360压缩_4[.]0[.]0[.]1220[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

360压缩_4.0.0.1220.exe
Size

11.3MB
MD5

74b00ffbe03f0f1d4126db81a291f61f
SHA1

947603dbb07326822cec37594c40a287f07aa79d
SHA256

cbae4eb0208f7a750fe2725daaedb50dd3bf836792a16cfec78cc0c42784b71e
SHA512

9f10d4acd0380bc6ae9e64c5799c378c5c94cfc495be86621fe9e6dde74d5cdcb83b9fbadd8ea6d439862faf13a59f424a3dd9eec77ca7c2457afd9fa8e2f886
SSDEEP

196608:AyI8SxxHnrEMjzJqMfqRVtsFF4RT15vc/VOx+epT7QC8zhwFL/PQ0RMOrYjxBsK:AyzcHIMPJpfA15NQC8EDPzRMNXsK

Score

1^/10

Malware Config

Signatures

Files

360压缩_4.0.0.1220.exe
.exe windows x86

ad2986d317f38abaed7d1a15d3b300fa

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:3f:6f:82:6a:d8:79:03:9c:9f:5a:32:1f:d2:70:33:82:7f:51:64:52:77:8e:19:5a:69:78:6e:cf:28:57:00
Signer

Actual PE Digest

3a:3f:6f:82:6a:d8:79:03:9c:9f:5a:32:1f:d2:70:33:82:7f:51:64:52:77:8e:19:5a:69:78:6e:cf:28:57:00

Digest Algorithm

sha256

PE Digest Matches

true

96:50:23:37:92:39:79:9c:17:f9:fd:7b:e7:08:bf:39:78:c1:56:5a
Signer

Actual PE Digest

96:50:23:37:92:39:79:9c:17:f9:fd:7b:e7:08:bf:39:78:c1:56:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetShortPathNameW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempFileNameW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
GetFileInformationByHandle
GetStdHandle
CompareFileTime
FileTimeToSystemTime
WideCharToMultiByte
WaitForMultipleObjects
GetSystemWindowsDirectoryW
InterlockedCompareExchange
GetCurrentThread
CreateMutexW
SetEndOfFile
SetFilePointer
ReadFile
GetFileSizeEx
WriteFile
SetLastError
GetDiskFreeSpaceExW
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemDirectoryW
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
GetExitCodeThread
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
FatalAppExitA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
RtlUnwind
GetStartupInfoW
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
lstrcmpiW
ExitThread
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
lstrcmpiA
lstrcmpA
CreateThread
ExpandEnvironmentStringsW
GetSystemInfo
GetProcessTimes
DuplicateHandle
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
VirtualQuery
ExitProcess
OpenProcess
CopyFileW
lstrlenA
TlsFree
DeleteAtom
FindAtomW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetVolumeInformationW
MoveFileW
WritePrivateProfileStringW
GetFileSize
GetWindowsDirectoryW
ResetEvent
SetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CreateEventW
GetCurrentProcessId
DeviceIoControl
InterlockedIncrement
GetLocaleInfoA
InterlockedDecrement
RemoveDirectoryW
Sleep
RaiseException
TerminateProcess
GetCurrentThreadId
FlushInstructionCache
GetTickCount
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenW
lstrcpynW
CreateFileW
LocalAlloc
LocalFree
DeleteFileW
MoveFileExW
SetFileAttributesW
GetFileAttributesW
GetTempPathW
GetVersionExW
GetCurrentProcess
GetModuleHandleW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessW
FreeLibrary
LoadLibraryW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetModuleHandleA
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
GetLocalTime
FormatMessageW
OutputDebugStringW
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
UnhandledExceptionFilter
GetLastError
GetProcAddress
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeEnvironmentStringsW
GetPrivateProfileIntW

