gozone_isync(1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

gozone_isync(1).exe
Size

426KB
MD5

71b0539711f25c5a9fcc50c7290a003f
SHA1

21f5da06eb0d753bfac59f8a1cca83b7a3a9bb08
SHA256

bff6b47d820c0dbbbcfb9ae437d43f46398bd70232df668effbad0e87e8552e6
SHA512

0228138f06e6a4984ea200b1901d4be7d8e3778ccc244ace52a357433b3b69aa913c1ca78e464c0e8d2c955454346767c154f7b2771ef3a8a0fdd1c4f1ea5dba
SSDEEP

6144:lftmaymDpeJzbF/s88iOHgKlDzpu3KiStZbNw3dVGLvATB/tOcl9s1Y9+C3EC:lfgayAeJ9/vq1xZCVyAThtOcXhUC

Score

1^/10

Malware Config

Signatures

Files

gozone_isync(1).exe
.exe windows:4 windows x86 arch:x86

dcfb397f1c2501a0f5708f4a3b1aa3f0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:4d:e9:f9:56:32:28:65:ed:5e:9d:1e:4f:e1:b1:03
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/03/2012, 00:00

Not After

02/03/2014, 23:59

Subject

CN=Virgin HealthMiles,OU=IT,O=Virgin HealthMiles,L=Framingham,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:98:fd:06:84:c6:bc:a6:42:43:bb:77:de:e9:f6:67:1e:e0:2d:69
Signer

Actual PE Digest

2b:98:fd:06:84:c6:bc:a6:42:43:bb:77:de:e9:f6:67:1e:e0:2d:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\vhm\DEV\GoZoneServer\GoZone_iSync\VLCiSync.root\VLCiSync\Virgin_iSync\PublicRelease\GoZone_iSync.pdb

Imports

kernel32

InterlockedIncrement
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapAlloc
GetTimeFormatA
GetDateFormatA
VirtualAlloc
HeapReAlloc
ExitThread
CreateThread
ExitProcess
FindFirstFileA
RtlUnwind
RaiseException
HeapSize
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetStartupInfoA
GetVolumeInformationA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleFileNameW
GetModuleHandleA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
FormatMessageA
LocalFree
MulDiv
DeviceIoControl
GetHandleInformation
GetShortPathNameA
lstrcmpA
CreateDirectoryA
QueryDosDeviceA
TerminateProcess
CreateProcessA
CopyFileA
GetFileAttributesA
GetTempFileNameA
RemoveDirectoryA
lstrcpynA
GetOverlappedResult
ReadFile
TerminateThread
GetVersion
CompareStringW
InterlockedExchange
CompareStringA
GetTimeZoneInformation
FreeLibrary
lstrlenA
SetLastError
OutputDebugStringA
GetCurrentProcessId
CreateFileA
SetUnhandledExceptionFilter
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
GetTempPathA
GetSystemTime
GetModuleFileNameA
ResetEvent
SetEvent
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
MultiByteToWideChar
GetCurrentThreadId
GetProcessHeap
HeapFree
GetVersionExA
WaitForSingleObject
CreateEventA
Sleep
GetProcAddress
GetTickCount
LoadLibraryA
FindResourceA
GetLastError
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CloseHandle
CreateSemaphoreA
GetCommandLineA
InterlockedDecrement

user32

ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCursor
GetMessageA
TranslateMessage
PostQuitMessage
RegisterClipboardFormatA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EnableWindow
GetAsyncKeyState
PtInRect
GetDlgCtrlID
DefWindowProcA
GetWindowLongA
SystemParametersInfoA
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
GetMenuState
BeginPaint
EndPaint
DestroyMenu
GetSysColorBrush
LoadCursorA
GetMenuItemCount
UnregisterClassA
PostThreadMessageA
DispatchMessageA
KillTimer
LoadIconA
UnregisterDeviceNotification
EnumChildWindows
IsIconic
GetSystemMetrics
GetDlgItem
DrawIcon
InvalidateRect
GetClientRect
GetWindowRect
GetClassNameA
SendMessageA
PostMessageA
RegisterDeviceNotificationA
SetTimer
IsWindow
SetWindowPos
IsWindowVisible
GetWindowThreadProcessId
GetDC
ReleaseDC
CopyRect
OffsetRect
GetCursorPos
WindowFromPoint
GetForegroundWindow
wsprintfA
CharUpperA
SetMenuDefaultItem
LoadMenuA
GetDesktopWindow
GetSubMenu
LoadImageA
GetMenuItemID
TrackPopupMenu
SetForegroundWindow
RegisterWindowMessageA
MessageBoxA
GetPropA
SetPropA
RemovePropA
SetWindowLongA
CallWindowProcA
ValidateRect

gdi32

DeleteDC
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
CreateFontA
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
GetTextExtentPoint32A
GetStockObject
PtVisible

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA
SHGetMalloc
SHGetSpecialFolderPathA
SHFileOperationA
Shell_NotifyIconA

comctl32

ord17

shlwapi

PathStripToRootA
StrTrimA
StrStrA
StrCmpNIA
PathAppendA
PathSkipRootA
PathRelativePathToA
PathRemoveFileSpecA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CreateStreamOnHGlobal
CoInitialize
OleRun
CoCreateInstance
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantInit
VariantClear
OleLoadPicture
VariantChangeType
SysAllocString
GetErrorInfo
SysFreeString

urlmon

CoInternetParseUrl

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

closesocket
select
WSAStartup
WSACleanup
WSAGetLastError
send
recv

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

hid

HidD_GetHidGuid
HidD_GetAttributes

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetCloseHandle
InternetAttemptConnect
InternetOpenUrlA
InternetSetCookieA
InternetSetOptionA
InternetReadFile

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcfb397f1c2501a0f5708f4a3b1aa3f0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

2e:4d:e9:f9:56:32:28:65:ed:5e:9d:1e:4f:e1:b1:03Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2b:98:fd:06:84:c6:bc:a6:42:43:bb:77:de:e9:f6:67:1e:e0:2d:69Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

version

wsock32

rpcrt4

hid

setupapi

wininet

Sections

.text Size: 284KB - Virtual size: 283KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 40KB - Virtual size: 36KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

2e:4d:e9:f9:56:32:28:65:ed:5e:9d:1e:4f:e1:b1:03
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2b:98:fd:06:84:c6:bc:a6:42:43:bb:77:de:e9:f6:67:1e:e0:2d:69
Signer

.text
Size: 284KB - Virtual size: 283KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 40KB - Virtual size: 36KB