8d8170a7b49b8c281798536f7edc92770a40a0c4098f8d3f6cd3abce48a66033

Sharing

Copy URL Twitter E-mail

General

Target

8d8170a7b49b8c281798536f7edc92770a40a0c4098f8d3f6cd3abce48a66033
Size

785KB
MD5

104cac010dd3c0003710f04c205d33f0
SHA1

90f80c353a2fbeb00b0dd6426e0bf284bc9368a4
SHA256

8d8170a7b49b8c281798536f7edc92770a40a0c4098f8d3f6cd3abce48a66033
SHA512

3834d52711de86183acb95a3786510d4fc2f53a1f574052baf0e8494b7caec0061446273b5e37459d9a76e6fd3224f910b700370ff77a9345e5a231a63cea18f
SSDEEP

12288:AqK7k8mbpvPR1sbLL4b5R/n0sJacWnTruXXWwCjlUgL4:AZ7k8mbZsbLkR/ntapnTkXHkhk

Score

N/A

Malware Config

Signatures

Files

8d8170a7b49b8c281798536f7edc92770a40a0c4098f8d3f6cd3abce48a66033
.exe windows x86

cd3239d86641851b23bab947c740c9c7

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:b5:da:1a:18:8b:29:dd:35:30:be:23:e5:dc:ca:48:95:53:26:f1
Signer

Actual PE Digest

f6:b5:da:1a:18:8b:29:dd:35:30:be:23:e5:dc:ca:48:95:53:26:f1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

26/07/2013, 09:27
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesW
lstrlenA
CreateProcessW
ReadFile
GlobalMemoryStatusEx
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetDiskFreeSpaceA
VerifyVersionInfoW
VerSetConditionMask
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
MoveFileW
LoadLibraryW
CreateEventW
SetEvent
ExpandEnvironmentStringsW
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetTickCount
QueryPerformanceCounter
DeviceIoControl
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
LCMapStringW
LCMapStringA
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
SetHandleCount
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
ExitProcess
GetProcAddress
CreateThread
ExitThread
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
MoveFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetFileType
SystemTimeToFileTime
LocalFileTimeToFileTime
SetEndOfFile
GetFileSizeEx
SetFilePointerEx
GetEnvironmentVariableW
SetEnvironmentVariableW
TlsFree
TlsAlloc
OpenThread
TlsSetValue
TlsGetValue
ReleaseMutex
GetFileSize
CreateFileW
CloseHandle
GetLocalTime
GetCurrentProcessId
SetFilePointer
WriteFile
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
InitializeCriticalSection
GetModuleHandleW
InterlockedIncrement
GetCurrentThreadId
DeleteCriticalSection
GetCommandLineW
SetCurrentDirectoryW
DeleteFileW
MoveFileExW
InterlockedDecrement
CreateMutexW
GetVersion
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
GlobalFree
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
FreeResource
LockResource
SizeofResource
FindResourceW
LoadResource
GetCurrentProcess
FlushInstructionCache
RaiseException
SetLastError
GetModuleFileNameW
GetTempPathW
GetLastError
Sleep
WaitForSingleObject
GetSystemTimeAsFileTime
OutputDebugStringW
FormatMessageW
GetSystemTime
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetStartupInfoW
GetSystemInfo
TerminateThread
GetEnvironmentStringsW

user32

BeginPaint
PostMessageW
GetActiveWindow
MessageBoxW
UnregisterClassA
GetWindowRect
UpdateLayeredWindow
IsWindow
PtInRect
FillRect
LoadImageW
GetSystemMetrics
PostThreadMessageW
PostQuitMessage
DialogBoxIndirectParamW
DestroyWindow
GetWindowTextLengthW
GetWindowTextW
ExitWindowsEx
ShowWindowAsync
EnumDisplaySettingsExW
EnumDisplayDevicesW
IsWindowVisible
IsIconic
GetLastActivePopup
SetForegroundWindow
IsCharAlphaNumericW
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateDialogIndirectParamW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DestroyIcon
SetWindowLongW
DefWindowProcW
EndDialog
AdjustWindowRectEx
SetWindowTextW
GetClassLongW
KillTimer
WindowFromPoint
GetCursorPos
ScreenToClient
EndPaint
CallWindowProcW
SetTimer
DrawTextW
LoadCursorW
SetCursor
DrawIconEx
OffsetRect
ReleaseCapture
GetCapture
SetCapture
IntersectRect
ReleaseDC
GetDC
GetParent
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsDialogMessageW
SendMessageW
ShowWindow
InvalidateRect
UpdateWindow
ClientToScreen
GetClientRect
SetWindowPos
LoadIconW

gdi32

CreatePen
GetTextColor
GetClipBox
StretchBlt
SetStretchBltMode
GetObjectW
IntersectClipRect
SetViewportOrgEx
ExcludeClipRect
Rectangle
GetTextExtentPoint32W
CreateCompatibleBitmap
GetStockObject
BitBlt
SetBkMode
SetTextColor
TextOutW
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
DeleteObject
OffsetViewportOrgEx
CreateFontIndirectW

advapi32

RegQueryValueExA
RegDeleteValueW
RegSaveKeyW
RegRestoreKeyW
OpenThreadToken
ImpersonateSelf
RegOpenKeyW
RegCreateKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW

ole32

CoInitialize
CoTaskMemAlloc
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysAllocString
VarUI4FromStr
VariantClear
VariantInit
SysFreeString

shlwapi

SHGetValueW
SHDeleteKeyW
PathFileExistsW
PathCombineW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdiplusShutdown
GdiplusStartup

rpcrt4

UuidToStringW
RpcStringFreeW

wininet

InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetSetOptionW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

urlmon

UrlMkGetSessionOption

Sections

.text
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd3239d86641851b23bab947c740c9c7

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f6:b5:da:1a:18:8b:29:dd:35:30:be:23:e5:dc:ca:48:95:53:26:f1Signer

Signature Validations

Verification

26/07/2013, 09:27 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

rpcrt4

wininet

version

iphlpapi

urlmon

Sections

.text Size: 465KB - Virtual size: 465KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 10KB - Virtual size: 21KB

.rsrc Size: 182KB - Virtual size: 181KB

.reloc Size: 37KB - Virtual size: 37KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f6:b5:da:1a:18:8b:29:dd:35:30:be:23:e5:dc:ca:48:95:53:26:f1
Signer

26/07/2013, 09:27
Valid: false

.text
Size: 465KB - Virtual size: 465KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 10KB - Virtual size: 21KB

.rsrc
Size: 182KB - Virtual size: 181KB

.reloc
Size: 37KB - Virtual size: 37KB