user32

TranslateMessage
BeginPaint
SendMessageW
GetWindowLongW
GetClientRect
GetWindowTextW
EndPaint
SetWindowPos
SetWindowLongW
InvalidateRect
KillTimer
GetWindowRect
GetKeyNameTextW
MapVirtualKeyW
SubtractRect
FindWindowExW
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
MonitorFromPoint
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
UnregisterClassA
SetTimer
LoadCursorW
ShowWindow
GetDlgItem
SetWindowTextW
EnableWindow
MapWindowPoints
GetDesktopWindow
GetMessageW
SetDlgItemTextW
wsprintfW
GetWindowDC
CharToOemW
CopyRect
GetUpdateRect
ReleaseDC
SetRect
GetWindow
MonitorFromWindow
GetMonitorInfoW
LoadImageW
PostThreadMessageW
ReleaseCapture
GetDlgCtrlID
SystemParametersInfoW
SetCapture
CreateDialogParamW
CallWindowProcW
SetCursor
GetDC
PtInRect
ClientToScreen
GetCapture
UpdateWindow
DrawFocusRect
GetSystemMetrics
InflateRect
DrawEdge
GetSysColor
IsWindowEnabled
OffsetRect
FillRect
DrawTextW
MessageBoxW
PeekMessageW
GetWindowTextLengthW
DispatchMessageW
CharNextW
DefWindowProcW
BringWindowToTop
SetForegroundWindow
FindWindowW
SetWindowRgn
GetParent
AdjustWindowRectEx
GetMenu
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
IsWindow
RedrawWindow
IsIconic
PostQuitMessage
PostMessageW

gdi32

OffsetViewportOrgEx
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontW
GetDeviceCaps
CreateSolidBrush
GetCurrentObject
CreateDIBSection
StretchBlt
SetTextColor
CreatePolygonRgn
CreateFontIndirectW
GetObjectW
GetStockObject
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject
SetBkMode
GetBitmapBits

advapi32

RegEnumKeyExW
RegGetKeySecurity
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegQueryValueExA
GetNamedSecurityInfoW
SetEntriesInAclW
GetUserNameW
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetAce
GetAclInformation
AddAce
InitializeAcl
EqualSid
IsValidSid
GetLengthSid
CopySid
RegDeleteValueW
RegSetKeySecurity
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetNamedSecurityInfoW

shell32

SHFileOperationW
SHGetFileInfoW
SHAppBarMessage
ord165
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHFreeNameMappings
SHChangeNotify

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
OleInitialize

oleaut32

SysAllocStringByteLen
OleLoadPicture
SysFreeString
SysAllocString
VariantClear
VariantCopy
VariantInit
VarUI4FromStr

shlwapi

PathFileExistsW
SHGetValueW
PathFindExtensionW
PathIsRootW
PathIsURLW
StrToIntExW
PathRemoveFileSpecW
PathAppendW
PathCombineW
SHGetValueA
PathGetDriveNumberW
StrStrIW
PathIsPrefixW
SHSetValueW
SHDeleteKeyW
PathIsDirectoryW

comctl32

ImageList_SetImageCount
InitCommonControlsEx
ImageList_Add
ImageList_Create
_TrackMouseEvent
ImageList_Destroy
ImageList_GetIconSize
ImageList_Draw
ImageList_Duplicate
ImageList_Remove

msimg32

AlphaBlend

setupapi

SetupIterateCabinetW

wintrust

WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminReleaseContext

crypt32

CertGetNameStringW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

UnloadUserProfile

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
FtpGetFileSize
HttpQueryInfoW
HttpSendRequestExW
HttpOpenRequestW
InternetSetOptionA
InternetConnectW
CommitUrlCacheEntryW
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
InternetCrackUrlW
InternetQueryOptionW
InternetSetOptionW
InternetGetLastResponseInfoW
FtpCommandW
InternetWriteFile
HttpEndRequestW
FtpOpenFileW
InternetReadFileExA
InternetReadFile
InternetSetStatusCallbackW

urlmon

ObtainUserAgentString

netapi32

Netbios

psapi

GetProcessMemoryInfo
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad2986d317f38abaed7d1a15d3b300fa

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

3a:3f:6f:82:6a:d8:79:03:9c:9f:5a:32:1f:d2:70:33:82:7f:51:64:52:77:8e:19:5a:69:78:6e:cf:28:57:00Signer

96:50:23:37:92:39:79:9c:17:f9:fd:7b:e7:08:bf:39:78:c1:56:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

setupapi

wintrust

crypt32

version

userenv

wininet

urlmon

netapi32

psapi

comdlg32

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 13KB - Virtual size: 39KB

.rsrc Size: 10.7MB - Virtual size: 10.7MB

.reloc Size: 48KB - Virtual size: 47KB

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

3a:3f:6f:82:6a:d8:79:03:9c:9f:5a:32:1f:d2:70:33:82:7f:51:64:52:77:8e:19:5a:69:78:6e:cf:28:57:00
Signer

96:50:23:37:92:39:79:9c:17:f9:fd:7b:e7:08:bf:39:78:c1:56:5a
Signer

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 13KB - Virtual size: 39KB

.rsrc
Size: 10.7MB - Virtual size: 10.7MB

.reloc
Size: 48KB - Virtual size: 47KB