0df7e7fcf92550d3fae36ad07b4f26158c8b7f0b935fb79d5dab5c9750bc1553

Sharing

Copy URL

Twitter E-mail

General

Target

0df7e7fcf92550d3fae36ad07b4f26158c8b7f0b935fb79d5dab5c9750bc1553
Size

1.8MB
MD5

51c5d74a0594ec670ef9ee28d5df6daf
SHA1

d6ac07c4e9e2d338a2a61f91c307f7f442b1e875
SHA256

0df7e7fcf92550d3fae36ad07b4f26158c8b7f0b935fb79d5dab5c9750bc1553
SHA512

34f87af1c9c8360d164072ca830a1fbe88a3cf170a5642893c085a16522714910bf61b3a488187d1cc927b05496f386995aebe02d13213850b70f638a26fe228
SSDEEP

24576:Sm91dn4CCz/SGUFm6oK17JL6R4J3XXmw+HsFgvaQSTnITygKdFel9sO4aTAbOMmb:wo17JQ4JnWO+HSTnITh9aaTAbOMmyFy

Score

N/A

Malware Config

Signatures

Files

0df7e7fcf92550d3fae36ad07b4f26158c8b7f0b935fb79d5dab5c9750bc1553
.exe windows x86

9ac922d3ed58022790fb7c2ffe051e9e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5949
ord4166
ord326
ord1761
ord2385
ord690
ord1980
ord6860
ord5351
ord5804
ord5198
ord3224
ord6055
ord389
ord6655
ord2755
ord6003
ord4155
ord3281
ord3093
ord2809
ord2606
ord941
ord2914
ord6640
ord6374
ord3296
ord2281
ord3447
ord2507
ord355
ord6107
ord6911
ord5945
ord6871
ord3568
ord4266
ord2115
ord6668
ord6880
ord3909
ord2644
ord668
ord4120
ord3176
ord4053
ord2773
ord2762
ord356
ord1662
ord860
ord1105
ord798
ord1989
ord6388
ord5188
ord533
ord5352
ord5201
ord4270
ord665
ord1971
ord1560
ord5438
ord268
ord3313
ord5180
ord354
ord833
ord5677
ord5461
ord4273
ord6867
ord6920
ord6918
ord5852
ord6381
ord4128
ord4199
ord5784
ord3688
ord6654
ord6865
ord1771
ord1637
ord2858
ord6266
ord2430
ord3649
ord2576
ord4215
ord5798
ord470
ord755
ord5568
ord3806
ord3332
ord803
ord543
ord1143
ord3579
ord2634
ord1172
ord3993
ord6898
ord6330
ord4050
ord2637
ord6451
ord4294
ord6376
ord6193
ord3087
ord6195
ord2371
ord4119
ord6896
ord6667
ord6879
ord4124
ord3084
ord2859
ord4395
ord2573
ord4214
ord3288
ord2099
ord2836
ord6390
ord5446
ord6379
ord5436
ord3088
ord323
ord1633
ord5781
ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord2854
ord2746
ord4279
ord692
ord795
ord3701
ord790
ord3541
ord5871
ord2855
ord1634
ord3614
ord809
ord3658
ord289
ord2559
ord2372
ord283
ord2406
ord4118
ord613
ord3621
ord2111
ord2085
ord2100
ord765
ord3693
ord3393
ord693
ord6504
ord656
ord616
ord609
ord2092
ord6688
ord6238
ord2072
ord3991
ord2108
ord2070
ord2091
ord2105
ord6605
ord2081
ord810
ord3569
ord4390
ord2567
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord6733
ord3605
ord3635
ord3365
ord4396
ord2574
ord3716
ord3711
ord3728
ord3634
ord2016
ord2405
ord6362
ord1764
ord1230
ord2144
ord818
ord567
ord3737
ord3397
ord5286
ord1768
ord6051
ord922
ord927
ord324
ord2910
ord940
ord537
ord5273
ord2717
ord641
ord4370
ord6370
ord3792
ord825
ord4704
ord2756
ord6921
ord6278
ord6279
ord6919
ord5679
ord4272
ord4197
ord5706
ord1131
ord2613
ord1165
ord1229
ord2506
ord2078
ord6211
ord3592
ord4419
ord4621
ord3356
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord4992
ord4847
ord5261
ord815
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord562
ord5778
ord816
ord804
ord3724
ord3389
ord4400
ord2579
ord4282
ord6726
ord2114
ord556
ord682
ord3625
ord4394
ord2572
ord6354
ord1088
ord3871
ord3173
ord1972
ord2444
ord6597
ord3566
ord6638
ord2351
ord2292
ord2333
ord2290
ord2331
ord2291
ord2332
ord2350
ord2293
ord2359
ord2358
ord2362
ord2357
ord2356
ord2355
ord2354
ord2353
ord2352
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord4269
ord823
ord4667
ord4229
ord925
ord6868
ord540
ord2810
ord861
ord535
ord538
ord858
ord800
ord942
ord4292
ord1569

msvcrt

wcscmp
wcsrchr
_wcsdup
free
wcsstr
_wcsicmp
wcslen
wcsncat
wcsncpy
time
strncat
atol
mktime
_purecall
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
memmove
??0exception@@QAE@ABQBD@Z
strncmp
malloc
_vsnwprintf
wcsncmp
_beginthreadex
_wtol
__RTDynamicCast
_wmakepath
_wsplitpath
wcschr
_wtoi
_wcsnicmp
toupper
rand
srand
_wtoi64
__CxxFrameHandler
_wstati64
calloc
gmtime
strncpy
isspace
clock
wcscat
_wcslwr
qsort
realloc
swprintf
_snwprintf
strerror
wcscpy
wcstok
_errno
_stricmp
_CIpow
strtod
_iob
longjmp
_wfsopen
abort
towlower
wcstod
tolower
strchr
isalpha
_wfopen
__CxxLongjmpUnwind
_setjmp3
fwrite
floor
ceil
memchr
sscanf
fputc
fseek
ftell
fclose
fread
fprintf
atof
atoi
_snprintf
fopen
isalnum
swscanf
strstr
??0exception@@QAE@XZ
_beginthread
_endthreadex
_ftol
localtime
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp

kernel32

DisconnectNamedPipe
SetEndOfFile
GetExitCodeThread
Thread32First
OpenThread
SuspendThread
Thread32Next
ProcessIdToSessionId
GetACP
QueryDosDeviceW
lstrcmpW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OutputDebugStringA
DeviceIoControl
WriteFile
SetFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
DuplicateHandle
GetFileType
SetFilePointer
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
GlobalMemoryStatusEx
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalLock
GlobalUnlock
MulDiv
SetErrorMode
LoadLibraryExW
OpenMutexW
OutputDebugStringW
MoveFileW
ResumeThread
GetModuleHandleA
GetSystemInfo
lstrcpynW
GetLogicalDriveStringsW
CreateProcessW
GetExitCodeProcess
GetSystemTime
GlobalFree
GetSystemDirectoryW
WaitNamedPipeW
GetFileAttributesW
GetCurrentProcess
SetThreadPriority
WritePrivateProfileSectionW
FindNextFileW
CreateMutexA
ReleaseMutex
GetDriveTypeW
GetTimeZoneInformation
GetPrivateProfileIntA
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ConnectNamedPipe
SystemTimeToFileTime
GetLocalTime
GetPrivateProfileIntW
lstrlenW
InterlockedExchange
TerminateThread
AreFileApisANSI
WideCharToMultiByte
GetVersionExW
LoadLibraryA
GetTempFileNameW
SetFileAttributesW
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
Sleep
lstrlenA
MultiByteToWideChar
FindFirstFileA
GetSystemWindowsDirectoryW
GetTempPathW
GetDiskFreeSpaceW
GetTickCount
FindFirstFileW
FindClose
GetWindowsDirectoryW
DeleteFileW
GetCommandLineW
CreateMutexW
GetLongPathNameW
InterlockedIncrement
GetCurrentProcessId
InterlockedDecrement
MoveFileExW
WritePrivateProfileStringW
GetLastError
OpenProcess
TerminateProcess
CreateFileW
GetFileSize
ReadFile
GetModuleFileNameW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
ResetEvent
WaitForSingleObject
CreateThread
SetEvent
CloseHandle
CreateEventW
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
FreeLibrary
LocalFree
ExpandEnvironmentStringsW
SetProcessWorkingSetSize
lstrcmpA
FormatMessageW
GetCurrentThreadId
GetFileSizeEx
SetFilePointerEx
VirtualFree
VirtualAlloc
LockFileEx
UnlockFileEx
InitializeCriticalSectionAndSpinCount
LocalAlloc
HeapFree
TlsFree
SetEnvironmentVariableW
TlsAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
TlsSetValue
TlsGetValue
CreateNamedPipeW
SetLastError
GetCurrentThread
lstrcmpiW
GetPrivateProfileSectionW
GetSystemDefaultLangID
GetFullPathNameW
CreateSemaphoreA
ReleaseSemaphore
QueryPerformanceCounter
SetNamedPipeHandleState
CreateFileA
ReadFileEx
SleepEx
CreateEventA
GetModuleHandleW
GetStartupInfoW
InitializeCriticalSection
InterlockedCompareExchange
GlobalAlloc

