetThreadPriority
InterlockedIncrement
MapViewOfFileEx
DeleteCriticalSection
lstrcmpiW
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryExW
GlobalFree
InterlockedDecrement
MapViewOfFile
CreateFileMappingW
CreateThread
UnmapViewOfFile
TerminateThread
Sleep
WaitForSingleObject
GetDiskFreeSpaceExW
GetDriveTypeW
MoveFileExW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
GetProcAddress
FindResourceW
FlushInstructionCache
GetPrivateProfileIntW
WideCharToMultiByte
lstrlenW
FreeLibrary
LoadLibraryW
GetCurrentThreadId
FreeResource
OutputDebugStringW
GetLocalTime
GetModuleFileNameW
InterlockedExchange
CreateFileW
GetLastError
GetFileSize
LeaveCriticalSection
RaiseException
ReadFile
GetWindowsDirectoryW
GetPrivateProfileStringW
EnterCriticalSection
InitializeCriticalSection
CloseHandle
SetLastError
lstrlenA
GetVersionExW
FindResourceExW
GetCurrentProcess
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
SleepEx
FindFirstFileA

user32

CharNextW
LoadBitmapW
FindWindowExW
UpdateWindow
BringWindowToTop
LoadCursorW
SetCursor
ScreenToClient
GetCursorPos
CopyRect
IsRectEmpty
RegisterClassExW
ReleaseCapture
SetWindowTextW
UnregisterClassA
SetCapture
CharUpperW
SetRectEmpty
MapWindowPoints
GetClientRect
GetWindowTextW
SetTimer
KillTimer
UpdateLayeredWindow
SetWindowLongW
EqualRect
MoveWindow
DrawIconEx
FindWindowW
IntersectRect
CharLowerW
GetActiveWindow
WindowFromPoint
GetDesktopWindow
GetScrollPos
GetDlgCtrlID
IsWindowEnabled
RegisterWindowMessageW
DrawFrameControl
EnableWindow
PostMessageW
GetFocus
SetRect
GetWindowThreadProcessId
IsChild
GetForegroundWindow
SetFocus
BeginPaint
DefWindowProcW
SystemParametersInfoW
GetParent
SetWindowPos
IsDialogMessageW
DestroyIcon
DestroyWindow
AttachThreadInput
IsWindow
CallWindowProcW
EndPaint
InvalidateRect
IsWindowVisible
PtInRect
SetActiveWindow
CreateWindowExW
SetForegroundWindow
PostThreadMessageW
GetDlgItem
GetDC
GetNextDlgTabItem
PeekMessageW
ReleaseDC
InflateRect
LoadImageW
ClientToScreen
GetWindow
GetMessageW
GetWindowRect
TranslateMessage
MonitorFromWindow
LoadIconW
OffsetRect
GetWindowLongW
DispatchMessageW
GetMonitorInfoW
DrawTextW
SendMessageW
GetKeyState
GetClassInfoExW
GetSystemMetrics
GetWindowTextLengthW
SetWindowRgn
ShowWindow

gdi32

ExtSelectClipRgn
GetObjectW
GetStockObject
CombineRgn
LineTo
CreateCompatibleDC
CreateRectRgn
RectInRegion
GetCurrentObject
GetViewportOrgEx
CreateRoundRectRgn
DeleteDC
SaveDC
Rectangle
OffsetRgn
SetBkMode
MoveToEx
RestoreDC
CreateRectRgnIndirect
SelectClipRgn
SetTextColor
CreatePen
SelectObject
GetDeviceCaps
StretchBlt
SetViewportOrgEx
CreateBitmap
DeleteObject
GetTextColor
CreateCompatibleBitmap
CreateFontIndirectW
BitBlt
GetClipRgn
GetTextExtentPoint32W
RoundRect
SetBkColor
ExtTextOutW
SetStretchBltMode
GetTextMetricsW
CreateFontW
CreateDIBSection
TextOutW

advapi32

RegOpenKeyW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

PathFileExistsW
PathAppendW
PathFindExtensionW
PathFindFileNameW
PathAddBackslashW
StrToIntW
PathRemoveFileSpecW
StrToIntA

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipGetImagePixelFormat
GdipDrawImagePointsRectI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipLoadImageFromStream
GdipCloneBitmapArea
GdipImageRotateFlip
GdipAlloc
GdipDisposeImage
GdipTranslateWorldTransform
GdipCreateBitmapFromStream
GdipFree
GdiplusShutdown
GdipDeleteFont
GdipSetPixelOffsetMode
GdipRotateWorldTransform
GdipDrawLine
GdipDrawImageRectRect
GdipGetImageGraphicsContext
GdiplusStartup
GdipLoadImageFromFile
GdipGetFontCollectionFamilyCount
GdipFillRectangleI
GdipDeleteFontFamily
GdipGetImageHeight
GdipGetFontCollectionFamilyList
GdipGetFamily
GdipResetWorldTransform
GdipSetSmoothingMode
GdipCloneFontFamily
GdipGetImageWidth
GdipSetInterpolationMode
GdipDrawString
GdipAddPathRectangleI
GdipSetPenStartCap
GdipAddPathStringI
GdipDrawImageRectI
GdipSetPenEndCap
GdipGetFontSize
GdipCreateSolidFill
GdipFillPath
GdipDeletePen
GdipDeleteGraphics
GdipCreateStringFormat
GdipGraphicsClear
GdipCreatePen1
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipDrawImageI
GdipCloneBrush
GdipAddPathPieI
GdipSetStringFormatAlign
GdipCreateFont
GdipDeleteBrush
GdipMeasureString
GdipSetCompositingQuality
GdipCreateImageAttributes
GdipCreateFontFromLogfontW
GdipDisposeImageAttributes
GdipSetClipPath
GdipDrawPath
GdipSetStringFormatLineAlign
GdipFillRectangle
GdipClosePathFigure
GdipSetStringFormatFlags
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipAddPathArcI
GdipNewPrivateFontCollection
GdipSetStringFormatTrimming
GdipSetPenDashStyle
GdipDeletePath
GdipDeletePrivateFontCollection
GdipCloneImage
GdipCreatePath
GdipCreateBitmapFromScan0
GdipPrivateAddFontFile
GdipDrawRectangleI
GdipCreateLineBrushI
GdipDrawLinesI
GdipSetPenMode

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetAdaptersInfo

Sections

.text
Size: 764KB - Virtual size: 762KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 672KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

750c11ea2b916c5e2e39128ffe1d6a60

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:ebCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

93:89:40:17:6e:a5:01:5d:1d:a4:fb:7c:51:c1:ca:47:64:01:f9:35:8f:ef:75:08:c8:b3:a5:c0:87:c2:b9:3aSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wtsapi32

psapi

rasapi32

iphlpapi

Sections

.text Size: 764KB - Virtual size: 762KB

.rdata Size: 160KB - Virtual size: 158KB

.data Size: 28KB - Virtual size: 46KB

.rsrc Size: 672KB - Virtual size: 669KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

93:89:40:17:6e:a5:01:5d:1d:a4:fb:7c:51:c1:ca:47:64:01:f9:35:8f:ef:75:08:c8:b3:a5:c0:87:c2:b9:3a
Signer

.text
Size: 764KB - Virtual size: 762KB

.rdata
Size: 160KB - Virtual size: 158KB

.data
Size: 28KB - Virtual size: 46KB

.rsrc
Size: 672KB - Virtual size: 669KB