2381ce6b6f6a52b6c91226edf0ec173c36ee69ec515aaa5a8c47608a5001c1d5

Sharing

Copy URL Twitter E-mail

General

Target

2381ce6b6f6a52b6c91226edf0ec173c36ee69ec515aaa5a8c47608a5001c1d5
Size

1.4MB
MD5

27d4e44ae7878f87280f1695c7a4e0e0
SHA1

3d27d268361141be105292df62b4003d4e58a492
SHA256

2381ce6b6f6a52b6c91226edf0ec173c36ee69ec515aaa5a8c47608a5001c1d5
SHA512

0a9f35ce2ed1d1bab8504cc1e8e0357ee3121596e538273b6dad332d63bb13e0871e4397ae0d37f3012f023310f27df81ed18d3582038de6208dd471a371927b
SSDEEP

24576:2sa5pJaFQItCrLHG7FTGjyVQ/OfGIXtd8c6e/XVJ51pkU:c/gFyvIXtOF4VJ51pZ

Score

N/A

Malware Config

Signatures

Files

2381ce6b6f6a52b6c91226edf0ec173c36ee69ec515aaa5a8c47608a5001c1d5
.exe windows x86

881c38d3781ec9eb5589b57590b8cd31

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:58:05:ac:f0:a9:13:4f:f0:83:dc:c5:32:9c:58:05:6d:74:c8:cc
Signer

Actual PE Digest

27:58:05:ac:f0:a9:13:4f:f0:83:dc:c5:32:9c:58:05:6d:74:c8:cc

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

27/04/2015, 07:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Module32FirstW
Module32NextW
FileTimeToSystemTime
GetTempPathW
GetDiskFreeSpaceW
GetLocalTime
DeviceIoControl
FileTimeToLocalFileTime
GetVersionExW
lstrcpynW
lstrcpyW
lstrlenA
FreeResource
GetFileAttributesExW
GlobalSize
OutputDebugStringW
TerminateProcess
FormatMessageW
GetShortPathNameW
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
GetLongPathNameW
MoveFileW
lstrcatW
MulDiv
GetFileTime
GetDateFormatW
GetTimeFormatW
CompareStringW
OpenProcess
OpenEventW
LoadLibraryA
CopyFileW
CompareFileTime
FlushFileBuffers
GetSystemInfo
SetFilePointerEx
GetTempFileNameW
IsBadReadPtr
Process32NextW
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
Process32FirstW
GetStringTypeW
GetStringTypeA
GetModuleHandleA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
VirtualQuery
VirtualProtect
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
CreateMutexW
GetSystemTime
GetFileSizeEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateToolhelp32Snapshot
OpenMutexW
GetFileAttributesW
MoveFileExW
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WideCharToMultiByte
GetCurrentProcessId
SetFilePointer
ResetEvent
SetEvent
CreateThread
CreateEventW
Sleep
GetTickCount
SetLastError
GetPrivateProfileStringW
CreateDirectoryW
CreateProcessW
GetStartupInfoW
GetCommandLineW
ReadFile
GetFileSize
WriteFile
GetStdHandle
LoadLibraryExW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
SetFileAttributesW
RemoveDirectoryW
CloseHandle
WaitForSingleObject
GetModuleHandleW
SetPriorityClass
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
MultiByteToWideChar
LocalFree
GetLastError
WritePrivateProfileStringW
FindNextFileW
FindClose
FindFirstFileW
DeleteFileW
InterlockedDecrement
InterlockedIncrement
ExitProcess
LoadLibraryW
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
GlobalFree
RaiseException
GetVersion
GetModuleFileNameW
FindResourceExW
GetPrivateProfileIntW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

