0a71bd1c260272a1bb2eedb125455d8fe480f64c13fc3488e2141414f8086a9e

Sharing

Copy URL Twitter E-mail

General

Target

0a71bd1c260272a1bb2eedb125455d8fe480f64c13fc3488e2141414f8086a9e
Size

889KB
MD5

62ae83b89676f2d0893abb19a8e05858
SHA1

f2cb763423be4e4c400ed43ef49cd717b38f0858
SHA256

0a71bd1c260272a1bb2eedb125455d8fe480f64c13fc3488e2141414f8086a9e
SHA512

f15a12806be1123efd1d19d7dfe32765d80557d386e3845789f965dde3c43ce8b8c9e2013171bb1ef8559910d275eae047887e550d8f09d5c151ea74a9e3f195
SSDEEP

12288:Tdm6+U7gcQSNFQvSvj7C8P7YXx+T39SQOzoOWTm4C0BoRjxC2Xzp:Tdm6bXXQv+xD6+TwQuo9TLyjHzp

Score

N/A

Malware Config

Signatures

Files

0a71bd1c260272a1bb2eedb125455d8fe480f64c13fc3488e2141414f8086a9e
.exe windows x86

bfbba6be9ed83093297524299baec211

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2018, 00:00

Not After

01/02/2020, 23:59

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/09/2018, 00:00

Not After

01/02/2020, 23:59

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:31:64:d2:34:fd:d6:cd:fe:4a:78:17:03:3a:fd:26:7e:fe:89:cb:80:97:f2:e6:54:b4:14:9c:ea:ae:93:ff
Signer

Actual PE Digest

f0:31:64:d2:34:fd:d6:cd:fe:4a:78:17:03:3a:fd:26:7e:fe:89:cb:80:97:f2:e6:54:b4:14:9c:ea:ae:93:ff

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

20/11/2018, 02:35
Valid: false

b1:2d:91:c9:4a:96:ff:d5:78:da:e4:54:8f:5e:f9:f9:da:e8:41:6f
Signer

Actual PE Digest

b1:2d:91:c9:4a:96:ff:d5:78:da:e4:54:8f:5e:f9:f9:da:e8:41:6f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

20/11/2018, 02:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
HeapAlloc
GetProcessHeap
OpenProcess
HeapFree
GetFileSize
MapViewOfFileEx
OpenFileMappingW
GetVersionExW
GetSystemInfo
GetWindowsDirectoryA
LocalFree
SystemTimeToFileTime
OutputDebugStringA
GetThreadLocale
SetThreadLocale
ExpandEnvironmentStringsA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
lstrcmpA
OpenThread
SetErrorMode
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemDirectoryA
GetModuleHandleA
DeleteFileA
CopyFileA
MoveFileExA
MoveFileA
SetFilePointerEx
GetFileTime
FindFirstFileA
FindNextFileA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
lstrcmpiA
FlushInstructionCache
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileA
SetLastError
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetTimeZoneInformation
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapCreate
CompareStringA
CompareStringW
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetDateFormatA
GetTimeFormatA
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
FormatMessageW
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
DeviceIoControl
SetEndOfFile
UnmapViewOfFile
FlushViewOfFile
ExpandEnvironmentStringsW
GetLongPathNameW
GetTempFileNameW
WritePrivateProfileStringW
CreateFileMappingW
MapViewOfFile
CreateThread
lstrlenA
GetCurrentProcess
InterlockedCompareExchange
SetEvent
InterlockedExchange
WaitForSingleObject
CreateEventW
LoadLibraryW
ReadFile
GetFileSizeEx
GetTempPathW
ExitProcess
Sleep
GetTickCount
WideCharToMultiByte
CreateMutexW
lstrcmpW
GlobalAlloc
GlobalLock
GetModuleFileNameA
GlobalUnlock
MulDiv
CopyFileW
GetCommandLineW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
MultiByteToWideChar
RaiseException
lstrcmpiW
lstrlenW
GetLastError
GetCurrentProcessId
GetProcAddress
InitializeCriticalSection
FreeLibrary
GetModuleHandleW
WriteFile
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
CloseHandle
SetFilePointer
CreateFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
LoadLibraryA

