UniversalTermsrvPatch-x86[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UniversalTermsrvPatch-x86.exe
Size

63KB
MD5

2f866893cd6f2f42bc066e9c2a41ad07
SHA1

238da5b983806858a36a0d4b1c8736a328a99a8f
SHA256

00fdee12197804731be3b66c8744cbcf1ab70bf7df2d0a746339cc4811b5f0d6
SHA512

0f5351e3f8feb861fe3813b1a8fc82a6823dfd6e2bd0a2776741eb5d1f78b503cfbab7bab1df5a1ea07e50ba450e71b475edd0e6fba34809e76e2d1988f6e164
SSDEEP

768:jE85L0/e4mYouQY9ot+3qennVG6ci4glF7buCq1FpwEDhEXpZwoHCspvaEhuBWdL:wHNF7buCq1FpZeeMppvfcSIiy5Nv3+yC

Score

1^/10

Malware Config

Signatures

Files

UniversalTermsrvPatch-x86.exe
.exe windows:5 windows x86 arch:x86

c670f21a3754ee6a335632ae9781b734

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:c0:50:59:71:a9:dc:90:31:ea:bd:06:89:26:28:53:4c:e0:a6:96
Signer

Actual PE Digest

bf:c0:50:59:71:a9:dc:90:31:ea:bd:06:89:26:28:53:4c:e0:a6:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b:\universaltermsrvpatch\universaltermsrvpatch\x86\objfre_wnet_x86\i386\UniversalTermsrvPatch-x86.pdb

Imports

mfc42u

ord815
ord641
ord2506
ord3948
ord2858
ord2371
ord1143
ord861
ord6237
ord5261
ord4370
ord4847
ord4992
ord6048
ord1767
ord5237
ord5276
ord4419
ord3592
ord324
ord4229
ord755
ord470
ord3087
ord5949
ord1197
ord4219
ord942
ord940
ord2810
ord540
ord561
ord4155
ord4704
ord1634
ord1808
ord1761
ord5871
ord3792
ord4470
ord535
ord823
ord858
ord5798
ord5706
ord4124
ord5679
ord2855
ord3397
ord3716
ord567
ord538
ord1921
ord4270
ord3871
ord1569
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord825
ord795
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord4401
ord1768
ord4073
ord6051
ord800
ord3614
ord2406
ord3621
ord1165
ord3658
ord6195
ord4667

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
__wgetmainargs
_adjust_fdiv
_onexit
_wcmdln
exit
_cexit
__setusermatherr
__dllonexit
_initterm
wcslen
_XcptFilter
_exit
_wcsicmp
malloc
free
__argc
__wargv
??1type_info@@UAE@XZ
_controlfp
?terminate@@YAXXZ
wcsrchr
_wcslwr
wcsstr
__CxxFrameHandler
_c_exit

advapi32

GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

DeleteFileW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersion
GetEnvironmentVariableW
GetLocaleInfoW
GetPrivateProfileStringW
lstrcmpiW
GetModuleFileNameW
GetVersionExW
GetModuleHandleW
GetProcAddress
GetSystemInfo
CopyFileW
lstrcpyW
lstrcmpW
GetWindowsDirectoryW
CreateMutexW
GetLastError
MoveFileExW
FreeLibrary
LoadLibraryW
UnmapViewOfFile
IsBadReadPtr
GetFileSize
CreateFileW
WriteFile
SetFilePointer
Sleep
ReadFile
lstrcpynW
LockResource
LoadResource
FindResourceExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetTempFileNameW
CloseHandle
GetExitCodeProcess
GetCurrentProcess
WaitForSingleObject
lstrcatW
CreateFileMappingW
MapViewOfFile

gdi32

GetObjectW
GetStockObject
CreateFontIndirectW

user32

CharNextW
MessageBeep
LoadCursorW
SetCursor
InvalidateRect
ExitWindowsEx
GetClassNameW
wsprintfW
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
PostMessageW
EnableWindow
MessageBoxW
DrawIcon
AppendMenuW
SendMessageW

shell32

DragQueryFileW
ShellExecuteExW
ShellExecuteW
DragFinish

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imagehlp

CheckSumMappedFile
MapFileAndCheckSumW

comctl32

CreateStatusWindowW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c670f21a3754ee6a335632ae9781b734

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

bf:c0:50:59:71:a9:dc:90:31:ea:bd:06:89:26:28:53:4c:e0:a6:96Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

shell32

shlwapi

version

imagehlp

comctl32

wintrust

netapi32

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 23KB

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

bf:c0:50:59:71:a9:dc:90:31:ea:bd:06:89:26:28:53:4c:e0:a6:96
Signer

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 23KB