f71b4026bb4405b7addf481c68123694ee8aed7517df2b941e7d48dd44751399

Sharing

Copy URL

Twitter E-mail

General

Target

f71b4026bb4405b7addf481c68123694ee8aed7517df2b941e7d48dd44751399
Size

366KB
MD5

46abc8909c33196097fbe1c55cd52840
SHA1

b53a0603fa268870efa11d1f1ce8d4282fee59ae
SHA256

f71b4026bb4405b7addf481c68123694ee8aed7517df2b941e7d48dd44751399
SHA512

44fabfbf018237b0055970e267d8e4b7f0dc8577fc9498351585c5b326c3464eb32c57f22971df6e9fb771a4561a0f3873b8fc4d9f182f395bb482ddf77d7f94
SSDEEP

6144:olFQB+tFrB6L83wQqdv1auO1g043PS2acxesPptfQQcAExQ6h1tEb:26Y3wX1auO20s6ses/YnAE3ub

Score

N/A

Malware Config

Signatures

Files

f71b4026bb4405b7addf481c68123694ee8aed7517df2b941e7d48dd44751399
.exe windows x86

d3e3a0fb800d7f4d358d0b5706596ea3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:a1:02:4d:df:25:90:ad:9a:28:3b:c4:ef:45:5b:59:02:63:8f:c3
Signer

Actual PE Digest

e1:a1:02:4d:df:25:90:ad:9a:28:3b:c4:ef:45:5b:59:02:63:8f:c3

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

11/10/2013, 07:31
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
SuspendThread
OpenThread
SystemTimeToFileTime
SetEnvironmentVariableW
GetPrivateProfileStringW
QueryDosDeviceW
GetLogicalDriveStringsW
WideCharToMultiByte
lstrlenA
DebugBreak
OutputDebugStringW
TlsSetValue
TlsGetValue
GetACP
CreateProcessW
WaitForSingleObject
GetFileAttributesExW
TerminateProcess
GetTimeZoneInformation
SetFilePointer
DeviceIoControl
SetEvent
GetHandleInformation
TerminateThread
DisconnectNamedPipe
OutputDebugStringA
WaitNamedPipeW
WriteFile
LeaveCriticalSection
EnterCriticalSection
ConnectNamedPipe
CreateNamedPipeW
CreateThread
FlushFileBuffers
GetLocalTime
LocalFileTimeToFileTime
GetEnvironmentVariableW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
lstrcmpA
FormatMessageW
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
FindClose
SetStdHandle
Sleep
GetPrivateProfileSectionW
GetTickCount
WritePrivateProfileStringW
GetCommandLineW
OpenProcess
GetProcessTimes
FileTimeToLocalFileTime
FileTimeToSystemTime
GetWindowsDirectoryW
CreateDirectoryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcmpiW
InterlockedIncrement
GetCurrentThread
GetCurrentProcess
lstrlenW
LocalAlloc
LocalFree
GetVersionExW
GetVersion
GetModuleHandleW
GetProcAddress
CreateFileW
GetFileSize
ReadFile
CloseHandle
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
LCMapStringW
HeapSize
HeapReAlloc
VirtualAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
SetLastError
TlsAlloc
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
LoadLibraryA
GetModuleHandleA
CreateMutexA
ReleaseMutex
TlsFree
LoadLibraryW
CreateMutexW
WriteConsoleA
GetCurrentThreadId
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
RaiseException

user32

PostThreadMessageW
LoadStringW
wvsprintfW
CharNextW
CharUpperW

advapi32

GetLengthSid
CreateProcessAsUserW
RevertToSelf
DuplicateTokenEx
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
EqualSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetSecurityDescriptorDacl
QueryServiceStatus
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
RegQueryValueExA
CopySid
SetServiceStatus
ControlService
StartServiceW
CreateServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

StrCmpNIW
PathAppendW
PathFileExistsW
StrCmpIW
SHSetValueW
SHGetValueW
StrStrIW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CryptMsgOpenToDecode
CryptMsgUpdate
CertCloseStore
CryptMsgClose
CertGetNameStringW
CertGetCertificateContextProperty
CertOpenStore

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3e3a0fb800d7f4d358d0b5706596ea3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e1:a1:02:4d:df:25:90:ad:9a:28:3b:c4:ef:45:5b:59:02:63:8f:c3Signer

Signature Validations

Verification

11/10/2013, 07:31 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

crypt32

wintrust

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 26KB - Virtual size: 25KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e1:a1:02:4d:df:25:90:ad:9a:28:3b:c4:ef:45:5b:59:02:63:8f:c3
Signer

11/10/2013, 07:31
Valid: false

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 26KB - Virtual size: 25KB