SecuriteInfo[.]com[.]Trojan[.]GenericKD[.]71684304[.]16295[.]10522[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.GenericKD.71684304.16295.10522.exe
Size

665KB
MD5

aaf125ee7b04dc0e7c66d1da2330f122
SHA1

9f7032c8401c83401722e17e7b8cc476bbef9984
SHA256

956fa1ef580707ecf305123f73211f1fe0160df0970060fe61ed3acd38ad44d5
SHA512

6951fbd6872b7b35841887a88c5c00ddab1b56ec0e77edf3fcda175d515b59db09419fe0d86d1d79eccf4990632e5d83f07d43d579d0232068b212b824b3fac5
SSDEEP

6144:dIvMWGLjji9INSd7GJpinYsfmnnORJPfhH5XapyBUUUUUUUUUUUUUUUUUUUUUU5H:pWGLjjiJ7GJp6YsennYJPpHwpm5

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Trojan.GenericKD.71684304.16295.10522.exe
.exe windows:5 windows x86 arch:x86

239bd0d3000bc4bbad65bcdd4c68ff77

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

97:66:90:a2:88:5d:5e:d1:e3:a0:d2:95:89:82:76:47:bd:ff:2b:9f
Signer

Actual PE Digest

97:66:90:a2:88:5d:5e:d1:e3:a0:d2:95:89:82:76:47:bd:ff:2b:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\tk\Fun Player\Rel2.8.6\src\toolkits\bin\Release\风行视频加速器.link.pdb

Imports

wininet

InternetOpenA
InternetOpenUrlW
InternetSetOptionA
InternetGetConnectedState
InternetCloseHandle

urlmon

UrlMkGetSessionOption

kernel32

CloseHandle
GetCurrentProcessId
GetNativeSystemInfo
GetCurrentProcess
GetModuleHandleW
WideCharToMultiByte
GetVersionExW
MultiByteToWideChar
SetLastError
GetProcAddress
GetFileAttributesExW
WriteFile
CreateFileW
FlushFileBuffers
GetCurrentThreadId
InterlockedDecrement
SetFilePointer
ReadFile
LoadLibraryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
CreateEventW
CreateEventA
SetEvent
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FormatMessageA
LocalFree
WriteConsoleW
SetStdHandle
TerminateProcess
Sleep
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
FindResourceExW
GetFileType
FindResourceW
LoadResource
LockResource
SizeofResource
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
QueryPerformanceCounter
GetTickCount
GetACP
GetConsoleMode
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
RtlUnwind
GetCPInfo
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetConsoleCP
IsProcessorFeaturePresent
GetOEMCP
InterlockedIncrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsValidCodePage

ole32

CoCreateGuid

shell32

SHGetSpecialFolderPathW

oleaut32

VariantClear

shlwapi

PathFileExistsW
PathFindFileNameW
SHGetValueW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

239bd0d3000bc4bbad65bcdd4c68ff77

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

97:66:90:a2:88:5d:5e:d1:e3:a0:d2:95:89:82:76:47:bd:ff:2b:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

urlmon

kernel32

ole32

shell32

oleaut32

shlwapi

version

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 387KB - Virtual size: 387KB

.reloc Size: 25KB - Virtual size: 25KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

97:66:90:a2:88:5d:5e:d1:e3:a0:d2:95:89:82:76:47:bd:ff:2b:9f
Signer

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 387KB - Virtual size: 387KB

.reloc
Size: 25KB - Virtual size: 25KB