General

Malware Config

Signatures

Files

• f6763ffbb4146148c31112f49f31bc335970242f405c7120e71eea0afbb70b61

  .zip
• Baidu_Com_90000170.exe

  .exe windows x86

  32f3282581436269b3a75b6675fe3e08

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:2f:4e:e1:35:5c

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  13-04-2019 10:00

  Subject

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  22-02-2012 09:18

  Not After

  22-02-2015 09:18

  Subject

  CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  61:29:15:27:00:00:00:00:00:2a

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  15-04-2011 19:55

  Not After

  15-04-2021 20:05

  Subject

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  24:c7:05:f1:df:46:b7:bc:3f:27:58:2f:78:dc:74:d0:fb:05:5a:37

  Signer

  Actual PE Digest

  24:c7:05:f1:df:46:b7:bc:3f:27:58:2f:78:dc:74:d0:fb:05:5a:37

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

  06-08-2014 05:53

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetFileTime

  CompareFileTime

  SearchPathW

  GetShortPathNameW

  GetFullPathNameW

  MoveFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  GetLastError

  CreateDirectoryW

  SetFileAttributesW

  Sleep

  GetTickCount

  CreateFileW

  GetFileSize

  GetModuleFileNameW

  GetCurrentProcess

  CopyFileW

  ExitProcess

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  SetErrorMode

  CloseHandle

  lstrlenW

  lstrcpynW

  GetDiskFreeSpaceW

  GlobalUnlock

  GlobalLock

  CreateThread

  LoadLibraryW

  CreateProcessW

  lstrcmpiA

  GetTempFileNameW

  lstrcatW

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  OpenProcess

  lstrcpyW

  GetVersionExW

  GetSystemDirectoryW

  GetVersion

  lstrcpyA

  RemoveDirectoryW

  lstrcmpA

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalAlloc

  WaitForSingleObject

  GetExitCodeProcess

  GlobalFree

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  WideCharToMultiByte

  lstrlenA

  MulDiv

  WriteFile

  ReadFile

  MultiByteToWideChar

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  lstrcpynA

  user32

  GetAsyncKeyState

  IsDlgButtonChecked

  ScreenToClient

  GetMessagePos

  CallWindowProcW

  IsWindowVisible

  LoadBitmapW

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  GetWindowRect

  AppendMenuW

  CreatePopupMenu

  GetSystemMetrics

  EndDialog

  EnableMenuItem

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  DialogBoxParamW

  CheckDlgButton

  CreateWindowExW

  SystemParametersInfoW

  RegisterClassW

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharNextA

  CharUpperW

  CharPrevW

  wvsprintfW

  DispatchMessageW

  PeekMessageW

  wsprintfA

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  LoadCursorW

  SetCursor

  GetWindowLongW

  GetSysColor

  CharNextW

  GetClassInfoW

  ExitWindowsEx

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  FindWindowExW

  gdi32

  SetBkColor

  GetDeviceCaps

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  SelectObject

  shell32

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  SHGetSpecialFolderLocation

  advapi32

  RegEnumKeyW

  RegOpenKeyExW

  RegCloseKey

  RegDeleteKeyW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  comctl32

  ImageList_AddMasked

  ImageList_Destroy

  ord17

  ImageList_Create

  ole32

  CoTaskMemFree

  OleInitialize

  OleUninitialize

  CoCreateInstance

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  Sections

  .text

  Size: 28KB - Virtual size: 27KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 415KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 612KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 22KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• ӛ-14.9.26.1.exe

