e447811660bc13367614d1f91765f3b98e4fbe42cb00f23ed1121bfc808adcda

Sharing

Copy URL Twitter E-mail

General

Target

e447811660bc13367614d1f91765f3b98e4fbe42cb00f23ed1121bfc808adcda
Size

1.4MB
MD5

16b03ee041810520b26dfde69a1099e2
SHA1

000d529e133397b4d5c2f352c96c50557c7272d4
SHA256

e447811660bc13367614d1f91765f3b98e4fbe42cb00f23ed1121bfc808adcda
SHA512

c80d576745634f45dcc7d1afc971d4d855bbd67d27408ccf2db1ecf0bc9c5ee9c3769ecdba0aa99487b1330e6c751001df4e4c5fc3e61b1641eeedad7f6e5343
SSDEEP

24576:mVn9PJUy7bZTBlmKy7WTyIT+9TTvdTmYFrU0FmkVNcq:m59PJUy79mKTyITiTTvdTmYNJMq

Score

1^/10

Malware Config

Signatures

Files

e447811660bc13367614d1f91765f3b98e4fbe42cb00f23ed1121bfc808adcda
.exe windows:4 windows x86

50fa2ccb946457749413749c805f5b9f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CoInternetCombineUrl
CoGetClassObjectFromURL
CoInternetGetSession
RegisterBindStatusCallback
RevokeBindStatusCallback
ObtainUserAgentString

psapi

GetModuleInformation
GetProcessMemoryInfo

kernel32

VirtualFree
VirtualAlloc
FreeLibrary
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
GetShortPathNameW
GetFileSize
CreateDirectoryW
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
MoveFileW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetLastError
GetFileTime
lstrcmpA
CreateThread
GetSystemTime
TlsGetValue
GetCurrentThread
HeapFree
HeapAlloc
HeapCreate
HeapDestroy
VirtualProtect
DeviceIoControl
GlobalUnlock
GlobalSize
GlobalFree
EnumResourceLanguagesW
GetVersion
LocalAlloc
GetSystemInfo
SetProcessWorkingSetSize
ExitProcess
GetWindowsDirectoryW
GetProcessHeap
GetProcessTimes
GetSystemTimeAsFileTime
GlobalDeleteAtom
GlobalAddAtomW
CompareFileTime
FlushInstructionCache
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
ResumeThread
InterlockedCompareExchange
WriteFile
SetFileTime
GetDiskFreeSpaceExW
SetErrorMode
SetEndOfFile
SystemTimeToFileTime
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjects
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
GetSystemDirectoryW
CreateFileW
GetStartupInfoA
GetModuleHandleA
InterlockedIncrement
lstrlenW
GetProcAddress
GetModuleHandleW
GetLongPathNameW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
TlsFree
GetCommandLineW
CloseHandle
GetLastError
CreateMutexW
ReadFile
MoveFileExW
GetTempFileNameW
GetTickCount
TlsAlloc
OpenProcess
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
ExpandEnvironmentStringsW
InitializeCriticalSection
OpenThread
WaitForSingleObject
GetCurrentThreadId
RemoveDirectoryW
Sleep
GetTempPathW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateProcessW
DeleteFileW
GetPrivateProfileStringW
GetLocaleInfoW
ResetEvent
CreateEventW
TlsSetValue
DuplicateHandle
WriteProcessMemory
VirtualAllocEx
GetExitCodeProcess
ReadProcessMemory
MultiByteToWideChar
LoadLibraryW
lstrlenA
SetEvent
TerminateThread
WideCharToMultiByte
InterlockedDecrement
GetThreadContext
SetThreadContext
SuspendThread
SetUnhandledExceptionFilter
VirtualQuery
SetFilePointer
GetVersionExW
LocalFree
VirtualFreeEx

