SecuriteInfo[.]com[.]W32[.]Trojan[.]FVU[.]gen[.]Eldorado[.]27605[.]3450[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.W32.Trojan.FVU.gen.Eldorado.27605.3450.exe
Size

1.3MB
MD5

400d1f698ba8ffd9062e2aee410bff71
SHA1

602f8079c298bd895a1e390900b3601f03570301
SHA256

cfea61ef61bdd4fec2807ee3eb3aaeb265f5a4dced40d24604c4ba5466adfaf2
SHA512

978904e48ce9b58b1404391ffa5cc129db50eaa7f650ff656f8fe4501eab764dd1b9d8a44516cf3cbc8fde2f8405c5c4eeea16c8cea753261087e8e6f0f38bd7
SSDEEP

24576:MJsacY/fFuthFyidYeIbQNJWA/TqhhoNyB5J:MJsEEkidysNJWA2jocB5J

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.W32.Trojan.FVU.gen.Eldorado.27605.3450.exe
.exe windows:5 windows x86 arch:x86

0c2582cf99530c3b683ef2ce636f80e1

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

55:e7:34:f7:6f:bb:81:4a:65:62:4a:62:20:30:f3:b5:49:47:43:3f
Signer

Actual PE Digest

55:e7:34:f7:6f:bb:81:4a:65:62:4a:62:20:30:f3:b5:49:47:43:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\tk\Fun Player\Rel2.8.6\src\toolkits\bin\Release\风行视频加速器.pdb

Imports

gdiplus

GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipFree
GdipCreateLineBrushI
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusStartup
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFileICM
GdipDeleteFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipResetClip
GdipEndContainer
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipBeginContainer2
GdipSetClipRect
GdiplusShutdown
GdipCreateBitmapFromFile

kernel32

GetTickCount
WaitForSingleObject
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThreadId
InterlockedExchange
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleExA
ResetEvent
CreateEventW
GetNativeSystemInfo
CreateProcessW
GetCurrentProcess
Sleep
TerminateProcess
GetTempPathW
SetLastError
GetProcAddress
GetFileAttributesExW
DeleteFileW
WriteFile
InterlockedDecrement
GetCurrentProcessId
CreateFileW
FlushFileBuffers
GetVersionExW
ReadFile
GetFileSize
SetFilePointer
LoadLibraryW
GetCurrentDirectoryW
GetACP
FreeResource
ExitProcess
DosDateTimeToFileTime
SystemTimeToFileTime
GetFileType
DuplicateHandle
MulDiv
GetLocalTime
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize
InterlockedIncrement
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
HeapSetInformation
GetStartupInfoW
MoveFileW
GetCommandLineW
MultiByteToWideChar
FormatMessageA
LocalFree
GetTimeZoneInformation
ExitThread
CreateThread
RtlUnwind
LCMapStringW
GetCPInfo
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CreateMutexW
SetEvent
CloseHandle
CreateEventA
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
SetHandleCount
GetConsoleCP
GetConsoleMode
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
OpenEventA

user32

GetMonitorInfoW
IsIconic
wvsprintfW
InflateRect
OffsetRect
PtInRect
GetFocus
GetCursorPos
ScreenToClient
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetKeyState
GetPropW
SetPropW
CallWindowProcW
GetClassInfoExW
LoadImageW
SetFocus
GetWindow
MonitorFromWindow
GetWindowRect
IntersectRect
GetSystemMetrics
SetTimer
UnregisterClassW
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
SetCapture
SetWindowRgn
IsZoomed
CharNextW
CreateCaret
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
PostMessageW
SendMessageW
UpdateLayeredWindow
GetWindowDC
ReleaseDC
GetDC
InvalidateRect
DefWindowProcW
GetWindowLongW
GetSysColor
DrawIconEx
DestroyIcon
FillRect
DrawTextW
SetRect
CharPrevW
GetWindowTextLengthW
GetWindowTextW
SetWindowLongW
SystemParametersInfoW
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassW
LoadIconW
SetCursor
LoadCursorW
MoveWindow
BringWindowToTop
SetWindowPos
GetClientRect
EnableWindow
GetParent
PostQuitMessage
ShowWindow
SetWindowTextW
MessageBoxW
ReleaseCapture

gdi32

CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
SetBkMode
ExtTextOutW
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetObjectA
SetBkColor
SetStretchBltMode
StretchBlt
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
GetDeviceCaps
CreateRoundRectRgn
GetTextMetricsW
SetWindowOrgEx
Rectangle
RestoreDC
SaveDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
CreateDIBSection
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
SetTextColor
CreateCompatibleDC

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoCreateGuid
CreateStreamOnHGlobal

oleaut32

VariantClear

shlwapi

PathFileExistsW
SHGetValueW
SHSetValueW
PathRemoveFileSpecW
PathFindFileNameW

comctl32

ord17
_TrackMouseEvent

wininet

HttpQueryInfoA
InternetReadFile
InternetSetOptionA
HttpQueryInfoW
InternetGetConnectedState
InternetOpenUrlW
InternetOpenA
InternetCloseHandle

urlmon

UrlMkGetSessionOption

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c2582cf99530c3b683ef2ce636f80e1

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

55:e7:34:f7:6f:bb:81:4a:65:62:4a:62:20:30:f3:b5:49:47:43:3fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

urlmon

version

Sections

.text Size: 620KB - Virtual size: 620KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 28KB - Virtual size: 39KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 516KB - Virtual size: 515KB

.reloc Size: 62KB - Virtual size: 61KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

55:e7:34:f7:6f:bb:81:4a:65:62:4a:62:20:30:f3:b5:49:47:43:3f
Signer

.text
Size: 620KB - Virtual size: 620KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 28KB - Virtual size: 39KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 516KB - Virtual size: 515KB

.reloc
Size: 62KB - Virtual size: 61KB