44deb1b8d144ca08c7c718077b6bfbc36fd4992c1f4e63eee6fb5588c17b8c5c

Sharing

Copy URL Twitter E-mail

General

Target

44deb1b8d144ca08c7c718077b6bfbc36fd4992c1f4e63eee6fb5588c17b8c5c
Size

1.5MB
MD5

471813b58ce7427785c6757943f40eac
SHA1

a9d46fe993de0b2602a2ec9f54ff3b1c97344866
SHA256

44deb1b8d144ca08c7c718077b6bfbc36fd4992c1f4e63eee6fb5588c17b8c5c
SHA512

74681c39a67d97cd6e019c2260bc0df3e10a162af12417e45e73730543b49bd56b1ef3effb40966262d9cd3fce2d98de6f95b0f472f570efc1fdb6ffbcd9c08a
SSDEEP

24576:Nqv6+ucigbvc4RcyMdjnx558zrw3N1hr111kzODZ+108O1Ir9T+up0BogNhT:iOCNSYnw3NzFDZ+10RKxT+up0BvhT

Score

N/A

Malware Config

Signatures

Files

44deb1b8d144ca08c7c718077b6bfbc36fd4992c1f4e63eee6fb5588c17b8c5c
.dll regsvr32 windows x86

4a303404b6fbc586646616a464199c7b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:9f:da:ed:70:84:9b:8c:cc:05:cc:85:7b:d8:e4:36:09:cf:0c:a5
Signer

Actual PE Digest

27:9f:da:ed:70:84:9b:8c:cc:05:cc:85:7b:d8:e4:36:09:cf:0c:a5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

28/04/2014, 07:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SuspendThread
ResumeThread
FindFirstFileW
GetModuleFileNameW
FlushFileBuffers
SetLastError
FindClose
FindNextFileW
FreeLibrary
LoadLibraryW
GetProcAddress
Sleep
GetModuleHandleW
DeviceIoControl
GetCurrentProcessId
GetThreadLocale
RaiseException
lstrcpyA
GlobalFree
GlobalAlloc
GetCurrentDirectoryW
GetFileAttributesExW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetCurrentThreadId
WaitForSingleObject
GetTickCount
DeleteFileW
DeleteCriticalSection
GetLocalTime
EnterCriticalSection
MoveFileW
GetFileSizeEx
GetFileSize
LeaveCriticalSection
InitializeCriticalSection
WriteFile
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
CreateMutexW
GetSystemTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
LocalFileTimeToFileTime
lstrcmpiA
lstrcmpA
SetFilePointer
CreateFileW
ReadFile
SetThreadLocale
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
InterlockedDecrement
InterlockedIncrement
CloseHandle
SetEvent
CreateEventA
LockResource
GetLastError
SizeofResource
LoadResource
GetUserDefaultLCID
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
FindResourceW
FindResourceExW
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
LoadLibraryExW
ReleaseSemaphore
GetCurrentProcess
GetSystemTimeAsFileTime
MulDiv
FlushInstructionCache
lstrcmpiW
DuplicateHandle
CreateSemaphoreA
InterlockedExchange
TlsAlloc
TlsFree
TlsGetValue
SetWaitableTimer
InterlockedCompareExchange
TlsSetValue
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
SystemTimeToFileTime
OpenEventA
GetProcessHeap
HeapAlloc
ResetEvent
HeapFree
CreateWaitableTimerW
FormatMessageA
LocalFree
HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetFileAttributesW
ExitProcess
GetCommandLineA

user32

GetClientRect
SystemParametersInfoW
GetDlgItem
SetWindowPos
CallWindowProcW
EqualRect
ReleaseDC
UnionRect
IntersectRect
OffsetRect
RegisterClassExW
GetClassInfoExW
PtInRect
SetFocus
GetFocus
GetKeyState
IsChild
SetForegroundWindow
SetWindowRgn
DestroyWindow
SetCursor
GetWindowRect
UnregisterClassA
FindWindowExW
SendMessageW
EnableWindow
SetWindowTextW
MoveWindow
GetForegroundWindow
PostThreadMessageW
EndPaint
PostQuitMessage
LoadCursorW
DefWindowProcW
MessageBoxW
PostMessageW
CreateWindowExW
ScreenToClient
PeekMessageW
SetWindowLongW
GetWindowTextW
GetWindowLongW
InvalidateRect
IsWindow
ShowWindow
GetActiveWindow
KillTimer
SetTimer
CharNextW
BeginPaint
EnumWindows
GetDC

gdi32

CreateRectRgnIndirect
TextOutW
GetStockObject
RestoreDC
SaveDC
SetMapMode
CreateDCW
GetDeviceCaps
DeleteDC
LPtoDP
SetViewportOrgEx
SetWindowOrgEx
SetTextAlign

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHBrowseForFolderW
DragFinish
DragQueryFileW
DragAcceptFiles
ShellExecuteW

oleaut32

SysFreeString
RegisterTypeLi
UnRegisterTypeLi
SafeArrayCopy
SafeArrayGetUBound
SysStringByteLen
SafeArrayGetVartype
SafeArrayLock
SafeArrayRedim
VariantChangeType
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SysAllocStringByteLen
VariantCopy
VariantCopyInd
SafeArrayGetLBound
LoadRegTypeLi
VarUI4FromStr
OleCreatePropertyFrame
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysAllocStringLen
SysAllocString

comdlg32

GetOpenFileNameW
CommDlgExtendedError

advapi32

RegQueryInfoKeyW
RegEnumKeyExA
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW

shlwapi

PathRemoveFileSpecW
PathIsRootW
PathFileExistsW
PathCombineW
SHGetValueA
SHSetValueA
SHGetValueW

ws2_32

WSAStartup
WSACleanup

netapi32

Netbios

ole32

StringFromGUID2
CoTaskMemFree
CreateOleAdviseHolder
OleRegGetMiscStatus
CoTaskMemAlloc
CoCreateInstance
OleRegEnumVerbs
CoTaskMemRealloc
OleRegGetUserType

wininet

InternetQueryOptionW

urlmon

CreateURLMonikerEx
CreateAsyncBindCtx
IsValidURL

psapi

EnumProcessModules

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a303404b6fbc586646616a464199c7b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

27:9f:da:ed:70:84:9b:8c:cc:05:cc:85:7b:d8:e4:36:09:cf:0c:a5Signer

Signature Validations

Verification

28/04/2014, 07:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

comdlg32

advapi32

shlwapi

ws2_32

netapi32

ole32

wininet

urlmon

psapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 215KB - Virtual size: 214KB

.data Size: 96KB - Virtual size: 112KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 81KB - Virtual size: 80KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

27:9f:da:ed:70:84:9b:8c:cc:05:cc:85:7b:d8:e4:36:09:cf:0c:a5
Signer

28/04/2014, 07:38
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 96KB - Virtual size: 112KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 81KB - Virtual size: 80KB