user32

AdjustWindowRectEx
GetMenuItemID
GetMenuState
GetWindowDC
SetLayeredWindowAttributes
SetActiveWindow
DialogBoxParamW
RemovePropW
MoveWindow
GetPropW
EndDialog
SetDlgItemTextW
SetFocus
EndPaint
FillRect
GetClientRect
MapWindowPoints
GetDesktopWindow
GetWindowRect
GetDlgItem
BeginPaint
DestroyIcon
CopyRect
SetWindowPos
GetSubMenu
LoadMenuW
KillTimer
GetMenu
SetWindowLongW
GetWindowLongW
CreateWindowExW
IsWindow
EnumThreadWindows
IntersectRect
GetWindowRgn
SetWindowRgn
GetActiveWindow
GetWindowModuleFileNameW
LoadImageW
IsHungAppWindow
RegisterClipboardFormatW
SetWindowPlacement
GetGUIThreadInfo
GetWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
InsertMenuItemW
SetRectEmpty
TrackPopupMenu
TrackPopupMenuEx
SetMenuInfo
GetMenuInfo
MenuItemFromPoint
CheckMenuRadioItem
LoadBitmapW
GetDoubleClickTime
GetSystemMenu
RegisterClassExW
CallWindowProcW
GetWindowTextW
SetWindowTextW
SetPropW
SendMessageW
GetFocus
InvalidateRect
SetTimer
LoadStringW
RegisterWindowMessageW
AllowSetForegroundWindow
GetWindowThreadProcessId
EnumWindows
GetClassNameW
IsWindowVisible
IsDlgButtonChecked
DrawIcon
LoadIconW
DrawTextW
CheckDlgButton
ShowWindow
EnableMenuItem
DestroyWindow
MessageBoxW
GetForegroundWindow
EnableWindow
GetAncestor
SetForegroundWindow
TranslateMessage
DispatchMessageW
PeekMessageW
SetParent
PostQuitMessage
AttachThreadInput
EndMenu
WaitForInputIdle
EqualRect
PostThreadMessageW
ReplyMessage
InSendMessageEx
CreateAcceleratorTableW
LoadAcceleratorsW
TranslateAcceleratorW
DestroyAcceleratorTable
GetMenuItemInfoW
GetMenuItemCount
IsMenu
CopyAcceleratorTableW
PostMessageW
DefWindowProcW
ReleaseDC
GetDC
UnregisterHotKey
RegisterHotKey
PtInRect
GetCursorPos
ScreenToClient
ClientToScreen
GetKeyState
DestroyMenu
IsClipboardFormatAvailable
SubtractRect
FindWindowW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
GetClipboardData
GetKeyNameTextW
GetWindowTextLengthW
CheckMenuItem
EnumChildWindows
SetCursorPos
GetMenuStringW
ReleaseCapture
SetCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
GetDlgItemTextW
MapVirtualKeyW
keybd_event
GetMessagePos
CreatePopupMenu
InsertMenuW
SetMenuItemInfoW
FindWindowExW
LoadCursorW
SetCursor
TrackMouseEvent
UpdateWindow
IsChild
CharNextW
WindowFromPoint
GetWindowPlacement
SystemParametersInfoW
GetMessageW
GetParent
GetSystemMetrics
DeleteMenu
RemoveMenu
IsZoomed
MsgWaitForMultipleObjects
SendMessageTimeoutW
OffsetRect
InflateRect
DrawIconEx

gdi32

DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
CreateSolidBrush
SetBkMode
GetObjectW
CreateDIBSection
LineTo
MoveToEx
CreatePen
GetDeviceCaps
GetDIBits
EnumFontsW
CreateFontIndirectW
GetStockObject
GetTextMetricsW
CombineRgn
CreateRectRgn
Rectangle
StretchBlt
SetStretchBltMode
CreateRoundRectRgn
CreatePolygonRgn
SetPixel
FillRgn
CreateRectRgnIndirect
RoundRect

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
ConvertStringSidToSidW
DuplicateTokenEx
RegOpenKeyExW
GetTokenInformation
CopySid
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderPathW
ExtractIconExW
SHFileOperationW
SHGetFileInfoW
SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW
Shell_NotifyIconW
DragQueryFileW
SHAppBarMessage
ord680
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

DoDragDrop
RegisterDragDrop
OleDuplicateData
PropVariantClear
CLSIDFromProgID
OleRun
CLSIDFromString
OleDraw
OleSetContainedObject
ReleaseStgMedium
CoMarshalInterface
GetHGlobalFromStream
OleCreate
OleInitialize
OleUninitialize
CoGetClassObject
CreateStreamOnHGlobal
CoUnmarshalInterface
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoGetMalloc
CoInitialize
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
RevokeDragDrop

oleaut32

SysStringLen
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

UrlIsOpaqueW
PathIsDirectoryW
PathCombineW
SHGetValueW
PathFileExistsW
StrStrIW
SHStrDupW
StrStrIA
SHDeleteKeyW
SHSetValueW
SHDeleteValueW
PathGetDriveNumberW
PathFindExtensionW
PathFindFileNameW
PathFindFileNameA
PathRemoveFileSpecW
UrlGetPartW
UrlEscapeW
PathIsRootW
UrlCanonicalizeW
StrStrW
PathMatchSpecW
StrCmpIW
PathIsUNCW
StrRetToBufW
SHEnumKeyExW
UrlUnescapeW
PathIsURLW

wininet

UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
InternetCanonicalizeUrlW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetSetStatusCallbackA
HttpOpenRequestA
InternetOpenA
CommitUrlCacheEntryA
InternetSetCookieW
InternetSetCookieExW
InternetGetCookieW
InternetGetCookieExW
DeleteUrlCacheEntryW
GetUrlCacheEntryInfoW
HttpQueryInfoW
FtpGetFileSize
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW
FtpOpenFileW
InternetWriteFile
InternetGetLastResponseInfoW
FtpCommandW
InternetQueryOptionW
InternetSetOptionW
InternetCrackUrlW
FindFirstUrlCacheEntryW
InternetTimeToSystemTimeW
HttpAddRequestHeadersA
HttpOpenRequestW

winmm

midiStreamClose
waveOutWrite
midiStreamOut

dsound

ord1

msvcp60

??1_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0_Lockit@std@@QAE@XZ

msvcrt

sprintf
iswalpha
wcspbrk
_ltow
_ftol
_wcsicmp
time
_wtoi
_beginthreadex
_wstrtime
wcsrchr
wcsncpy
isalnum
wcschr
_itow
isalpha
_wcsnicmp
wcscpy
wcscat
wcsncmp
wcscmp
wcsstr
wcslen
_purecall
_snwprintf
__CxxFrameHandler
toupper
_snprintf
_ui64tow
_wtol
wcsncat
_wtoi64
_stricmp
fclose
fread
ftell
fseek
fopen
??2@YAPAXI@Z
_wfopen
fwrite
memmove
free
malloc
strstr
_except_handler3
mktime
localtime
fflush
vswprintf
swprintf
iswdigit
strrchr
strncpy
strncmp
wcstod
iswspace
fputs
swscanf
fputws
fwprintf
_strlwr
strncat
_CIpow
towlower
_ismbslead
fprintf
_strnicmp
fgets
rewind
_atoi64
realloc
exit
scanf
printf
memset
memcpy
_CxxThrowException
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
wcstok
?terminate@@YAXXZ

gdiplus

GdipLoadImageFromStream
GdipSetImageAttributesGamma
GdipSetImageAttributesColorMatrix
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Duplicate
ImageList_SetBkColor
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create

Sections

.text
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 931KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taihang
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50fa2ccb946457749413749c805f5b9f

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

urlmon

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

dsound

msvcp60

msvcrt

gdiplus

version

netapi32

comctl32

Sections

.text Size: 640KB - Virtual size: 640KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 68KB - Virtual size: 931KB

.taihang Size: 168KB - Virtual size: 168KB

.rsrc Size: 452KB - Virtual size: 452KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 640KB - Virtual size: 640KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 68KB - Virtual size: 931KB

.taihang
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 452KB - Virtual size: 452KB