EnableWindow
IsWindowEnabled
WindowFromPoint
SetCursor
LoadImageW
FillRect
ReleaseCapture
SetCapture
GetCapture
PtInRect
DeleteMenu
GetMenuItemInfoW
InsertMenuW
InflateRect
GetSysColor
GetWindowDC
GetSystemMetrics
GetSysColorBrush
InsertMenuItemW
GetFocus
ReleaseDC
UnregisterClassA
GetDC
GetClientRect
UpdateWindow
SendMessageW
GetParent
InvalidateRect
PostMessageW
SetWindowRgn
SetWindowLongW
EndDialog
GetWindowLongW
KillTimer
MapWindowPoints
GetClassNameW
GetAncestor
GetKeyState
IsDialogMessageW
LockWindowUpdate
SetParent
IsClipboardFormatAvailable
GetMenuState
RegisterClipboardFormatW
GetClipboardData
IsIconic
EnableMenuItem
CheckMenuItem
GetCursorPos
EndPaint
BeginPaint
SetTimer
GetMenuStringW
wvsprintfW
SetRectEmpty
AppendMenuW
GetMessagePos
DrawEdge
SystemParametersInfoW
GetDlgItemInt
SetDlgItemInt
GetClassInfoW
RegisterClassW
GetIconInfo
DrawTextW
GetCaretPos
CopyRect
GetDlgCtrlID
FrameRect
AdjustWindowRectEx
IsRectEmpty
GetScrollPos
GetScrollInfo
ScrollWindow
MoveWindow
ScreenToClient
MonitorFromPoint
GetMenuItemCount
CreatePopupMenu
SetPropW
GetPropW
wsprintfW
LoadCursorW
SetWindowTextW
LoadIconW
SetWindowPos
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetActiveWindow
DestroyIcon
MessageBoxW
ShowWindow
PostQuitMessage
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
SetActiveWindow
SetForegroundWindow
SetDlgItemTextW
GetDlgItem
SetFocus
BringWindowToTop
GetWindowTextW
GetWindowTextLengthW
IsDlgButtonChecked
PostThreadMessageW
GetSubMenu
SetScrollPos
ShowScrollBar
SetScrollInfo
GetDesktopWindow
LoadMenuW
ClientToScreen
RedrawWindow
MessageBeep
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
DialogBoxParamW
CreateDialogParamW
GetClassInfoExW
RegisterClassExW
CharNextW
FindWindowW
DestroyMenu
CreateWindowExW
MsgWaitForMultipleObjects
PeekMessageW
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
DestroyWindow
IsWindow
RegisterWindowMessageW
CallWindowProcW
DefWindowProcW

gdi32

GetTextExtentPoint32W
DPtoLP
GetTextColor
GetTextMetricsW
CreateDCW
EnumFontFamiliesExW
GetTextExtentPointA
GetTextMetricsA
CreatePenIndirect
RoundRect
GetCurrentObject
CreateSolidBrush
CreateFontW
SetTextColor
SetBkMode
GetDeviceCaps
CreatePatternBrush
CreateBitmap
PatBlt
ExtTextOutW
SetBkColor
StretchBlt
SetViewportOrgEx
BitBlt
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
CreateRectRgn
GetPixel
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
GetObjectW
GetStockObject
GetBkColor
CreateFontIndirectW
DeleteDC

comdlg32

ChooseColorW
ChooseFontW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
RegEnumKeyW
RegOpenKeyW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
RegQueryValueExW
OpenProcessToken

shell32

ShellExecuteExW
ord165
SHBindToParent
SHGetMalloc
SHGetDesktopFolder
SHChangeNotify
Shell_NotifyIconW
SHGetSpecialFolderPathW
ord680
SHGetPathFromIDListW
ord4
ShellExecuteW
ord21
ord18
ord190
SHBrowseForFolderW
ord23
ord17
ord153
ord155
SHGetSpecialFolderLocation
CommandLineToArgvW
ord2
ord71
ord16
SHGetFileInfoW
DragAcceptFiles
ord152
SHFileOperationW
DragQueryFileW
DragQueryPoint

ole32

OleCreateStaticFromData
OleSetContainedObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
StgCreateDocfile
IIDFromString
DoDragDrop
CoUninitialize
CoInitialize
OleInitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr
SysAllocStringLen
SysAllocString
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysStringLen
VariantInit
SafeArrayCreateVector
OleTranslateColor
OleLoadPicture

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

StrCmpW
SHSetValueW
PathRenameExtensionW
StrRStrIW
PathSearchAndQualifyW
PathIsUNCW
PathRemoveBackslashW
PathIsDirectoryW
PathCompactPathExW
PathRemoveFileSpecW
PathAppendW
PathCombineW
SHDeleteKeyW
PathFileExistsW
SHGetValueW
PathIsRelativeW
PathFindExtensionW
StrCmpIW
ord437
PathFindFileNameW
PathRemoveExtensionW
PathAddExtensionW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Draw
ImageList_Create
ImageList_Remove
ImageList_SetImageCount
ImageList_Replace

gdiplus

GdipSetInterpolationMode
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapSetPixel
GdipDrawImageRectI
GdipBitmapLockBits
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdipGetImagePixelFormat
GdipBitmapSetResolution

oleacc

AccessibleObjectFromPoint

Sections

.text
Size: 937KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

881c38d3781ec9eb5589b57590b8cd31

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

27:58:05:ac:f0:a9:13:4f:f0:83:dc:c5:32:9c:58:05:6d:74:c8:ccSigner

Signature Validations

Verification

27/04/2015, 07:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

version

shlwapi

comctl32

gdiplus

oleacc

Sections

.text Size: 937KB - Virtual size: 937KB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 88KB - Virtual size: 100KB

.rsrc Size: 115KB - Virtual size: 114KB

.reloc Size: 66KB - Virtual size: 66KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

27:58:05:ac:f0:a9:13:4f:f0:83:dc:c5:32:9c:58:05:6d:74:c8:cc
Signer

27/04/2015, 07:52
Valid: false

.text
Size: 937KB - Virtual size: 937KB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 88KB - Virtual size: 100KB

.rsrc
Size: 115KB - Virtual size: 114KB

.reloc
Size: 66KB - Virtual size: 66KB