cluedodownload[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cluedodownload.exe
Size

24.9MB
MD5

97bca7e3f811aac256e4f11e521d58b6
SHA1

b7785cf513b37c1059eea3f6c324896099d8fcd4
SHA256

68d890e7ebd1a88027388e081450d843b48f00122b35d89060c0041d51f4efa6
SHA512

4106845ae4f9e21b24b6c7c254ae412dda7ea50f7e07229a1526f352bb049901edf14600cbcbd3c83d48bfa949d32fc91a0ccd323553b1dca5dbbfe926d1b7f0
SSDEEP

786432:7YIFP8lK4pkBq8NvckVgLsOQAKbc54Jj1GuCOVhV:71J8lZilc4gIZA5451GuCUV

Score

1^/10

Malware Config

Signatures

Files

cluedodownload.exe
.exe windows:4 windows x86 arch:x86

be136d3fd9c692fe5ed1f1af67833fcf

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

5a:6b:a5:d0:c7:14:ef:1e:e3:d9:7b:ea:52:1a:32:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/03/2006, 00:00

Not After

20/05/2009, 23:59

Subject

CN=Zylom Media Group B.V.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Zylom Games,O=Zylom Media Group B.V.,L=Eindhoven,ST=Noord-Brabant,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathW

wininet

InternetConnectA
InternetOpenA
InternetAttemptConnect
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetGetConnectedState

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
lstrcmpiA
lstrlenW
lstrlenA
GetModuleFileNameA
GetVolumeInformationA
DeleteFileA
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
CloseHandle
Process32First
CreateToolhelp32Snapshot
ExitProcess
CreateProcessA
SetCurrentDirectoryA
ReadFile
GetFileSize
WriteFile
SetFileAttributesA
CreateFileA
GetTempFileNameA
CreateThread
InterlockedIncrement
InterlockedDecrement
CompareStringA
CompareStringW
MulDiv
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
GetModuleHandleA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
GetCurrentThreadId
CopyFileA
GetFullPathNameA
GetTempPathA
GetStringTypeW
GetProcAddress
LoadLibraryA
SetFilePointer
SetEndOfFile
LeaveCriticalSection
SetEvent
CreateEventA
CreateDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetFullPathNameW
GetTickCount
Sleep
GetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
GetStringTypeA
GetOEMCP
GetTimeZoneInformation
SetStdHandle
GetStdHandle
SetHandleCount
HeapSize
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetStartupInfoA
GetDateFormatA
GetTimeFormatA
GetFileType
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
GetUserDefaultLCID
EnterCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
WaitForSingleObject
InterlockedExchange
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
LocalFree
SetEnvironmentVariableA

user32

GetWindowPlacement
IsWindowVisible
SetWindowPlacement
GetMessageA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
GetWindowTextLengthA
SetWindowLongA
GetWindowLongA
MessageBoxA
wsprintfA
PostMessageA
UnregisterClassA
GetSystemMetrics
ShowWindow
MoveWindow
GetDlgItem
GetKeyState
DefWindowProcA
GetSysColor
GetWindowTextA
SetWindowTextA
RegisterClassExA
GetClassInfoExA
LoadCursorA
CreateWindowExA
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
SetWindowPos
RedrawWindow
GetWindowRect
PeekMessageA
SystemParametersInfoA
WaitForInputIdle
IsWindow
SendMessageA
DestroyAcceleratorTable
GetFocus
IsChild
GetWindow
SetFocus
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetCapture
ReleaseCapture
DestroyWindow

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
SelectObject

advapi32

FreeSid
RegQueryValueExA
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegSetValueExW
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
AllocateAndInitializeSid

shell32

ExtractIconA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
CoInitialize
CoCreateGuid
CoUninitialize
CoSetProxyBlanket
OleInitialize

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
OleCreateFontIndirect

shlwapi

SHDeleteKeyA
SHDeleteEmptyKeyA
SHDeleteKeyW

Sections

.text
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be136d3fd9c692fe5ed1f1af67833fcf

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

5a:6b:a5:d0:c7:14:ef:1e:e3:d9:7b:ea:52:1a:32:21Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shfolder

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 240KB - Virtual size: 236KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 1020KB

.rsrc Size: 28KB - Virtual size: 24KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

5a:6b:a5:d0:c7:14:ef:1e:e3:d9:7b:ea:52:1a:32:21
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

.text
Size: 240KB - Virtual size: 236KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 1020KB

.rsrc
Size: 28KB - Virtual size: 24KB