6b67d83319995b862e28e9ef1733c25831e5d118431daa6831356f5647926fdc

Sharing

Copy URL

Twitter E-mail

General

Target

6b67d83319995b862e28e9ef1733c25831e5d118431daa6831356f5647926fdc
Size

490KB
MD5

6ebe0492cb7d9d2098ce1f0096ef3949
SHA1

d17fefa8590245d1186d6b5660a05247eaa09fb6
SHA256

6b67d83319995b862e28e9ef1733c25831e5d118431daa6831356f5647926fdc
SHA512

4ba511621c63bf78d840c83f0ca39bfb96c1be52921de5c6ef6714dbb02787c3870ee99f5eab0652ef515be3c6e558a6799ff6160d9a1ee45974ca14444a4bf5
SSDEEP

12288:+enXGH9L6KuIbp/cvr+14S+e777777777777777777WIqnB:HnXGH9L6KuIbN2+1T+J

Score

N/A

Malware Config

Signatures

Files

6b67d83319995b862e28e9ef1733c25831e5d118431daa6831356f5647926fdc
.exe regsvr32 windows x86

fb74e3a08946581c8e03e089e7b209b0

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:e1:09:b2:5c:ab:79:88:e1:cb:fd:73:0a:87:67:3d:42:c1:0f:b9
Signer

Actual PE Digest

4b:e1:09:b2:5c:ab:79:88:e1:cb:fd:73:0a:87:67:3d:42:c1:0f:b9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

19/08/2012, 21:29
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

?Format@CTXStringW@@QAAXPB_WZZ
??1CTXBSTR@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
??ICTXBSTR@@QAEPAPA_WXZ
?IsEmpty@CTXBSTR@@QAEHXZ
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@XZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??0CTXStringW@@QAE@ABV0@@Z
??1CTXHttpDownloadSink@@UAE@XZ
??1CTXHttpDownload@@UAE@XZ
?CancelDownload@CTXHttpDownload@@QAEXXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
?GetLength@CTXStringW@@QBEHXZ
??YCTXStringW@@QAEAAV0@_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?Replace@CTXStringW@@QAEH_W0@Z
??ACTXStringW@@QBE_WH@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
??0CTXHttpDownload@@QAE@XZ
??0CTXHttpDownloadSink@@IAE@XZ
?Download@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@0H@Z
?MoveDownloadFile@CTXHttpDownload@@QAEHPB_WH@Z
?GetLastModifyTime@CTXHttpDownload@@QAEHAAU_SYSTEMTIME@@@Z
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
??9@YA_NABVCTXStringW@@0@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
?Empty@CTXStringW@@QAEXXZ
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@UtagGBK@@PBDH@Z
?EnableQQNetworkSettings@CTXHttpDownload@@QAEHH@Z
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
?GetResponseFileName@CTXHttpDownload@@QAEHAAVCTXStringW@@@Z
?SafeCoLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_WH@Z
?Find@CTXStringW@@QBEH_WH@Z
?MakeLower@CTXStringW@@QAEAAV1@XZ
??8@YA_NABVCTXStringW@@PB_W@Z
?Right@CTXStringW@@QBE?AV1@H@Z
??9@YA_N_WABVCTXStringW@@@Z
??8@YA_N_WABVCTXStringW@@@Z
?IsFileExist@FS@@YAHPB_W@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
ord34
?Compare@CTXStringW@@QBEHPB_W@Z
??M@YA_NABVCTXStringW@@0@Z
?Delete@CTXStringW@@QAEHHH@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
??0CTXStringW@@QAE@H@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
?Find@CTXStringW@@QBEHPB_WH@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
?Trim@CTXStringW@@QAEAAV1@XZ
??8@YA_NPB_WABVCTXStringW@@@Z
?GetAt@CTXStringW@@QBE_WH@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
?Empty@CTXBSTR@@QAEXXZ
?Length@CTXBSTR@@QBEIXZ
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?AllocSysString@CTXStringW@@QBEPA_WXZ
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??1CTXStringA@@QAE@XZ
??BCTXStringA@@QBEPBDXZ
??0CTXStringA@@QAE@UtagGBK@@PB_WH@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?GetCore@CoreCenter@Util@@YAHPA_WPAPAUITXCore@@@Z
?GetParentDir@File@Util@@YA?AVCTXStringW@@ABV3@@Z
?InitNetwork@Network@Util@@YAHXZ
?InitPlatformModeConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?GetPlatformCore@CoreCenter@Util@@YAHPAPAUITXPlatformCore@@@Z
?GetFilePrefix@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
?CheckVistaAndStartSelfMediumLevel@Sys@Util@@YAHXZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?GetLength@CTXStringA@@QBEHXZ
??4CTXStringA@@QAEAAV0@ABV0@@Z
??0CTXStringA@@QAE@XZ
?Find@CTXStringA@@QBEHPBDH@Z
?IsEmpty@CTXStringA@@QBE_NXZ
?TrimRight@CTXStringA@@QAEAAV1@XZ
?TrimLeft@CTXStringA@@QAEAAV1@XZ
??0CTXStringA@@QAE@ABV0@@Z
?GetBuffer@CTXStringA@@QAEPADH@Z
??YCTXStringA@@QAEAAV0@ABV0@@Z
??0CTXStringA@@QAE@PBD@Z
??YCTXStringA@@QAEAAV0@PBD@Z
?TrimRight@CTXStringA@@QAEAAV1@D@Z
??H@YA?AVCTXStringW@@ABV0@_W@Z
??BCTXStringW@@QBEPB_WXZ
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??0CTXStringW@@QAE@PB_W@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??0CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@PB_WH@Z
??1CTXStringW@@QAE@XZ

