839d0e7eaf38757b61d06f6d296399b33168d824de6290adc46d510d5bbcbcc3

Sharing

Copy URL Twitter E-mail

General

Target

839d0e7eaf38757b61d06f6d296399b33168d824de6290adc46d510d5bbcbcc3
Size

557KB
MD5

00a98447a88902e5bc9d97b1d2b456c0
SHA1

4d54cc10727d3974b43cf80dfdb2693b68d18d74
SHA256

839d0e7eaf38757b61d06f6d296399b33168d824de6290adc46d510d5bbcbcc3
SHA512

b64b086d400ebd1214e10543693bcb56da5cb3226efe585c5d2e102c236195f64062d3ce36b6640a925d5a7613532c421686748211b08ce598cdfa9798b8c9b0
SSDEEP

6144:+OV4Pb1pxqFVJTlyzOlod333333Y333333u6KOryP2Lb+g9JMqy5v08Xla39UAZi:qxqHBy8KOe

Score

N/A

Malware Config

Signatures

Files

839d0e7eaf38757b61d06f6d296399b33168d824de6290adc46d510d5bbcbcc3
.exe windows x86

aa3f20e32c3c76a8253aa3f6904b198f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:59:2a:3c:62:8d:04:21:38:de:84:3f:41:f3:e1:f3:d0:67:22:c0
Signer

Actual PE Digest

78:59:2a:3c:62:8d:04:21:38:de:84:3f:41:f3:e1:f3:d0:67:22:c0

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

13/12/2012, 09:25
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
ReadFile
GetStdHandle
FreeLibrary
GetProcAddress
FlushInstructionCache
GetLastError
RaiseException
DeleteCriticalSection
CreateMutexW
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
CreateToolhelp32Snapshot
GetModuleHandleW
SetLastError
InitializeCriticalSection
InterlockedIncrement
OpenProcess
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
Process32NextW
Process32FirstW
GetCurrentThreadId
TerminateProcess
LocalFree
GetCommandLineW
GetVersionExW
FindFirstFileW
FindClose
FindNextFileW
Sleep
GetFileAttributesExW
DeleteFileW
lstrcmpW
CreateDirectoryW
RemoveDirectoryW
lstrcpynW
CreateFileW
GetFileSize
TerminateThread
LoadLibraryW
CreateEventW
ResetEvent
WaitForSingleObject
WriteFile
SetFilePointer
SetEvent
GetTickCount
HeapSize
GetProcessHeap
GetVersionExA
HeapAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringW
IsBadReadPtr
GetLocalTime
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
CreateProcessW
CloseHandle
GetDriveTypeW
GetVolumeInformationW
GetLogicalDrives
WideCharToMultiByte
lstrlenW
FindResourceW
LockResource
FindResourceExW
GetModuleFileNameW
LoadResource
SizeofResource
GetComputerNameW
MultiByteToWideChar
HeapReAlloc
HeapFree
WaitForMultipleObjects
HeapDestroy

user32

LoadCursorW
LoadIconW
MapWindowPoints
GetClientRect
EnableWindow
GetWindowRect
GetWindow
GetWindowTextW
GetActiveWindow
SendMessageW
GetDlgItem
SetWindowPos
EndDialog
InvalidateRect
CallWindowProcW
GetWindowLongW
LoadStringW
KillTimer
ShowWindow
DialogBoxParamW
CharNextW
SetWindowLongW
UnregisterClassA
FindWindowA
SendMessageTimeoutW
IsIconic
MessageBoxW
GetWindowTextLengthW
SystemParametersInfoW
GetDlgCtrlID
SetTimer
GetParent
SetWindowTextW
DefWindowProcW
GetClassInfoExW
SetRect
DestroyWindow
RegisterClassExW
CreateWindowExW
IsWindow
SetCursor
PostMessageW

gdi32

SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
SetBkMode
GetStockObject
CreateSolidBrush
SelectObject

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
GetUserNameW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW

shell32

Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoLoadLibrary
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoFreeLibrary

oleaut32

SysFreeString
SysAllocStringByteLen
VarUI4FromStr
SysAllocString

qqmusiccommon_new

?SetDoc@CMarkup@@QAE_NABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetAttrib@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@UMCD_CSTR@@@Z
?FindElem@CMarkup@@QAE_NUMCD_CSTR@@@Z
?GetData@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
??1CMarkup@@QAE@XZ
?UTF8To16@CMarkup@@SAHPAGPBDH@Z
?OutOfElem@CMarkup@@QAE_NXZ
?IntoElem@CMarkup@@QAE_NXZ
??0CMarkup@@QAE@XZ
?InitVersionInfo@qqmusic@@YAHPAUHINSTANCE__@@@Z
?WriteLog@qqmusic@@YAXKPB_WZZ
?GetAppDataFolder@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetOsVersion@qqmusic@@YAXAAK0@Z

shlwapi

wnsprintfW
StrCmpW
PathFileExistsW

msvcp80

?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z

msvcr80

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_snprintf_s
_vsnwprintf_s
strncpy_s
_getpid
towlower
srand
wcsncat_s
__setusermatherr
??3@YAXPAX@Z
memmove_s
iswspace
free
??_V@YAXPAX@Z
malloc
memcpy_s
_vscwprintf
vswprintf_s
wcschr
wcsstr
wcstoul
wcsncpy_s
??2@YAPAXI@Z
_recalloc
_wtoi
_purecall
_time64
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
wcsrchr
calloc
_beginthreadex
swprintf_s
_CxxThrowException
memcpy
memset
__CxxFrameHandler3
fputc
__iob_func
exit
rand
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale

netapi32

Netbios

wininet

HttpOpenRequestW
HttpSendRequestW
InternetQueryOptionW
InternetCloseHandle
InternetSetOptionW
InternetOpenW
InternetCanonicalizeUrlW
InternetReadFileExA
InternetSetStatusCallbackW
InternetConnectW
InternetCrackUrlW
HttpQueryInfoW

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa3f20e32c3c76a8253aa3f6904b198f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

78:59:2a:3c:62:8d:04:21:38:de:84:3f:41:f3:e1:f3:d0:67:22:c0Signer

Signature Validations

Verification

13/12/2012, 09:25 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

qqmusiccommon_new

shlwapi

msvcp80

msvcr80

netapi32

wininet

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 353KB - Virtual size: 353KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

78:59:2a:3c:62:8d:04:21:38:de:84:3f:41:f3:e1:f3:d0:67:22:c0
Signer

13/12/2012, 09:25
Valid: false

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 353KB - Virtual size: 353KB