0ea306c41c3563aa022243755bfc5457dffd64d1dfde1a50336057c0ee64d0a1

Sharing

Copy URL Twitter E-mail

General

Target

0ea306c41c3563aa022243755bfc5457dffd64d1dfde1a50336057c0ee64d0a1
Size

1.4MB
MD5

0e27971f7f46d2bd079f5e99890946f0
SHA1

3d8a91570ffa15ff8fb3f783fc9c531d79bd235a
SHA256

0ea306c41c3563aa022243755bfc5457dffd64d1dfde1a50336057c0ee64d0a1
SHA512

18518824d4484ac84e0202a38971a19a1e01fd0f88f71ea80b5f44f03f9cfffc333bdf2f8372e5b6f594bebbe5b89d20f6d1b7c2081a8443f047e9db82d6b740
SSDEEP

24576:R+//Gbj4W3CfYfvNxuI/EOu8OzssHULV8Hk0BWeMl6zXzGxPAsVwHnb5IoTYT8N5:LzvxujXzsPAmw7rTYTELa0WTNaHJb

Score

N/A

Malware Config

Signatures

Files

0ea306c41c3563aa022243755bfc5457dffd64d1dfde1a50336057c0ee64d0a1
.exe windows x86

dc5257ed0c19745cb3bce6343ea3ddf2

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:07:9c:44:43:79:4e:75:b1:11:c9:f2:24:12:8a:6a:13:a2:39:9b
Signer

Actual PE Digest

fa:07:9c:44:43:79:4e:75:b1:11:c9:f2:24:12:8a:6a:13:a2:39:9b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

20/01/2014, 11:42
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
MulDiv
lstrcmpW
Sleep
GetWindowsDirectoryW
WaitForSingleObject
GetExitCodeProcess
SetEvent
CreateEventW
ExitProcess
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
TerminateProcess
Process32NextW
GetDiskFreeSpaceExW
GetFileAttributesW
SuspendThread
TerminateThread
FormatMessageW
LocalAlloc
GetLogicalDriveStringsA
GetVersion
GetSystemDirectoryA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetPrivateProfileStringW
GetModuleHandleA
GetSystemDefaultLangID
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
SetFileAttributesW
GetProcAddress
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
lstrcmpiW
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
GetCurrentThreadId
GetSystemTime
GlobalMemoryStatusEx
CreateThread
CreateProcessW
OpenProcess
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
LocalFree
WritePrivateProfileStringW
GetCurrentProcess
GetVersionExW
RemoveDirectoryW
lstrcpyW
GetFullPathNameW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
ReleaseMutex
OpenThread
SetLastError
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
GetTickCount
DeleteFileW
GetLastError
CreateDirectoryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTempPathW
OutputDebugStringW
GetModuleFileNameW
WriteFile
CreateFileA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
InterlockedExchange
RaiseException
CloseHandle
VirtualAlloc
CreateFileW
ReadFile
VirtualFree
SetFilePointer
GetFileSize
FreeLibrary
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
TlsSetValue
SetEnvironmentVariableW
TlsGetValue
GetEnvironmentVariableW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
DeviceIoControl
GetSystemTimeAsFileTime
lstrlenA
FlushFileBuffers
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetModuleHandleW

user32

EndPaint
PtInRect
SetWindowPos
SetWindowLongW
GetWindowLongW
FindWindowW
IsWindow
GetWindowRect
SetTimer
PostMessageW
PostQuitMessage
ShowWindow
SendMessageW
CharUpperBuffW
CallWindowProcW
GetSystemMetrics
GetDesktopWindow
GetWindowThreadProcessId
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
GetClassInfoExW
LoadCursorW
DefWindowProcW
DestroyWindow
GetDlgItem
CreateWindowExW
MapWindowPoints
SystemParametersInfoW
SetCursor
GetCursorPos
UpdateLayeredWindow
UpdateWindow
GetCapture
TrackMouseEvent
AdjustWindowRectEx
DrawTextW
InflateRect
DrawIconEx
GetIconInfo
WindowFromDC
UnregisterClassA
GetClientRect
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
EndDialog
ExitWindowsEx
GetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
CharNextW
ReplyMessage
InSendMessageEx
LoadIconW
SetWindowRgn
DialogBoxParamW
IsIconic
GetActiveWindow
PeekMessageW
SetForegroundWindow
GetKeyState
MessageBoxW
KillTimer
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
SetWindowsHookExW
IsChild
GetFocus
SetFocus
GetClassNameW
GetSysColor
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
InvalidateRect
GetDC
ReleaseDC
DestroyAcceleratorTable

gdi32

CreateRoundRectRgn
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
GetStockObject
GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
SetViewportOrgEx
GetObjectType
GetRandomRgn
GdiAlphaBlend
GetLayout
SetLayout
GetCurrentObject
SetBkMode
LPtoDP
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
GetTextExtentPoint32W
CreateFontIndirectW
SelectClipRgn
CreateRectRgn
CombineRgn
OffsetRgn
GetRgnBox
CreateRectRgnIndirect
RectVisible
SaveDC
IntersectClipRect
RestoreDC

advapi32

RegQueryValueExA
RegOpenKeyExW
RegCreateKeyA
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey

shell32

SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetSpecialFolderPathA

ole32

StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize

oleaut32

VariantCopy
VariantChangeType
CreateDispTypeInfo
CreateStdDispatch
SysStringLen
VarBstrCmp
SysFreeString
SysAllocString
VariantClear
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantInit
SysAllocStringLen
VarCmp

shlwapi

SHSetValueA
PathFindExtensionW
SHGetValueA
PathFileExistsW
PathAppendW
SHDeleteValueW
SHDeleteEmptyKeyW
SHDeleteKeyW
StrToIntW
StrStrIW
SHSetValueW
StrCmpIW
StrStrW
PathIsRootW
PathRemoveFileSpecW
PathFindFileNameW
SHGetValueW

comctl32

InitCommonControlsEx

psapi

EnumProcessModules
GetModuleFileNameExW

wininet

HttpOpenRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpSendRequestW
HttpQueryInfoW
InternetConnectW
InternetCloseHandle
InternetErrorDlg
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
HttpQueryInfoA
InternetReadFile
InternetCrackUrlW
InternetQueryOptionW

gdiplus

GdiplusShutdown

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc5257ed0c19745cb3bce6343ea3ddf2

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

fa:07:9c:44:43:79:4e:75:b1:11:c9:f2:24:12:8a:6a:13:a2:39:9bSigner

Signature Validations

Verification

20/01/2014, 11:42 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

wininet

gdiplus

version

Sections

.text Size: 831KB - Virtual size: 831KB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 42KB - Virtual size: 60KB

.rsrc Size: 267KB - Virtual size: 267KB

.reloc Size: 96KB - Virtual size: 117KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fa:07:9c:44:43:79:4e:75:b1:11:c9:f2:24:12:8a:6a:13:a2:39:9b
Signer

20/01/2014, 11:42
Valid: false

.text
Size: 831KB - Virtual size: 831KB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 42KB - Virtual size: 60KB

.rsrc
Size: 267KB - Virtual size: 267KB

.reloc
Size: 96KB - Virtual size: 117KB