winpatrolremove[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

winpatrolremove.exe
Size

588KB
MD5

35b92e93f4cb5a26d82146ad4cbb0cfc
SHA1

c94516971b7c4cd27c8d35899ce550871c15ac44
SHA256

ce76b9b516ae2dc17d3d7f98aff82e6d2fb83302ae022b728015133224130587
SHA512

2d2cc41bdd622006f9b2a85f6763955812733b7576b631fe81efd301534db0505d568d0427859c1f6e66f71df236dd166ca0e0b2b1cb1325ea3cd20470e0c97d
SSDEEP

12288:SGt1kr54VSEijCajitmzysowNZECv6nWRT:SGt254VSxjjitmzys3TECj

Score

1^/10

Malware Config

Signatures

Files

winpatrolremove.exe
.exe windows:5 windows x86 arch:x86

202143909a226dd5ed487851ba43bc07

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:98:85:5d:8f:38:19:c2:e1:8d:e5:a6:5f:7a:d3:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/05/2011, 00:00

Not After

09/06/2012, 23:59

Subject

CN=BillP Studios,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BillP Studios,L=Scotia,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BillP Studios\WinPatrol Professional\WinPatrol Admin\Release\WinPatrol Admin.pdb

Imports

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses

comctl32

PropertySheetA
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ord17
ord6

winmm

PlaySoundA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

kernel32

LoadLibraryA
GetVersionExA
GetFileSize
OpenFile
MoveFileExA
GlobalLock
_lclose
GetTickCount
GlobalAlloc
GetFileAttributesA
FileTimeToSystemTime
ReadFile
GetSystemDirectoryA
GetEnvironmentVariableA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
GetLastError
RemoveDirectoryA
SetFileAttributesA
GlobalFree
WritePrivateProfileStringA
GetProfileStringA
GetModuleFileNameA
GetFileTime
FileTimeToLocalFileTime
DeleteFileA
GetExitCodeProcess
TerminateProcess
GetTempPathA
MoveFileA
SetFilePointer
GlobalMemoryStatus
lstrcatA
GetPrivateProfileStringA
SetErrorMode
Sleep
ExpandEnvironmentStringsA
WriteProfileStringA
WideCharToMultiByte
lstrcmpiA
SearchPathA
MultiByteToWideChar
CopyFileA
GetCurrentProcess
GetModuleHandleA
GetConsoleCP
WriteFile
GetProcAddress
LeaveCriticalSection
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
ExitProcess
LCMapStringW
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetConsoleMode
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
HeapReAlloc
SetStdHandle
WriteConsoleW
HeapSize
CreateFileW
CreateFileA
FindNextFileA
FindClose
FindFirstFileA
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
CloseHandle
lstrcpyA
EnterCriticalSection
GetLocalTime
GetWindowsDirectoryA
WinExec
CreateProcessA
FlushFileBuffers

user32

IsWindowEnabled
GetClientRect
ChildWindowFromPoint
GetWindowTextA
GetPropA
GetWindowLongA
DestroyWindow
PostQuitMessage
LoadBitmapA
DrawTextA
GetClassNameA
GetWindowThreadProcessId
SetWindowLongA
LoadCursorA
wsprintfA
SetCursor
SetDlgItemTextA
MessageBoxExA
DialogBoxParamA
CreateWindowExA
DefWindowProcA
RegisterClassA
GetDlgItemInt
GetWindowRect
MapDialogRect
SendDlgItemMessageA
LoadIconA
RemovePropA
FindWindowExA
SetFocus
GetDC
SetPropA
TrackPopupMenuEx
BringWindowToTop
ReleaseDC
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
AppendMenuA
IsWindow
DeferWindowPos
BeginDeferWindowPos
UpdateWindow
EnableWindow
CallWindowProcA
GetDlgItemTextA
EndDeferWindowPos
GetSystemMetrics
SendMessageA
GetDlgItem
InvalidateRect
PostMessageA
LoadStringA
SetForegroundWindow
EndDialog
SetWindowTextA
FindWindowA
GetParent

gdi32

SetBkMode
SelectObject
CreateFontA
GetStockObject
GetDeviceCaps
SetTextColor

comdlg32

GetOpenFileNameA

advapi32

RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
GetUserNameA
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus
OpenSCManagerA
ControlService
QueryServiceStatusEx
GetServiceDisplayNameA
GetServiceKeyNameA
RegEnumValueA
RegQueryInfoKeyA

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA
ExtractIconA

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

202143909a226dd5ed487851ba43bc07

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

1c:98:85:5d:8f:38:19:c2:e1:8d:e5:a6:5f:7a:d3:fbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

comctl32

winmm

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 213KB - Virtual size: 213KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 6KB - Virtual size: 52KB

.rsrc Size: 306KB - Virtual size: 305KB

.reloc Size: 17KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

1c:98:85:5d:8f:38:19:c2:e1:8d:e5:a6:5f:7a:d3:fb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 213KB - Virtual size: 213KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 6KB - Virtual size: 52KB

.rsrc
Size: 306KB - Virtual size: 305KB

.reloc
Size: 17KB - Virtual size: 16KB