  .exe windows x86

  dbf3450e772387797d2bcf2c5c3042ef

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  rasapi32

  RasHangUpA

  RasGetConnectStatusA

  winmm

  midiStreamOut

  midiOutPrepareHeader

  midiStreamProperty

  midiStreamOpen

  midiOutUnprepareHeader

  waveOutOpen

  waveOutGetNumDevs

  waveOutClose

  waveOutUnprepareHeader

  waveOutPrepareHeader

  waveOutWrite

  waveOutPause

  waveOutReset

  midiStreamRestart

  midiStreamClose

  midiOutReset

  midiStreamStop

  ws2_32

  WSAAsyncSelect

  closesocket

  send

  select

  WSACleanup

  WSAStartup

  accept

  getpeername

  recv

  ioctlsocket

  recvfrom

  inet_ntoa

  kernel32

  GetCurrentProcess

  TerminateProcess

  GetWindowsDirectoryA

  GetSystemDirectoryA

  MultiByteToWideChar

  GetVersion

  GetFileSize

  WideCharToMultiByte

  GetACP

  CompareStringA

  GetStringTypeW

  GetStringTypeA

  SetUnhandledExceptionFilter

  IsBadWritePtr

  VirtualAlloc

  LCMapStringW

  LCMapStringA

  SetEnvironmentVariableA

  VirtualFree

  HeapCreate

  HeapDestroy

  GetEnvironmentVariableA

  GetStdHandle

  SetHandleCount

  GetEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  FreeEnvironmentStringsA