gf

?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z

mfc80u

ord4884
ord4729
ord5178
ord4206
ord5148
ord4119
ord1894
ord572
ord3158
ord2011
ord2985
ord5210
ord4226
ord1393
ord5911
ord6721
ord1536
ord2077
ord3286
ord1572
ord1634
ord293
ord354
ord1883
ord1785
ord6232
ord776
ord2651
ord6086
ord2311
ord2155
ord630
ord3082
ord2012
ord3050
ord385
ord3383
ord3635
ord4574
ord3627
ord1479
ord6111
ord2895
ord282
ord6700
ord6751
ord1194
ord807
ord2241
ord314
ord2244
ord2243
ord2827
ord6063
ord631
ord1431
ord2745
ord2742
ord3925
ord2279
ord2271
ord386
ord629
ord1430
ord5319
ord5083
ord384
ord258
ord2340
ord1571
ord590
ord331
ord3163
ord4475
ord2832
ord3629
ord3677
ord4535
ord757
ord427
ord566
ord3327
ord5562
ord5209
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord664
ord1049
ord4347
ord1189
ord3204
ord1118
ord1925
ord3296
ord1271
ord3311
ord4234
ord1582
ord2086
ord741
ord501
ord2366
ord6061
ord3678
ord313
ord2897
ord6284
ord5427
ord4061
ord283
ord866
ord3017
ord1662
ord1661
ord1542
ord6720
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord3176
ord577
ord587
ord715
ord605
ord870
ord557
ord745
ord1908
ord1182
ord6293
ord5327
ord6282
ord762
ord5316
ord1172
ord3249
ord1058
ord1079
ord5712
ord266
ord265
ord1176
ord1178
ord764
ord4255
ord1198

msvcr80

_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?_open@@YAHPBDHH@Z
_snprintf
_wtempnam
_except_handler4_common
_lseek
_close
_write
_read
?_wopen@@YAHPB_WHH@Z
_errno
malloc
strncpy
_snwprintf
memmove
wcsstr
__CxxFrameHandler3
memcpy_s
memset
_recalloc
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_purecall
free
_invoke_watson
_controlfp_s
_crt_debugger_hook
_wremove
memcmp
memcpy
_wtoi
fread
ftell
fseek
fclose
?_type_info_dtor_internal_method@type_info@@QAEXXZ
fwrite
wcsncmp
wcschr
_beginthreadex
srand
rand
__argc
__wargv
_time64
_wtol
_wfopen
wcsncpy
wcslen

kernel32

SetEvent
CloseHandle
ReadFile
GetFileSize
CreateFileW
GlobalAlloc
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
LockResource
FreeResource
SizeofResource
LoadResource
FindResourceW
ResumeThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
WaitForSingleObject
CreateFileA
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
ResetEvent
CreateEventW
GetThreadLocale
SetThreadLocale
InitializeCriticalSection
RaiseException
DeleteCriticalSection
GetModuleFileNameW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetVersion
GetPrivateProfileIntW
GetExitCodeThread
GetProcAddress
CreateDirectoryW
CopyFileW
GetPrivateProfileStringW
QueryPerformanceCounter
GetCurrentThreadId
GetModuleHandleW
WinExec
GetVersionExW
GetFileAttributesW
DosDateTimeToFileTime
TerminateThread
GetACP
GetLocaleInfoA
GetVersionExA
GetLastError

user32

LoadIconW
OffsetRect
GetWindowRect
UnregisterClassW
SetRect
FillRect
CopyRect
GetClientRect
InvalidateRect
ReleaseDC
UnregisterClassA
RegisterClassExW
CreateWindowExW
DefWindowProcW
GetDesktopWindow
GetWindow
IsWindow
GetPropW
IsIconic
ShowWindow
SetForegroundWindow
KillTimer
SetTimer
PostMessageW
GetSysColor
EnableWindow
SendMessageW
GetDC

gdi32

DeleteObject
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
ExtTextOutW
SelectClipRgn
SetStretchBltMode
StretchBlt
BitBlt
CreateRectRgnIndirect
CreateSolidBrush
GetStockObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

ole32

CoInitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

LoadRegTypeLi
OleLoadPicture
VariantInit
SysAllocString
VariantClear
LoadTypeLi
SysStringLen
SysFreeString

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

atl80

ord30
ord58
ord31
ord32
ord15
ord18
ord22
ord64

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb74e3a08946581c8e03e089e7b209b0

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

4b:e1:09:b2:5c:ab:79:88:e1:cb:fd:73:0a:87:67:3d:42:c1:0f:b9Signer

Signature Validations

Verification

19/08/2012, 21:29 Valid: false

Headers

File Characteristics

Imports

common

gf

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp80

atl80

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 210KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 214KB - Virtual size: 214KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

4b:e1:09:b2:5c:ab:79:88:e1:cb:fd:73:0a:87:67:3d:42:c1:0f:b9
Signer

19/08/2012, 21:29
Valid: false

.text
Size: 212KB - Virtual size: 210KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 214KB - Virtual size: 214KB