MicroDogUpdateTool-Jan2011[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MicroDogUpdateTool-Jan2011.zip
Size

1.1MB
MD5

a111dd6dd5eb979c26a7abb89cae3561
SHA1

8d04cd5b6c0cfe4539da038ca45ac22e4f6361c6
SHA256

45375b5180c763428cca14ab6d41ab17ee5e12ed95b77ab76e02bd9f69a946a4
SHA512

b6c36c5e6d15fc5d73567238f7d637d286d8b1a15293a7d1ef21381f7b5188fae14ccc74735e6cc9f497ea44fe99cc6c74906dbf0e59e3db1fee3bee98c8cac2
SSDEEP

24576:SH4FXdPowaZiRTcPHpw16eTnLZLecgUuyw8dyQQMT:QgoJgRci6knLZL/ut8sQQW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MicroDogUpdateTool-Jan2011/DogDriverUpdateTool.exe

Files

MicroDogUpdateTool-Jan2011.zip
.zip

Password: infected
MicroDogUpdateTool-Jan2011/DogDriverUpdateTool.exe
.exe windows:4 windows x86 arch:x86

Password: infected

fabf1f3d10ec1595b91431e51bdf8169

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetSystemInfo
GetThreadLocale
GetTickCount
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyA
lstrcpynA
lstrlenA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write

gdi32

BitBlt
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreatePalette
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetObjectA
GetPaletteEntries
GetPixel
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextMetricsA
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
RealizePalette
RectVisible
RestoreDC
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWindowOrgEx
StretchBlt
UnrealizeObject

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharNextA
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
OemToCharA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSysColor

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

@@Frmupdatedriver@Finalize
@@Frmupdatedriver@Initialize
__GetExceptDLLinfo
___CPPdebugHook
_frmUpdateTool

Sections

.text
Size: 395KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MicroDogUpdateTool-Jan2011/RCMicroDogSetup.dll
.dll windows:4 windows x86 arch:x86

Password: infected

0b9cc716c6ad2ab93cfea8892b31e921

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:76:af:bb:37:91:39:d7:b2:ad:d4:a3:18:f6:e2:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/02/2008, 00:00

Not After

16/03/2011, 23:59

Subject

CN=SafeNet\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Security Division,O=SafeNet\, Inc.,L=Baltimore,ST=Maryland,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8f:bd:3b:41:d9:ad:76:56:4b:df:51:ed:c6:41:ea:ec:fe:eb:95:90
Signer

Actual PE Digest

8f:bd:3b:41:d9:ad:76:56:4b:df:51:ed:c6:41:ea:ec:fe:eb:95:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
GetCurrentProcess
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GlobalAlloc
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GlobalFree
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
MulDiv
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
MoveFileExA
GetFileSize
HeapCreate
HeapAlloc
HeapDestroy
FreeLibrary
ReadFile
HeapFree
RemoveDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetExitCodeThread
FindResourceA
LoadResource
LockResource
CreateFileA
SizeofResource
WriteFile
CreateDirectoryA
SetFileAttributesA
Sleep
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
LocalAlloc
LocalFree
SetLastError
GetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
GetVersionExA
CompareStringA
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
GetSystemDirectoryA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
VirtualFree

user32

SetActiveWindow
GetFocus
DispatchMessageA
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
ShowWindow
IsWindowEnabled
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
GetCursorPos
LoadStringA
CreateDialogIndirectParamA
EndDialog
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
UnregisterClassA
GetClassNameA
GetSysColorBrush
IsWindowVisible
GetTopWindow
GetCapture
WinHelpA
SetFocus
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
GetWindowPlacement
MessageBoxA
PostMessageA
SetWindowPos
LoadBitmapA
DrawTextA
RedrawWindow
UpdateWindow
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
LoadIconA
LoadCursorA
CopyIcon
GetDC
ReleaseDC
IsWindow
GetMessagePos
ScreenToClient
PtInRect
SetTimer
MessageBeep
SetWindowLongA
KillTimer
EnableWindow
FillRect
GetIconInfo
LoadImageA
DrawStateA
GetClientRect
CopyRect
DestroyMenu
DestroyCursor
AdjustWindowRectEx
wsprintfA
FrameRect
InflateRect
GetSysColor
OffsetRect
DrawFocusRect
GetSubMenu
GetWindowRect
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
SendMessageA
GetWindowLongA
DestroyIcon
SystemParametersInfoA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
MoveToEx
LineTo
SetBkMode
GetDeviceCaps
CreatePen
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
RestoreDC
SaveDC
GetClipBox
GetTextExtentPoint32A
CreateFontIndirectA
CreateSolidBrush
GetObjectA
CreateBitmap
DeleteDC
SetBkColor
SetTextColor
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteValueA
RegQueryValueA
CreateServiceA
StartServiceA
RegDeleteKeyA
ControlService
QueryServiceStatus
DeleteService
RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent
ord17

Exports

Exports

DriverDialog
ForInstallSheild
GetDogDriverInfo
InstDriver
NotifyPullOutAndPlugInUsbDog
UninstallDriver

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fabf1f3d10ec1595b91431e51bdf8169

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

gdi32

user32

oleaut32

Exports

Exports

Sections

.text Size: 395KB - Virtual size: 396KB

.data Size: 20KB - Virtual size: 40KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 18KB - Virtual size: 20KB

.reloc Size: 27KB - Virtual size: 28KB

Password: infected

0b9cc716c6ad2ab93cfea8892b31e921

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

63:76:af:bb:37:91:39:d7:b2:ad:d4:a3:18:f6:e2:0eCertificate

Extended Key Usages

Key Usages

8f:bd:3b:41:d9:ad:76:56:4b:df:51:ed:c6:41:ea:ec:fe:eb:95:90Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 395KB - Virtual size: 396KB

.data
Size: 20KB - Virtual size: 40KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 18KB - Virtual size: 20KB

.reloc
Size: 27KB - Virtual size: 28KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

63:76:af:bb:37:91:39:d7:b2:ad:d4:a3:18:f6:e2:0e
Certificate

8f:bd:3b:41:d9:ad:76:56:4b:df:51:ed:c6:41:ea:ec:fe:eb:95:90
Signer

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 24KB - Virtual size: 23KB