  UnhandledExceptionFilter

  GetFileType

  SetStdHandle

  HeapSize

  RaiseException

  GetLocalTime

  GetSystemTime

  RtlUnwind

  GetStartupInfoA

  GetOEMCP

  GetCPInfo

  GetProcessVersion

  SetErrorMode

  GlobalFlags

  GetCurrentThread

  GetFileTime

  TlsGetValue

  LocalReAlloc

  TlsSetValue

  TlsFree

  GlobalHandle

  TlsAlloc

  LocalAlloc

  lstrcmpA

  GlobalGetAtomNameA

  GlobalAddAtomA

  GlobalFindAtomA

  GlobalDeleteAtom

  lstrcmpiA

  GetThreadLocale

  SetEndOfFile

  UnlockFile

  LockFile

  FlushFileBuffers

  DuplicateHandle

  lstrcpynA

  FileTimeToLocalFileTime

  FormatMessageA

  LocalFree

  InterlockedDecrement

  InterlockedIncrement

  SetFilePointer

  CreateToolhelp32Snapshot

  Process32First

  Process32Next

  SetLastError

  GetTimeZoneInformation

  FileTimeToSystemTime

  CreateSemaphoreA

  ResumeThread

  ReleaseSemaphore

  EnterCriticalSection

  LeaveCriticalSection

  GetProfileStringA

  WriteFile

  ReadFile

  GetLastError

  WaitForMultipleObjects

  CreateFileA

  SetEvent

  FindResourceA

  LoadResource

  LockResource

  GetModuleFileNameA

  GetCurrentThreadId

  ExitProcess

  GlobalSize

  GlobalFree

  DeleteCriticalSection

  InitializeCriticalSection

  lstrcatA

  WinExec

  lstrcpyA

  FindNextFileA

  GlobalReAlloc

  HeapFree

  HeapReAlloc

  GetProcessHeap

  HeapAlloc

  GetFullPathNameA

  FreeLibrary

  LoadLibraryA

  lstrlenA

  GetVersionExA

  WritePrivateProfileStringA

  CreateThread

  CreateEventA

  Sleep

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GetTempPathA

  FindFirstFileA

  FindClose

  GetFileAttributesA

  DeleteFileA

  SetCurrentDirectoryA

  GetVolumeInformationA

  GetModuleHandleA

  GetProcAddress

  MulDiv

  GetCommandLineA

  GetTickCount

  WaitForSingleObject

  CloseHandle

  CompareStringW

  IsBadReadPtr

  IsBadCodePtr

  InterlockedExchange

  GetModuleFileNameW

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  GetDlgItem

  FindWindowExA

  GetClassNameA

  GetDesktopWindow

  SetWindowTextA

  SystemParametersInfoA

  LoadIconA

  TranslateMessage

  DrawFrameControl

  DrawEdge

  DrawFocusRect

  WindowFromPoint

  GetMessageA

  DispatchMessageA

  SetRectEmpty

  RegisterClipboardFormatA

  CreateIconFromResourceEx

  CreateIconFromResource

  DrawIconEx

  CreatePopupMenu

  AppendMenuA

  ModifyMenuA

  CreateMenu

  CreateAcceleratorTableA

  GetDlgCtrlID

  GetSubMenu

  EnableMenuItem

  ClientToScreen

  EnumDisplaySettingsA

  LoadImageA

  ShowWindow

  IsWindowEnabled

  TranslateAcceleratorA

  GetKeyState

  CopyAcceleratorTableA

  PostQuitMessage

  IsZoomed

  GetSystemMenu

  DeleteMenu

  GetClassInfoA

  DefWindowProcA

  GetMenu

  SetMenu

  PeekMessageA

  PostThreadMessageA

  GetNextDlgGroupItem

  GetSysColorBrush

  LoadStringA

  MapDialogRect

  SetWindowContextHelpId

  CharNextA

  GetMenuCheckMarkDimensions

  GetMenuState

  SetMenuItemBitmaps

  CheckMenuItem

  MoveWindow

  IsDialogMessageA

  ScrollWindowEx

  GetWindowTextA

  SendDlgItemMessageA

  MapWindowPoints

  AdjustWindowRectEx

  GetScrollPos

  RegisterClassA

  GetMenuItemCount

  GetMenuItemID

  CreateWindowExA

  IsIconic

  SetFocus

  GetActiveWindow

  GetWindow

  DestroyAcceleratorTable

  SetWindowRgn

  GetMessagePos

  ScreenToClient

  ChildWindowFromPointEx

  CopyRect

  LoadBitmapA

  WinHelpA

  KillTimer

  SetTimer

  ReleaseCapture

  GetCapture

  SetCapture

  GetScrollRange

  SetScrollRange

  SetScrollPos

  InflateRect

  SetRect

  IntersectRect

  DestroyIcon

  PtInRect

  OffsetRect

  IsWindowVisible

  EnableWindow

  RedrawWindow

  GetWindowLongA

  SetWindowLongA

  GetSysColor

  SetActiveWindow

  SetCursorPos

  LoadCursorA

  SetCursor

  GetDC

  FillRect

  IsRectEmpty

  ReleaseDC

  IsChild

  DestroyMenu

  SetForegroundWindow

  GetWindowRect

  EqualRect

  UpdateWindow

  ValidateRect

  InvalidateRect

  GetClientRect

