SecuriteInfo[.]com[.]W32[.]Trojan[.]FVU[.]gen[.]Eldorado[.]2734[.]21927[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.W32.Trojan.FVU.gen.Eldorado.2734.21927.exe
Size

744KB
MD5

de9dc4c216d05cf516687f13c1ff73f9
SHA1

d98d789517c5978528c7d8c79bf05dcdba74b117
SHA256

69f572f07b47b2b8dd65d4afb4d95bedde631054e7976a42c680248a5194313c
SHA512

8922f0269589536203fc3bbc2a7c269b153b32256ea2b27abdfc383ce676ef1ab8fe4ec73a95a8fbcd953b9dc9dd1842efb40711ec2c531f83955106b5479fb2
SSDEEP

12288:q2+ai0OJ2W5Q+AYCoA4Ln2YgeQK1UQdVmXTr1aUE8JoxqgbgreoKyDXVPtC/EOb5:QFXuK1UcsXTr1hE8JogPZDXKXOO

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.W32.Trojan.FVU.gen.Eldorado.2734.21927.exe
.exe windows:5 windows x86 arch:x86

cd75e7c64c9b70c3b6f2b6d3d808c86a

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f9:21:34:60:d6:a0:73:17:5e:e3:13:35:7e:02:36:14:65:12:59:6b
Signer

Actual PE Digest

f9:21:34:60:d6:a0:73:17:5e:e3:13:35:7e:02:36:14:65:12:59:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\winproject\Fun Player\Rel2.8.6\src\toolkits\bin_inst\Release\uninst.pdb

Imports

gdiplus

GdipCreateBitmapFromStream
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipSetClipRect
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipFree
GdipAlloc
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipSetTextRenderingHint
GdipResetClip
GdipEndContainer
GdipRotateWorldTransform
GdiplusShutdown
GdipCloneBrush
GdiplusStartup
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipBeginContainer2

shlwapi

PathFileExistsW
PathRemoveFileSpecW
SHDeleteValueW
SHDeleteKeyW
SHSetValueW
SHGetValueW
PathRemoveExtensionW
PathIsRootW
PathFindFileNameW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

WriteFile
CloseHandle
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
GetProcessHeap
HeapFree
HeapAlloc
SetEvent
CreateThread
WaitForMultipleObjects
GetLastError
CreateProcessW
WaitForSingleObject
TerminateProcess
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
DeleteFileW
GetCurrentProcess
CreateMutexW
InterlockedExchange
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleExA
ResetEvent
CreateEventW
GetTickCount
Sleep
LoadLibraryW
GetProcAddress
FreeLibrary
GetNativeSystemInfo
GetVersionExW
GetSystemInfo
CreateFileW
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GetPrivateProfileStringW
GetCurrentProcessId
GetCurrentThreadId
GetTempPathW
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
FindNextFileW
FindClose
MoveFileExW
MoveFileExA
OpenMutexW
FlushFileBuffers
ReleaseMutex
GetSystemDefaultLangID
LocalFree
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetTimeZoneInformation
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsProcessorFeaturePresent
SetLastError
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetStdHandle
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
GetDateFormatW
GetTimeFormatW
ExitThread
GetStartupInfoW
HeapSetInformation
QueryPerformanceCounter
FormatMessageA
ResumeThread
GetModuleFileNameA
CreateFileA
GetModuleFileNameW
GetCommandLineW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetFileAttributesExW
SetStdHandle
WriteConsoleW
SetEndOfFile
CompareStringW
OpenEventA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
HeapSize
HeapReAlloc
SetEnvironmentVariableA
HeapDestroy
InitializeCriticalSectionAndSpinCount
RaiseException
MoveFileW
ReadFile
InterlockedCompareExchange

user32

RegisterClassExW
TranslateMessage
GetQueueStatus
WaitMessage
KillTimer
PostMessageW
UnregisterClassW
SetTimer
DestroyWindow
SetCursor
LoadCursorW
LoadIconW
RegisterClassW
IsWindow
ShowWindow
SystemParametersInfoW
SetWindowLongW
CallMsgFilterW
SetCapture
GetCapture
ReleaseCapture
SetWindowPos
GetWindowRect
GetWindowDC
UpdateLayeredWindow
ReleaseDC
SendMessageW
MessageBoxExW
MsgWaitForMultipleObjectsEx
CreateWindowExW
DefWindowProcW
DispatchMessageW
PeekMessageW
MessageBoxW
GetDC
PostQuitMessage
GetWindowLongW

gdi32

EnumFontFamiliesW
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC

shell32

ShellExecuteA
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoCreateGuid
CoInitialize

wininet

HttpQueryInfoA
InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetOpenUrlW
InternetGetConnectedState
HttpQueryInfoW
InternetReadFile

urlmon

UrlMkGetSessionOption

Exports

Exports

??_B?1??get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ@51
??_B?1??get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ@51
?get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ
?get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ
?get_mutable_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@SAAAVCFpInstallPath@@XZ
?get_mutable_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@SAAAVCFpSysLanguage@@XZ
?instance@?$singleton@VCFpInstallPath@@@serialization@boost@@0AAVCFpInstallPath@@A
?instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@0AAVCFpSysLanguage@@A
?t@?1??get_instance@?$singleton@VCFpInstallPath@@@serialization@boost@@CAAAVCFpInstallPath@@XZ@4V?$singleton_wrapper@VCFpInstallPath@@@detail@34@A
?t@?1??get_instance@?$singleton@VCFpSysLanguage@@@serialization@boost@@CAAAVCFpSysLanguage@@XZ@4V?$singleton_wrapper@VCFpSysLanguage@@@detail@34@A

Sections

.text
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd75e7c64c9b70c3b6f2b6d3d808c86a

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

f9:21:34:60:d6:a0:73:17:5e:e3:13:35:7e:02:36:14:65:12:59:6bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

shlwapi

version

kernel32

user32

gdi32

shell32

ole32

wininet

urlmon

Exports

Exports

Sections

.text Size: 469KB - Virtual size: 469KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 25KB - Virtual size: 43KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 81KB - Virtual size: 81KB

.reloc Size: 57KB - Virtual size: 57KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

f9:21:34:60:d6:a0:73:17:5e:e3:13:35:7e:02:36:14:65:12:59:6b
Signer

.text
Size: 469KB - Virtual size: 469KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 25KB - Virtual size: 43KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 81KB - Virtual size: 81KB

.reloc
Size: 57KB - Virtual size: 57KB