8676b81e235dc459a6dbcf1ad861606bde629ee562f5c33b70eb64f609ffd189

Sharing

Copy URL Twitter E-mail

General

Target

8676b81e235dc459a6dbcf1ad861606bde629ee562f5c33b70eb64f609ffd189
Size

680KB
MD5

8a8746dbd49642f363e4ea3861dd7f66
SHA1

34215d4d8bb85a2f45251570b9f9f2287d0187e1
SHA256

8676b81e235dc459a6dbcf1ad861606bde629ee562f5c33b70eb64f609ffd189
SHA512

9e8d81a942a98ace3c25f6de47bab3405109613c59f5bd1995398629a6f06a49fc2b334fa3ce8007821714e0f1b69d02c0c46f5a36cc02a555406e00ba026cc9
SSDEEP

12288:x5fDEE+V8JLbji0I8K84mpvv4S+e777777777777777777WIyX2DH/MW/Wm7MDg0:x5bEE+V8JLbji0IBOJvT+FXeJt7kgqSM

Score

N/A

Malware Config

Signatures

Files

8676b81e235dc459a6dbcf1ad861606bde629ee562f5c33b70eb64f609ffd189
.exe regsvr32 windows x86

b6aa88583892b8b312e3c243e452259c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/02/2009, 00:00

Not After

15/02/2010, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:04:e8:5f:2a:0a:ef:45:02:26:1d:98:c9:a9:d4:56:01:90:cf:f5
Signer

Actual PE Digest

04:04:e8:5f:2a:0a:ef:45:02:26:1d:98:c9:a9:d4:56:01:90:cf:f5

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

02/12/2009, 11:48
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?Format@CTXStringW@@QAAXPB_WZZ
??1CTXBSTR@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
??ICTXBSTR@@QAEPAPA_WXZ
?IsEmpty@CTXBSTR@@QAEHXZ
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@XZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??0CTXStringW@@QAE@ABV0@@Z
??1CTXHttpDownloadSink@@UAE@XZ
??1CTXHttpDownload@@UAE@XZ
?CancelDownload@CTXHttpDownload@@QAEXXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
?GetLength@CTXStringW@@QBEHXZ
??YCTXStringW@@QAEAAV0@_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?Replace@CTXStringW@@QAEH_W0@Z
??ACTXStringW@@QBE_WH@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
??0CTXHttpDownload@@QAE@XZ
??0CTXHttpDownloadSink@@IAE@XZ
?Download@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@0H@Z
?MoveDownloadFile@CTXHttpDownload@@QAEHPB_WH@Z
?GetLastModifyTime@CTXHttpDownload@@QAEHAAU_SYSTEMTIME@@@Z
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
??9@YA_NABVCTXStringW@@0@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
?Empty@CTXStringW@@QAEXXZ
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@UtagGBK@@PBDH@Z
?EnableQQNetworkSettings@CTXHttpDownload@@QAEHH@Z
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
?GetResponseFileName@CTXHttpDownload@@QAEHAAVCTXStringW@@@Z
?Find@CTXStringW@@QBEH_WH@Z
?MakeLower@CTXStringW@@QAEAAV1@XZ
??8@YA_NABVCTXStringW@@PB_W@Z
?Right@CTXStringW@@QBE?AV1@H@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??8@YA_N_WABVCTXStringW@@@Z
?Compare@CTXStringW@@QBEHPB_W@Z
??M@YA_NABVCTXStringW@@0@Z
?Delete@CTXStringW@@QAEHHH@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
?Find@CTXStringW@@QBEHPB_WH@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
?GetAt@CTXStringW@@QBE_WH@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
?Empty@CTXBSTR@@QAEXXZ
?Length@CTXBSTR@@QBEIXZ
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?AllocSysString@CTXStringW@@QBEPA_WXZ
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??1CTXStringA@@QAE@XZ
??BCTXStringA@@QBEPBDXZ
??0CTXStringA@@QAE@UtagGBK@@PB_WH@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?GetCore@CoreCenter@Util@@YAHPA_WPAPAUITXCore@@@Z
?GetParentDir@File@Util@@YA?AVCTXStringW@@ABV3@@Z
?InitNetwork@Network@Util@@YAHXZ
?InitPlatformModeConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?GetPlatformCore@CoreCenter@Util@@YAHPAPAUITXPlatformCore@@@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??0CTXStringW@@QAE@PB_W@Z
?GetLength@CTXStringA@@QBEHXZ
??4CTXStringA@@QAEAAV0@ABV0@@Z
??0CTXStringA@@QAE@XZ
?Find@CTXStringA@@QBEHPBDH@Z
?IsEmpty@CTXStringA@@QBE_NXZ
?TrimRight@CTXStringA@@QAEAAV1@XZ
?TrimLeft@CTXStringA@@QAEAAV1@XZ
??0CTXStringA@@QAE@ABV0@@Z
?GetBuffer@CTXStringA@@QAEPADH@Z
??YCTXStringA@@QAEAAV0@ABV0@@Z
??0CTXStringA@@QAE@PBD@Z
??YCTXStringA@@QAEAAV0@PBD@Z
?TrimRight@CTXStringA@@QAEAAV1@D@Z
??H@YA?AVCTXStringW@@ABV0@_W@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??0CTXStringW@@QAE@XZ
??9@YA_N_WABVCTXStringW@@@Z
??1CTXStringW@@QAE@XZ

