afe40fb3150b18dbc4b46d09e57b7e30eb303969d7e5aca5315bf12788446be2

Sharing

Copy URL

Twitter E-mail

General

Target

afe40fb3150b18dbc4b46d09e57b7e30eb303969d7e5aca5315bf12788446be2
Size

354KB
MD5

8fa18a33647422164011951813496cee
SHA1

9cd1f9d833163aa0491a67c026a06519f4837314
SHA256

afe40fb3150b18dbc4b46d09e57b7e30eb303969d7e5aca5315bf12788446be2
SHA512

3a26ba756e22a6e9a8477e585f5c06cb786b529c39a17c60c8dbf10b623df6cddd46ce6ffd7c38371b43df5c173d489f6ed019f4ef528e7dfcb61847276e0499
SSDEEP

6144:vMig+gqkbb45K9RRS7r7Jhqwn4U6ywSfNBPvbMAU2RFS3HiUUVjX6xkVucBxzCHo:vJCqs4o9RRm/JsxCvbMBWVjKxG3jp

Score

N/A

Malware Config

Signatures

Files

afe40fb3150b18dbc4b46d09e57b7e30eb303969d7e5aca5315bf12788446be2
.zip
CamMute.swf
.ps1
QQPhotoDrawUpdateSvr.exe
.exe windows x86

7f5d5851c4cc8b53c6ae58d5f5ee432b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:cb:03:af:11:df:bf:0e:34:a9:25:b1:ca:dd:86:7e:28:75:d3
Signer

Actual PE Digest

65:16:cb:03:af:11:df:bf:0e:34:a9:25:b1:ca:dd:86:7e:28:75:d3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

13-08-2013 09:19
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCrackUrlW
InternetQueryOptionW

curllib

curl_easy_perform
curl_easy_cleanup
curl_version_info
curl_easy_init
curl_easy_setopt

kernel32

GetCurrentProcess
SetErrorMode
GetFileAttributesW
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
RtlUnwind
RaiseException
HeapReAlloc
ExitThread
CreateThread
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
lstrcpynW
OutputDebugStringW
ResetEvent
TerminateThread
IsBadReadPtr
GetLocalTime
SetEndOfFile
FlushFileBuffers
WriteFile
WritePrivateProfileStringW
GetThreadLocale
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CreateEventW
SetEvent
WaitForSingleObject
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
InterlockedDecrement
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
FormatMessageW
LocalFree
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetLastError
SetLastError
lstrcmpW
GetModuleHandleW
GetVersionExA
lstrlenA
Sleep
lstrlenW
OpenMutexW
WideCharToMultiByte
DeleteFileW
CreateMutexW
ReleaseMutex
MultiByteToWideChar
GetTempPathW
GetVersionExW
MulDiv
CloseHandle
SetFilePointer
CreateFileW
ReadFile
SizeofResource
GetProcAddress
LoadLibraryW
GlobalAlloc
LoadResource
FreeLibrary
GlobalUnlock
FindResourceW
LockResource
GlobalFree
GlobalLock
GetFileAttributesA
GetCommandLineW

user32

FindWindowA
SendMessageTimeoutW
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
UnregisterClassA
EndPaint
BeginPaint
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuState
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
CopyRect
GetDlgCtrlID
UnregisterClassW
LoadCursorW
GetSysColorBrush
DestroyMenu
SendMessageW
DefWindowProcW
CallWindowProcW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
IsWindowVisible
InvalidateRect
PostMessageW
PtInRect
SetRect
GetClientRect
EnableWindow
OffsetRect
GetWindowLongW
GetWindowDC
ReleaseDC
SetWindowLongW
GetWindowRect

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap
GetStockObject
DeleteObject
SelectObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
GetDeviceCaps
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFileExistsW
wnsprintfW

gdiplus

GdipDisposeImage
GdipCreateBitmapFromStream
GdipCloneImage
GdipFree
GdipAlloc
GdipDrawImageRectRect
GdipDeleteBrush
GdipGetImageHeight
GdipDrawImageRectRectI
GdipCreateStringFormat
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipCreateFontFromDC
GdipSetStringFormatLineAlign
GdipDeleteGraphics
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteStringFormat
GdipDrawString
GdipCloneBrush
GdipGetImageWidth
GdipSetStringFormatAlign

ole32

CoFreeLibrary
CoLoadLibrary
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocStringByteLen
SysFreeString
VariantInit
VariantChangeType

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
curllib.dll
.dll windows x86

6c141cbb4315f85e4cb4dbc0a213852f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ReadFile
GetModuleFileNameW
CreateFileW
VirtualAlloc
DisableThreadLibraryCalls
GetLocalTime
GetModuleHandleA
VirtualProtect
CloseHandle
GetSystemTime
lstrcpyW
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Exports

Exports

curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_version_info

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f5d5851c4cc8b53c6ae58d5f5ee432b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

65:16:cb:03:af:11:df:bf:0e:34:a9:25:b1:ca:dd:86:7e:28:75:d3Signer

Signature Validations

Verification

13-08-2013 09:19 Valid: false

Headers

File Characteristics

Imports

wininet

curllib

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

gdiplus

ole32

oleaut32

Sections

.text Size: 216KB - Virtual size: 212KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 188KB - Virtual size: 185KB

6c141cbb4315f85e4cb4dbc0a213852f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

65:16:cb:03:af:11:df:bf:0e:34:a9:25:b1:ca:dd:86:7e:28:75:d3
Signer

13-08-2013 09:19
Valid: false

.text
Size: 216KB - Virtual size: 212KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 188KB - Virtual size: 185KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB