625392c40a64214de152fe797907f2e31c30e0d68a0dcf7980a18cb10d3603a6

Sharing

Copy URL Twitter E-mail

General

Target

625392c40a64214de152fe797907f2e31c30e0d68a0dcf7980a18cb10d3603a6
Size

223KB
MD5

0a5ef077accc9bbd3be3852f4aece5a0
SHA1

88793be43d76012df18c1821c950542635fc88ff
SHA256

625392c40a64214de152fe797907f2e31c30e0d68a0dcf7980a18cb10d3603a6
SHA512

0f542408fc84c82d4b160a8c06bfb47b581b4e2626ec8aa14361d1245ac81fe59e74edc5900233a1a6a98f32e543b7e214029bbc7f301442ba3a03ae8d39b8d7
SSDEEP

3072:wfYkRH/WP2Zb5oDi61e3WKXSpLiJgvltAXPMhTBfCKKsdPy3c5JK+7DfdH:wLwPSofWHXOLQgjAXPMhTBqK/4QK+7x

Score

N/A

Malware Config

Signatures

Files

625392c40a64214de152fe797907f2e31c30e0d68a0dcf7980a18cb10d3603a6
.exe windows x86

5f8f0908bfa5538dce1c03cbec89c335

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:19:7b:1b:ea:45:01:6f:1c:51:7d:09:cc:20:39:c1:9e:50:04:00
Signer

Actual PE Digest

6e:19:7b:1b:ea:45:01:6f:1c:51:7d:09:cc:20:39:c1:9e:50:04:00

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

17/04/2014, 06:26
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathFileExistsW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
SHSetValueW
StrStrIW

kernel32

GetFileSize
CreateFileW
FlushInstructionCache
GetCurrentProcess
GetVersionExW
InterlockedDecrement
lstrlenW
GetCurrentThreadId
GetWindowsDirectoryW
GetEnvironmentVariableW
GetLastError
InterlockedIncrement
lstrcmpiW
SetLastError
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CreateDirectoryW
WritePrivateProfileStringW
GetTickCount
GetPrivateProfileSectionW
LocalFree
GetCommandLineW
GetProcAddress
GetVersion
WaitForSingleObject
CreateThread
DebugBreak
OutputDebugStringW
lstrlenA
CreateProcessW
GetExitCodeProcess
WritePrivateProfileSectionW
LoadLibraryA
GetPrivateProfileIntA
WideCharToMultiByte
GetACP
GetModuleFileNameA
CopyFileA
GetPrivateProfileStringA
DeleteFileA
DeleteFileW
WriteFile
SetFilePointer
CreateFileA
ReadFile
HeapFree
GetProcessHeap
HeapAlloc
GetStdHandle
ExitProcess
Sleep
HeapReAlloc
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetEndOfFile
RtlUnwind
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetModuleHandleA
FreeEnvironmentStringsW
CloseHandle
GetEnvironmentStringsW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
HeapSize
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA

user32

GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
IsDlgButtonChecked
CheckDlgButton
MonitorFromWindow
KillTimer
SetTimer
ShowWindow
EndDialog
SendMessageW
SetWindowTextW
GetWindowLongW
wvsprintfW
DefWindowProcW
GetActiveWindow
DialogBoxParamW
DestroyWindow
CharNextW
LoadStringW
SetWindowLongW
GetWindowRect
GetWindow
GetParent
FindWindowW
UnregisterClassA
EnableWindow
GetDlgItemTextW

gdi32

SetBkMode
GetStockObject
CreateFontW
DeleteObject

advapi32

RegQueryInfoKeyW
RegDeleteValueW
GetUserNameW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ExtractIconW
ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

wininet

HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
HttpSendRequestA
InternetOpenA
HttpEndRequestW
InternetAttemptConnect
InternetWriteFile
InternetReadFile
InternetCloseHandle
HttpSendRequestExA
InternetConnectA

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f8f0908bfa5538dce1c03cbec89c335

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6e:19:7b:1b:ea:45:01:6f:1c:51:7d:09:cc:20:39:c1:9e:50:04:00Signer

Signature Validations

Verification

17/04/2014, 06:26 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

Sections

.text Size: 142KB - Virtual size: 141KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 33KB - Virtual size: 33KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6e:19:7b:1b:ea:45:01:6f:1c:51:7d:09:cc:20:39:c1:9e:50:04:00
Signer

17/04/2014, 06:26
Valid: false

.text
Size: 142KB - Virtual size: 141KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 33KB - Virtual size: 33KB