gf

?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0@Z

mfc80u

ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord5178
ord4206
ord5148
ord4119
ord1894
ord572
ord3158
ord4255
ord2985
ord1608
ord4226
ord1393
ord5911
ord6721
ord1536
ord2077
ord3286
ord1572
ord1634
ord293
ord354
ord1883
ord1785
ord6232
ord776
ord2651
ord6086
ord2311
ord2155
ord630
ord3082
ord2012
ord3050
ord385
ord3383
ord3635
ord4574
ord3627
ord1479
ord6111
ord2895
ord282
ord6700
ord6751
ord1194
ord807
ord2241
ord314
ord2244
ord2243
ord6063
ord631
ord1431
ord2745
ord2742
ord3925
ord2279
ord2271
ord386
ord629
ord1430
ord5319
ord5083
ord384
ord258
ord2340
ord1571
ord2827
ord590
ord331
ord3163
ord4475
ord2832
ord3629
ord3677
ord4535
ord757
ord427
ord566
ord3327
ord5562
ord5209
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord664
ord1049
ord4347
ord1189
ord3204
ord1118
ord1925
ord3296
ord1271
ord3311
ord4234
ord1582
ord2086
ord741
ord501
ord2366
ord6061
ord3678
ord313
ord2897
ord6284
ord5427
ord4061
ord283
ord866
ord3017
ord3940
ord1392
ord4238
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord3176
ord577
ord587
ord715
ord605
ord870
ord557
ord745
ord1908
ord1182
ord762
ord6293
ord5327
ord1058
ord1079
ord6282
ord265
ord266
ord5316
ord1172
ord3249
ord5712
ord1176
ord1178
ord764
ord5210
ord1198

msvcr80

_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?_open@@YAHPBDHH@Z
_snprintf
_wtempnam
_except_handler4_common
_lseek
_close
_write
_read
?_wopen@@YAHPB_WHH@Z
_errno
malloc
strncpy
_snwprintf
memmove
wcsstr
wcsncmp
wcschr
_beginthreadex
wcscat_s
wcsncpy_s
wcscpy_s
srand
rand
__wargv
__argc
__CxxFrameHandler3
memcpy_s
memset
_recalloc
memmove_s
_invoke_watson
_controlfp_s
_crt_debugger_hook
_wremove
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??0exception@std@@QAE@ABV01@@Z
_purecall
free
memcmp
memcpy
_wtoi
fread
ftell
fseek
fclose
fwrite
_time64
_wtol
_wfopen
wcsncpy
wcslen

kernel32

SetThreadLocale
GetThreadLocale
CreateEventW
ResetEvent
WaitForSingleObject
SetEvent
CloseHandle
ReadFile
GetFileSize
CreateFileW
GlobalAlloc
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
LockResource
FreeResource
SizeofResource
LoadResource
FindResourceW
ResumeThread
FileTimeToDosDateTime
InterlockedDecrement
GetFileInformationByHandle
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WinExec
GetModuleHandleW
CreateThread
GetPrivateProfileStringW
GetModuleFileNameW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetVersion
GetPrivateProfileIntW
GetExitCodeThread
GetProcAddress
CreateDirectoryW
GetFileAttributesW
FileTimeToLocalFileTime
TerminateThread
GetACP
GetLocaleInfoA
GetVersionExA
CopyFileW

user32

ShowWindow
IsIconic
GetPropW
IsWindow
GetWindow
GetDesktopWindow
CreateWindowExW
UnregisterClassA
DefWindowProcW
LoadIconW
OffsetRect
GetWindowRect
SendMessageW
RegisterClassExW
CharNextW
SetRect
FillRect
CopyRect
GetClientRect
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
KillTimer
SetTimer
PostMessageW
GetSysColor
EnableWindow

gdi32

DeleteObject
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
ExtTextOutW
SelectClipRgn
SetStretchBltMode
StretchBlt
BitBlt
CreateRectRgnIndirect
CreateSolidBrush
GetStockObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoInitialize
CoLoadLibrary
CoCreateInstance

oleaut32

OleLoadPicture
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�'n
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b6aa88583892b8b312e3c243e452259c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20Certificate

Extended Key Usages

Key Usages

04:04:e8:5f:2a:0a:ef:45:02:26:1d:98:c9:a9:d4:56:01:90:cf:f5Signer

Signature Validations

Verification

02/12/2009, 11:48 Valid: false

Headers

File Characteristics

Imports

common

gf

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp80

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 168KB - Virtual size: 167KB

�'n Size: 236KB - Virtual size: 236KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

04:04:e8:5f:2a:0a:ef:45:02:26:1d:98:c9:a9:d4:56:01:90:cf:f5
Signer

02/12/2009, 11:48
Valid: false

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 168KB - Virtual size: 167KB

�'n
Size: 236KB - Virtual size: 236KB