602ad3e8c7661a14bd2d87f38b9f08f6af463587146ab0db8c1a62f3aa04d1cc

Sharing

Copy URL Twitter E-mail

General

Target

602ad3e8c7661a14bd2d87f38b9f08f6af463587146ab0db8c1a62f3aa04d1cc
Size

110KB
MD5

6b7af2fb5d66f96f0f72f853fb19a740
SHA1

76cd4d315c2bd4b7f5734ad6bfb1e964625c2a4d
SHA256

602ad3e8c7661a14bd2d87f38b9f08f6af463587146ab0db8c1a62f3aa04d1cc
SHA512

6ae917a8755e7468916ba32f55541253f9d428d0660661f9942df9ee93ba9a8b7149c6c78831b143ee667a510e599d720205fcf0fffe08400b9c8aed75888727
SSDEEP

3072:BV6oZ8V0yIB5wqaKOLIGBmdDQ+rI5zlalX+wx8UV:BV6o2eyIBEKOLzciQXdP

Score

N/A

Malware Config

Signatures

Files

602ad3e8c7661a14bd2d87f38b9f08f6af463587146ab0db8c1a62f3aa04d1cc
.exe windows x86

1d0fed7dd5b62f112a8653bab279f09a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:0f:11:a8:e1:80:1b:d7:b7:7f:5b:10:5b:e1:23:e9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/09/2012, 00:00

Not After

20/09/2015, 23:59

Subject

CN=YY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=YY Inc.,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:a6:38:5a:4f:24:49:fe:34:4a:33:f8:f0:27:43:c6:af:8e:2a:c2
Signer

Actual PE Digest

99:a6:38:5a:4f:24:49:fe:34:4a:33:f8:f0:27:43:c6:af:8e:2a:c2

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=YY Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=YY Inc.,L=guangzhou,ST=guangdong,C=CN

03/11/2013, 17:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dwutility

?appRootPath@app@DwUtility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?createGlobalMid@minfo@DwUtility@@SA_NXZ

qtgui4

?close@QWidget@@QAE_NXZ
??0QApplication@@QAE@AAHPAPADH@Z
??1QApplication@@UAE@XZ
??0QMainWindow@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z
?exec@QApplication@@SAHXZ
??1QMainWindow@@UAE@XZ

qtcore4

?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QObject@@UAEPAXPBD@Z
??1QObject@@UAE@XZ
??1QTimer@@UAE@XZ
?timerEvent@QTimer@@MAEXPAVQTimerEvent@@@Z
?qt_metacall@QTimer@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QTimer@@UAEPAXPBD@Z
?metaObject@QTimer@@UBEPBUQMetaObject@@XZ
?disconnectNotify@QObject@@MAEXPBD@Z
?connectNotify@QObject@@MAEXPBD@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
??0QObject@@QAE@PAV0@@Z
??0QTimer@@QAE@PAVQObject@@@Z
?connect@QObject@@SA_NPBV1@PBD01W4ConnectionType@Qt@@@Z
?start@QTimer@@QAEXH@Z
?toStdWString@QString@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?fromWCharArray@QString@@SA?AV1@PBGH@Z
?split@QString@@QBE?AVQStringList@@ABV1@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
??4QString@@QAEAAV0@ABV0@@Z
?toInt@QString@@QBEHPA_NH@Z
?free@QVectorData@@SAXPAU1@H@Z
?allocate@QVectorData@@SAPAU1@HH@Z
?qMemSet@@YAPAXPAXHI@Z
?reallocate@QVectorData@@SAPAU1@PAU1@HHH@Z
??1QByteArray@@QAE@XZ
?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QVector@PAD@@@Z
?detach@QByteArray@@QAEXXZ
?toLocal8Bit@QString@@QBE?AVQByteArray@@XZ
??0QString@@QAE@ABV0@@Z
?qFree@@YAXPAX@Z
?fromAscii_helper@QString@@CAPAUData@1@PBDH@Z
?compare@QString@@QBEHABV1@W4CaseSensitivity@Qt@@@Z
??1QString@@QAE@XZ

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCommandLineW
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcAddress
LoadLibraryW

msvcp90

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z

msvcr90

__dllonexit
_unlock
_lock
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_amsg_exit
??3@YAXPAX@Z
??2@YAPAXI@Z
strcmp
memcpy
__getmainargs

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�3~
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d0fed7dd5b62f112a8653bab279f09a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:0f:11:a8:e1:80:1b:d7:b7:7f:5b:10:5b:e1:23:e9Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

99:a6:38:5a:4f:24:49:fe:34:4a:33:f8:f0:27:43:c6:af:8e:2a:c2Signer

Signature Validations

Verification

03/11/2013, 17:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

dwutility

qtgui4

qtcore4

kernel32

msvcp90

msvcr90

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 936B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 720B

�3~ Size: 89KB - Virtual size: 92KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:0f:11:a8:e1:80:1b:d7:b7:7f:5b:10:5b:e1:23:e9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

99:a6:38:5a:4f:24:49:fe:34:4a:33:f8:f0:27:43:c6:af:8e:2a:c2
Signer

03/11/2013, 17:22
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 936B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 720B

�3~
Size: 89KB - Virtual size: 92KB