user32

DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
PostThreadMessageW
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
UnregisterClassA
CharNextW
GetParent
SendMessageW
CallWindowProcW
GetCursorPos
ScreenToClient
IsWindow
SetWindowLongW
GetWindowLongW
SetPropW
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
InvalidateRgn
FindWindowExW
WindowFromPoint
MessageBoxA
IsWindowVisible
DestroyMenu
MonitorFromPoint
AppendMenuW
TrackPopupMenu
CreatePopupMenu
SetCursor
UpdateLayeredWindow
GetClientRect
FillRect
OffsetRect
CopyRect
ReleaseCapture
SetCapture
MoveWindow
ClientToScreen
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
GetWindowThreadProcessId
WaitForInputIdle
GetSystemMetrics
GetPropW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
FindWindowW
SendMessageTimeoutW
PostQuitMessage
SetTimer
GetLastInputInfo
GetWindowRect
PtInRect
PostMessageW
KillTimer
ShowWindow
GetWindowTextA
SetWindowTextA
SystemParametersInfoW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints

gdi32

CreateFontIndirectW
DeleteDC
GetDeviceCaps
DeleteObject
GetObjectW
GetStockObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DPtoLP
CreateSolidBrush

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHGetFolderPathW
ord165
SHGetSpecialFolderPathW
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA

ole32

CoTaskMemFree
CoLoadLibrary
CoInitializeEx
OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysFreeString
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
DispCallFunc
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
SysAllocString

shlwapi

StrStrA
PathCombineA
PathIsDirectoryA
ord176
PathRemoveExtensionA
StrCmpNIA
StrRStrIA
PathAddBackslashA
PathFindFileNameW
PathCombineW
PathAppendW
PathFileExistsW
StrStrIW
PathRemoveFileSpecW
PathAddBackslashW
SHSetValueW
StrCpyNW
SHGetValueW
PathRemoveFileSpecA
StrRChrW
StrRStrIW
PathFileExistsA
PathFindExtensionA
StrToInt64ExA
PathCanonicalizeW
PathFindExtensionW
PathIsRootW
PathRemoveBackslashW
PathIsPrefixW
PathAppendA
StrStrIA
StrChrA
PathFindFileNameA

gdiplus

GdipGetImageWidth
GdiplusStartup
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipGetImageHeight
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree

comctl32

InitCommonControlsEx

crypt32

CertGetNameStringW
CryptStringToBinaryW
CryptStringToBinaryA

imm32

ImmDisableIME

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

version

VerQueryValueW

setupapi

SetupIterateCabinetW

psapi

GetModuleFileNameExW

Sections

.text
Size: 626KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bfbba6be9ed83093297524299baec211

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:daCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dcCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

f0:31:64:d2:34:fd:d6:cd:fe:4a:78:17:03:3a:fd:26:7e:fe:89:cb:80:97:f2:e6:54:b4:14:9c:ea:ae:93:ffSigner

Signature Validations

Verification

20/11/2018, 02:35 Valid: false

b1:2d:91:c9:4a:96:ff:d5:78:da:e4:54:8f:5e:f9:f9:da:e8:41:6fSigner

Signature Validations

Verification

20/11/2018, 02:35 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

comctl32

crypt32

imm32

wintrust

version

setupapi

psapi

Sections

.text Size: 626KB - Virtual size: 626KB

.rdata Size: 155KB - Virtual size: 155KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 46KB - Virtual size: 48KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:da
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dc
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

f0:31:64:d2:34:fd:d6:cd:fe:4a:78:17:03:3a:fd:26:7e:fe:89:cb:80:97:f2:e6:54:b4:14:9c:ea:ae:93:ff
Signer

20/11/2018, 02:35
Valid: false

b1:2d:91:c9:4a:96:ff:d5:78:da:e4:54:8f:5e:f9:f9:da:e8:41:6f
Signer

20/11/2018, 02:35
Valid: false

.text
Size: 626KB - Virtual size: 626KB

.rdata
Size: 155KB - Virtual size: 155KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 46KB - Virtual size: 48KB