MicrosoftGenuineAdvantageDiagnosticTool[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MicrosoftGenuineAdvantageDiagnosticTool.exe
Size

533KB
MD5

c01d05589d98228a24e9026b8f06c62a
SHA1

ae86944f8fd4cdb1302b1871f95e5756388ba403
SHA256

20d254ce7bd25a28c43bb67a9c2e9c84a4e5de5b74e3ad87f1dd4dd3d7cbb26f
SHA512

cfcea264861ead51a2e70a315375626bd056340aa6831b970904f5ff01554a4e3e04ac9be9ff3f03ff45760ad41343f5439b8f959fd4ed0413451ae3fa74503f
SSDEEP

12288:YnQIHLLvhPluLfPUTpYtp2Cna/23WO7eVRiwZz3:YnQuplubPcYtkJ2mOCqwZz3

Score

1^/10

Malware Config

Signatures

Files

MicrosoftGenuineAdvantageDiagnosticTool.exe
.exe windows:6 windows x86 arch:x86

a9ff4eaa8e44b1722de616ebd6b22651

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

99:35:52:92:32:ee:29:3c:be:a9:5f:02:7b:28:60:e7:55:21:6c:12
Signer

Actual PE Digest

99:35:52:92:32:ee:29:3c:be:a9:5f:02:7b:28:60:e7:55:21:6c:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bt\11\src\client\obfuscate\obj\i386\oWGADiag2.PDB

Imports

kernel32

SetEndOfFile
UnhandledExceptionFilter
GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
HeapAlloc
GetModuleHandleA
GetProcAddress
SetLastError
GetTickCount
CreateThread
HeapFree
GetProcessHeap
GetSystemDirectoryA
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GetExitCodeThread
GetLogicalDriveStringsA
GlobalMemoryStatus
GetProcessAffinityMask
SetThreadAffinityMask
ResumeThread
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapSize
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
VirtualAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetFilePointer
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
LCMapStringA
LCMapStringW
SetStdHandle
VirtualProtect
GetSystemInfo
GetTimeZoneInformation
FlushFileBuffers
CloseHandle
GlobalFree
FindClose
FindFirstFileW
GetDriveTypeA
FreeLibrary
CreateDirectoryW
GetCurrentDirectoryW
CreateDirectoryA
LocalFree
LocalAlloc
TryEnterCriticalSection
GetComputerNameW
GetVolumeInformationA
CreateFileW
ExpandEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
CompareFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetSystemDefaultLangID
ReadFile
lstrlenA
lstrlenW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
DeviceIoControl
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventA
Sleep
GetVersion

advapi32

LookupAccountNameW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExW
RegCreateKeyExW
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
CryptImportKey
CryptExportKey
CryptGenKey
RegEnumKeyA
GetCurrentHwProfileW
GetCurrentHwProfileA
RegEnumKeyExW
RegEnumKeyExA

gdi32

SetTextColor
SetBkMode
GetStockObject

user32

wsprintfA
GetDesktopWindow
GetSystemMetrics
EmptyClipboard
SetDlgItemTextA
OpenClipboard
SetClipboardData
CloseClipboard
GetDlgItem
BroadcastSystemMessageA

ole32

IIDFromString
CLSIDFromProgID
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
CoCreateGuid

comctl32

PropertySheetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

crypt32

CertOpenStore
CryptUnprotectData
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertComparePublicKeyInfo
CertCreateCertificateContext
CertGetIssuerCertificateFromStore
CertVerifySubjectCertificateContext
CryptEncodeObject
CryptExportPublicKeyInfo
CertFindExtension
CertEnumCertificatesInStore
CryptSignCertificate

wininet

InternetAutodial
InternetCloseHandle
InternetSetOptionA
InternetOpenA
InternetQueryOptionA
HttpSendRequestA
InternetErrorDlg
HttpOpenRequestA
InternetGetConnectedState
HttpQueryInfoA
InternetReadFile
InternetConnectA

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocStringLen
SysFreeString

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9ff4eaa8e44b1722de616ebd6b22651

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

99:35:52:92:32:ee:29:3c:be:a9:5f:02:7b:28:60:e7:55:21:6c:12Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

gdi32

user32

ole32

comctl32

version

crypt32

wininet

setupapi

oleaut32

Sections

.text Size: 442KB - Virtual size: 441KB

.data Size: 28KB - Virtual size: 279KB

.rsrc Size: 55KB - Virtual size: 54KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

99:35:52:92:32:ee:29:3c:be:a9:5f:02:7b:28:60:e7:55:21:6c:12
Signer

.text
Size: 442KB - Virtual size: 441KB

.data
Size: 28KB - Virtual size: 279KB

.rsrc
Size: 55KB - Virtual size: 54KB