ytai_ytareg_setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ytai_ytareg_setup.exe
Size

1.2MB
MD5

f9092a47c8e3b49ae282a8b4e97d5599
SHA1

40a356948e61bb3ae708fb6c2bf3790a32726f7c
SHA256

feddd4b415a234770ebf02d1e756039c4717a22ff6ba37b04e9b2af74c6fa80a
SHA512

776c5d694d176bfbfe4c1f513d1746bf89b5e1767766b6c1c86ab2f7cb74155ac712d3cab1cc31efe2d2db63cbf666129acdd0d57a17fdf267d6ea2922ac0359
SSDEEP

24576:SuAnlRp52AWY6LFtsm+818XRA2DPakTVm2hBQ+NyJUgIJAAxNfVIK:NApDWY6LFtsn81kRrDPakTV3hBjNyJ7G

Score

1^/10

Malware Config

Signatures

Files

ytai_ytareg_setup.exe
.exe windows:5 windows x86 arch:x86

8c43b3b1a30626e092de6db127d4f903

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:0b:25:dd:e5:7b:88:63:6a:d4:d9:7d:23:b9:9c:88
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

02/05/2013, 00:00

Not After

02/05/2015, 23:59

Subject

CN=Goobzo LTD,O=Goobzo LTD,L=Haifa,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:a2:92:1f:3d:73:0b:8e:de:d5:44:56:f3:7d:07:e2:fa:76:86:14
Signer

Actual PE Digest

b9:a2:92:1f:3d:73:0b:8e:de:d5:44:56:f3:7d:07:e2:fa:76:86:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
OpenEventW
GetTempPathW
GetFileAttributesW
CreateDirectoryW
GetVersionExW
GetLocalTime
SystemTimeToFileTime
GetModuleFileNameW
CreateMutexW
OpenFileMappingW
SetErrorMode
GetExitCodeProcess
OpenMutexW
WideCharToMultiByte
CopyFileW
GetProcAddress
GetSystemInfo
GetLocaleInfoW
GetTimeZoneInformation
GlobalMemoryStatusEx
IsWow64Process
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TerminateProcess
WaitForSingleObjectEx
FindResourceW
SizeofResource
LoadResource
LockResource
FreeLibrary
LoadLibraryW
SetFilePointer
WriteFile
InitializeCriticalSection
CreateFileW
DeviceIoControl
SetEndOfFile
lstrcmpiW
LoadLibraryExW
FlushInstructionCache
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileSize
FlushFileBuffers
GetFileType
GetEnvironmentVariableW
GetSystemDirectoryW
OutputDebugStringW
MoveFileExW
lstrcpyW
GetTickCount
GetFileAttributesExW
GetTempFileNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
SystemTimeToTzSpecificLocalTime
GlobalFree
GlobalAlloc
lstrlenA
DebugBreak
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleW
SetStdHandle
ReadConsoleW
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineW
HeapReAlloc
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EncodePointer
GetStringTypeW
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
IsDebuggerPresent
MulDiv
GetModuleHandleW
DuplicateHandle
GetCurrentProcess
CreateThread
ExitThread
InterlockedIncrement
InterlockedDecrement
SetEnvironmentVariableW
SetThreadPriority
TerminateThread
ResetEvent
CreateEventW
LocalAlloc
FileTimeToSystemTime
lstrcmpA
GetCurrentProcessId
GetCurrentThreadId
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
DecodePointer
RaiseException
ReadFile
InitializeCriticalSectionAndSpinCount
CreateProcessW
LocalFree
FormatMessageW
GetLastError
GetComputerNameW
lstrlenW
SetLastError
MultiByteToWideChar
OpenProcess
Sleep
Thread32Next
Thread32First
InterlockedExchange
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot

user32

FindWindowExW
GetWindowTextW
EnumChildWindows
GetWindowLongW
PostMessageW
SendMessageTimeoutW
GetClassNameW
FindWindowW
GetParent
DdeInitializeW
IsWindowVisible
LoadImageW
DialogBoxParamW
DdeDisconnect
GetWindow
wsprintfW
UnregisterClassW
DdeCreateStringHandleW
DdeConnect
DdeUninitialize
DdeClientTransaction
DdeGetData
GetWindowThreadProcessId
ScreenToClient
MessageBoxW
EnumThreadWindows
MoveWindow
GetDlgItem
SendMessageW
SetWindowTextW
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
LoadIconW
DdeFreeStringHandle
ShowWindow
SetTimer
SetForegroundWindow
GetDC
DestroyWindow
DefWindowProcW
GetActiveWindow
CharNextW
EnableWindow
CreateDialogParamW
InvalidateRect
IsWindow
GetDesktopWindow
GetKeyboardLayoutList
GetSystemMetrics
EndDialog
GetMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
IsDialogMessageW
SetWindowLongW
LoadStringW
GetDlgCtrlID
ReleaseDC

ws2_32

WSAStartup
WSAGetLastError
WSACleanup
closesocket
socket
getaddrinfo
htons
connect
send

gdi32

CreateFontW
CreateSolidBrush
SetBkMode
GetDeviceCaps
SetLayout
GetStockObject

oleacc

AccessibleChildren
AccessibleObjectFromWindow

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountNameW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetSecurityDescriptorSacl
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegEnumValueW
RegNotifyChangeKeyValue
RegDeleteValueW

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
ord680

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
VarUI4FromStr

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgGetParam
CryptDecodeObject
CryptMsgClose
CryptQueryObject
CertGetNameStringW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rpcrt4

UuidToStringA
RpcStringFreeA

wininet

HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetOptionW
HttpSendRequestW
InternetGetLastResponseInfoW
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestExW
InternetOpenW
HttpEndRequestW
InternetCloseHandle
InternetWriteFile
HttpOpenRequestW

Sections

.text
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c43b3b1a30626e092de6db127d4f903

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

12:0b:25:dd:e5:7b:88:63:6a:d4:d9:7d:23:b9:9c:88Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

b9:a2:92:1f:3d:73:0b:8e:de:d5:44:56:f3:7d:07:e2:fa:76:86:14Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

gdi32

oleacc

advapi32

shell32

ole32

oleaut32

comctl32

psapi

crypt32

version

rpcrt4

wininet

Sections

.text Size: 631KB - Virtual size: 631KB

.rdata Size: 221KB - Virtual size: 220KB

.data Size: 13KB - Virtual size: 23KB

.rsrc Size: 262KB - Virtual size: 262KB

.reloc Size: 42KB - Virtual size: 41KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

12:0b:25:dd:e5:7b:88:63:6a:d4:d9:7d:23:b9:9c:88
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

b9:a2:92:1f:3d:73:0b:8e:de:d5:44:56:f3:7d:07:e2:fa:76:86:14
Signer

.text
Size: 631KB - Virtual size: 631KB

.rdata
Size: 221KB - Virtual size: 220KB

.data
Size: 13KB - Virtual size: 23KB

.rsrc
Size: 262KB - Virtual size: 262KB

.reloc
Size: 42KB - Virtual size: 41KB