  GetFocus

  GetParent

  GetTopWindow

  PostMessageA

  IsWindow

  SetParent

  DestroyCursor

  SendMessageA

  SetWindowPos

  MessageBeep

  MessageBoxA

  GetCursorPos

  GetSystemMetrics

  EmptyClipboard

  SetClipboardData

  OpenClipboard

  GetClipboardData

  CloseClipboard

  wsprintfA

  GetForegroundWindow

  UnregisterClassA

  GetWindowTextLengthA

  CharUpperA

  GetWindowDC

  BeginPaint

  EndPaint

  TabbedTextOutA

  DrawTextA

  GrayStringA

  DestroyWindow

  CreateDialogIndirectParamA

  EndDialog

  GetNextDlgTabItem

  GetWindowPlacement

  RegisterWindowMessageA

  GetLastActivePopup

  GetMessageTime

  RemovePropA

  CallWindowProcA

  GetPropA

  UnhookWindowsHookEx

  SetPropA

  GetClassLongA

  CallNextHookEx

  SetWindowsHookExA

  gdi32

  GetStretchBltMode

  GetPolyFillMode

  GetMapMode

  GetTextMetricsA

  Escape

  ExtTextOutA

  TextOutA

  RectVisible

  PtVisible

  GetViewportExtEx

  ExtSelectClipRgn

  CreateCompatibleBitmap

  CreateDCA

  CreateBitmap

  SelectObject

  GetObjectA

  PatBlt

  FillRgn

  CreateRectRgn

  CombineRgn

  CreateSolidBrush

  GetStockObject

  CreateFontIndirectA

  EndPage

  EndDoc

  DeleteDC

  StartDocA

  StartPage

  BitBlt

  GetPixel

  CreateCompatibleDC

  Ellipse

  Rectangle

  LPtoDP

  DPtoLP

  GetCurrentObject

  RoundRect

  GetTextExtentPoint32A

  GetDeviceCaps

  LineTo

  MoveToEx

  ExcludeClipRect

  GetClipBox

  ScaleWindowExtEx

  SetWindowExtEx

  GetDIBits

  SetWindowOrgEx

  ScaleViewportExtEx

  SetViewportExtEx

  OffsetViewportOrgEx

  SetViewportOrgEx

  SetMapMode

  SetTextColor

  RealizePalette

  SelectPalette

  StretchBlt

  CreatePalette

  GetSystemPaletteEntries

  CreateDIBitmap

  DeleteObject

  SelectClipRgn

  CreatePolygonRgn

  GetClipRgn

  SetStretchBltMode

  ExtCreateRegion

  SetPixel

  CreateDIBSection

  CreateRectRgnIndirect

  SetBkColor

  GetROP2

  GetBkColor

  GetBkMode

  GetTextColor

  CreateRoundRectRgn

  CreateEllipticRgn

  PathToRegion

  EndPath

  BeginPath

  GetWindowOrgEx

  GetViewportOrgEx

  CreatePen

  SetROP2

  SetPolyFillMode

  SetBkMode

  RestoreDC

  SaveDC

  GetWindowExtEx

  winspool.drv

  ClosePrinter

  DocumentPropertiesA

  OpenPrinterA

  advapi32

  RegCreateKeyExA

  RegQueryValueA

  RegSetValueExA

  RegOpenKeyExA

  RegCloseKey

  shell32

  ShellExecuteA

  Shell_NotifyIconA

  SHGetSpecialFolderPathA

  ole32

  StgCreateDocfileOnILockBytes

  CreateILockBytesOnHGlobal

  CoFreeUnusedLibraries

  CoRegisterMessageFilter

  CoRevokeClassObject

  OleFlushClipboard

  StgOpenStorageOnILockBytes

  CoGetClassObject

  CLSIDFromProgID

  CLSIDFromString

  OleUninitialize

  OleInitialize

  CoTaskMemFree

  CoTaskMemAlloc

  OleIsCurrentClipboard

  oleaut32

  SafeArrayUnaccessData

  SafeArrayAccessData

  SysAllocString

  SafeArrayCreate

  UnRegisterTypeLi

  RegisterTypeLi

  LoadTypeLi

  OleCreateFontIndirect

  SysFreeString

  SafeArrayGetDim

  SysAllocStringByteLen

  SysAllocStringLen

  SysStringLen

  VariantTimeToSystemTime

  SafeArrayGetLBound

  SafeArrayGetUBound

  VariantChangeType

  VariantClear

  VariantCopy

  SafeArrayGetElemsize

  comctl32

  ord17

  ImageList_Destroy

  oledlg

  ord8

  wininet

  InternetCanonicalizeUrlA

  InternetCrackUrlA

  HttpOpenRequestA

  HttpSendRequestA

  HttpQueryInfoA

  InternetReadFile

  InternetConnectA

  InternetSetOptionA

  InternetCloseHandle

  InternetOpenA

  comdlg32

  ChooseColorA

  GetFileTitleA

  GetSaveFileNameA

  GetOpenFileNameA

  Sections

  .text

  Size: - Virtual size: 567KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 1.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 261KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .vmp0

  Size: - Virtual size: 29KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 96KB - Virtual size: 109KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• װʹ˵.txt
• QQ.url

  .url