UniversalTermsrvPatch-x64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

UniversalTermsrvPatch-x64.exe
Size

79KB
MD5

0546abe6293ba40348e1734fafca47ec
SHA1

37c0d892b38bbf9d8c6a8d35db5b32555cb758c8
SHA256

5161cdafd0c6d79616d775f79214b2e7e3ad13de71db63e9fa6bfc448ba4084b
SHA512

125e805e0461d1582a5b385b6c61e09f833d6464eaa23312ce7146207262f6d3d347f1ddc60bc38c1beadc479fc54dee55a4423f7991f8b163b92e3c551df265
SSDEEP

1536:IZkXc3jjpQkmlt2niKNqOxrSuUnnI04By5Nv3+dV:IZkXc3jje2xtr3UnnI0Yy33+3

Score

1^/10

Malware Config

Signatures

Files

UniversalTermsrvPatch-x64.exe
.exe windows:5 windows x64 arch:x64

42ca3b62e2637f6eeb184ff39580baf2

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18-01-2008 16:00

Not After

31-12-2011 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:63:17:c1:95:5b:f3:b5:f1:c0:0e:f1:8e:91:d3:7b:c0:78:65:f6
Signer

Actual PE Digest

9e:63:17:c1:95:5b:f3:b5:f1:c0:0e:f1:8e:91:d3:7b:c0:78:65:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

b:\universaltermsrvpatch\universaltermsrvpatch\x64\objfre_wnet_AMD64\amd64\UniversalTermsrvPatch-x64.pdb

Imports

mfc42u

ord3783
ord2903
ord2393
ord1441
ord1126
ord6660
ord5687
ord4721
ord5245
ord5406
ord6437
ord1777
ord5663
ord5702
ord4771
ord3761
ord337
ord4557
ord984
ord525
ord3177
ord6328
ord1499
ord4548
ord1287
ord1284
ord2846
ord626
ord6614
ord4214
ord5077
ord1647
ord1812
ord1771
ord6243
ord4014
ord4826
ord620
ord6886
ord1122
ord6147
ord6050
ord4436
ord6021
ord2900
ord665
ord624
ord1930
ord4599
ord4131
ord2517
ord852
ord1063
ord659
ord3916
ord4983
ord6053
ord5711
ord5730
ord1584
ord5065
ord4368
ord2752
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord4598
ord1035
ord4770
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord4752
ord1778
ord4365
ord6440
ord1040
ord2427
ord3790
ord1463
ord6887
ord3830
ord4473
ord5039

msvcrt

_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode
_c_exit
exit
??1type_info@@UEAA@XZ
__dllonexit
_XcptFilter
__C_specific_handler
_wcsicmp
_cexit
__set_app_type
_exit
memset
__CxxFrameHandler
malloc
__argc
__wargv
wcsrchr
_wcslwr
wcsstr
_fmode
_onexit
?terminate@@YAXXZ
memcpy
free

advapi32

GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

GlobalLock
GlobalUnlock
GlobalFree
GetVersion
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GetPrivateProfileStringW
GetLocaleInfoW
lstrcmpiW
GetModuleFileNameW
GetVersionExW
GetModuleHandleW
GetProcAddress
GetSystemInfo
CopyFileW
lstrcpyW
lstrcmpW
lstrcatW
GetExitCodeProcess
GetLastError
GlobalAlloc
GetCurrentProcess
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileW
WriteFile
SetFilePointer
Sleep
ReadFile
lstrcpynW
LockResource
LoadResource
FindResourceExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
DeleteFileW
MoveFileExW
GetTempFileNameW
WaitForSingleObject
CloseHandle
CreateMutexW
GetFileSize
CreateFileMappingW

gdi32

GetObjectW
GetStockObject
CreateFontIndirectW

user32

CharNextW
MessageBeep
LoadCursorW
SetCursor
InvalidateRect
ExitWindowsEx
GetClassNameW
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
PostMessageW
SendMessageW
AppendMenuW
EnableWindow
MessageBoxW
DrawIcon
wsprintfW

shell32

DragQueryFileW
ShellExecuteExW
ShellExecuteW
DragFinish

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imagehlp

CheckSumMappedFile
MapFileAndCheckSumW

comctl32

CreateStatusWindowW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42ca3b62e2637f6eeb184ff39580baf2

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

9e:63:17:c1:95:5b:f3:b5:f1:c0:0e:f1:8e:91:d3:7b:c0:78:65:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

shell32

shlwapi

version

imagehlp

comctl32

wintrust

netapi32

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 23KB

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

9e:63:17:c1:95:5b:f3:b5:f1:c0:0e:f1:8e:91:d3:7b:c0:78:65:f6
Signer

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 23KB