user32

BringWindowToTop
SetForegroundWindow
GetWindow
PostQuitMessage
GetSubMenu
IsIconic
DrawIcon
GetDesktopWindow
LoadMenuW
SetWindowPos
EnableMenuItem
GetCursorPos
DeleteMenu
ExitWindowsEx
IsWindowEnabled
SwitchToThisWindow
CharLowerBuffW
CopyRect
WindowFromPoint
SetLayeredWindowAttributes
RedrawWindow
PostThreadMessageW
GetGUIThreadInfo
SetRect
ReleaseDC
GetDC
FillRect
IsWindowVisible
LoadIconW
SendMessageTimeoutW
GetWindowThreadProcessId
GetClassInfoW
WaitForInputIdle
FindWindowW
MessageBoxW
PostMessageW
EnableWindow
SendMessageW
DestroyWindow
SetTimer
RegisterWindowMessageW
InvalidateRect
GetSystemMetrics
EnumChildWindows
PtInRect
IsZoomed
IsRectEmpty
GetUpdateRgn
SetWindowRgn
ScreenToClient
ModifyMenuW
GetMenuStringW
GetMenuItemID
GetMenuItemCount
EnumWindows
GetKeyState
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
SetCursor
DrawTextW
IntersectRect
TabbedTextOutW
GrayStringW
DrawIconEx
LoadImageW
FrameRect
GetClientRect
LoadCursorW
OffsetRect
GetWindowRect
IsWindow
GetParent
ReleaseCapture
SetCapture
SetWindowLongW
GetWindowLongW
SystemParametersInfoW
KillTimer
SetWindowTextW
ShowWindow
GetDlgItem
GetSysColor

gdi32

GetObjectW
SelectObject
CreateFontIndirectW
RectInRegion
CombineRgn
CreateRectRgn
CreateSolidBrush
GetDeviceCaps
DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetStockObject
CreateBitmap
GetBitmapBits
ExtCreateRegion
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextColor
GetBkMode
GetDIBits
SetRectRgn
SetPixel
SetStretchBltMode
StretchDIBits
CreateDIBSection
GetCurrentObject
ExtCreatePen

advapi32

ChangeServiceConfigW
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegNotifyChangeKeyValue
RegOpenKeyW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyW
GetUserNameW
DeleteService
GetTokenInformation
OpenThreadToken
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegRestoreKeyW

shell32

ord68
SHGetFolderPathW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetPathFromIDListW
ShellExecuteA
DragQueryFileW
ShellExecuteExW
SHGetFolderPathA
SHChangeNotify
Shell_NotifyIconW
SHGetDesktopFolder
SHOpenFolderAndSelectItems
ord680
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CLSIDFromString
OleRun
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

olepro32

ord251

oleaut32

SafeArrayCreate
SysStringByteLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysAllocString
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
SysFreeString

urlmon

URLDownloadToFileW

shlwapi

SHGetValueW
StrCmpW
PathAddBackslashW
PathRemoveFileSpecW
StrStrIW
PathIsDirectoryW
PathFileExistsA
SHSetValueW
StrCmpIW
PathAppendW
wnsprintfW
SHDeleteValueW
StrRChrW
StrCmpNIW
StrCmpNW
PathCombineW
StrCpyNW
StrChrW
PathFileExistsW

netapi32

NetUserGetInfo
NetApiBufferFree

qtquart

ord3
ord4
ord8
ord7
ord5
_QT_FindNextItemForCount@8
ord1
ord2

wininet

InternetGetConnectedState
InternetQueryOptionW
InternetCheckConnectionW
InternetCrackUrlW
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW

ws2_32

inet_addr
gethostbyname
inet_ntoa

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcessModules
GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

msvcp60

??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

8"�
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ac922d3ed58022790fb7c2ffe051e9e

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

urlmon

shlwapi

netapi32

qtquart

wininet

ws2_32

version

psapi

msimg32

comctl32

msvcp60

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 204KB - Virtual size: 200KB

.data Size: 92KB - Virtual size: 97KB

.rsrc Size: 72KB - Virtual size: 69KB

8"� Size: 244KB - Virtual size: 244KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 204KB - Virtual size: 200KB

.data
Size: 92KB - Virtual size: 97KB

.rsrc
Size: 72KB - Virtual size: 69KB

8"�
Size: 244KB - Virtual size: 244KB