331bcb6a690d99e75ab10f399c3c2e653791a1f1bc27fdb5cda1804e7be1e05f

Sharing

Copy URL Twitter E-mail

General

Target

331bcb6a690d99e75ab10f399c3c2e653791a1f1bc27fdb5cda1804e7be1e05f
Size

1.5MB
MD5

2a2cb33254167eaa7e8da30aa258405e
SHA1

c953a99672629851ab408392bd1fb722c1f0a239
SHA256

331bcb6a690d99e75ab10f399c3c2e653791a1f1bc27fdb5cda1804e7be1e05f
SHA512

74899c0385d1a5a4b26ce37ba6341e3a2835b1b04cf38f6bb105e4c5338b963b335cea8c41d506e3873bf68a96c59e6569b6aae7b7e1481950dc5b87fb024757
SSDEEP

24576:jd6HThydcKHnVTSITvezKAvwTFMTmKjrA0FzjR:Z6HThIVTSITvbZTFMTmK/1z9

Score

1^/10

Malware Config

Signatures

Files

331bcb6a690d99e75ab10f399c3c2e653791a1f1bc27fdb5cda1804e7be1e05f
.exe windows:4 windows x86

62ada2f453abed8f46eeb00106dd8e9a

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CoInternetCombineUrl
CoGetClassObjectFromURL
CoInternetGetSession
RegisterBindStatusCallback
RevokeBindStatusCallback
ObtainUserAgentString

psapi

GetProcessMemoryInfo
GetModuleInformation

kernel32

VirtualQuery
SetUnhandledExceptionFilter
SetErrorMode
VirtualFree
VirtualAlloc
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
OpenEventW
GetShortPathNameW
GetFileSize
CreateDirectoryW
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
MoveFileW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
lstrcmpA
CreateThread
GetSystemTime
TlsGetValue
GetCurrentThread
HeapFree
HeapAlloc
HeapCreate
VirtualProtect
DeviceIoControl
GlobalUnlock
GlobalSize
LocalFree
GlobalFree
EnumResourceLanguagesW
GetVersion
LocalAlloc
GetSystemInfo
SetProcessWorkingSetSize
ExitProcess
GetWindowsDirectoryW
GetProcessHeap
GetProcessTimes
GetSystemTimeAsFileTime
GlobalDeleteAtom
GlobalAddAtomW
CompareFileTime
FlushInstructionCache
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
GetVersionExW
SetWaitableTimer
WaitForMultipleObjects
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
GetSystemDirectoryW
CreateFileW
ReadFile
WideCharToMultiByte
TerminateThread
GetStartupInfoA
GetModuleHandleA
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetLongPathNameW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CloseHandle
TlsFree
GetCommandLineW
GetLastError
CreateMutexW
MoveFileExW
SetLastError
GetTempFileNameW
GetTickCount
TlsAlloc
CreateEventW
OpenProcess
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
ExpandEnvironmentStringsW
Sleep
InitializeCriticalSection
FreeLibrary
WaitForSingleObject
OpenThread
GetCurrentThreadId
RemoveDirectoryW
GetTempPathW
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateProcessW
DeleteFileW
GetPrivateProfileStringW
GetLocaleInfoW
ResetEvent
TlsSetValue
DuplicateHandle
WriteProcessMemory
VirtualAllocEx
GetExitCodeProcess
lstrlenW
ReadProcessMemory
VirtualFreeEx
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
ResumeThread
GetThreadContext
SetThreadContext
SuspendThread
WriteFile
SetFileTime
CreateWaitableTimerW
GetDiskFreeSpaceExW
MultiByteToWideChar
lstrlenA

user32

RegisterClassExW
MonitorFromRect
AdjustWindowRectEx
IsHungAppWindow
LoadImageW
MoveWindow
GetWindowModuleFileNameW
GetActiveWindow
DialogBoxParamW
RemovePropW
SetPropW
SetWindowRgn
EndDialog
SetDlgItemTextW
SetFocus
EndPaint
FillRect
GetClientRect
MapWindowPoints
GetDesktopWindow
GetWindowRect
GetDlgItem
BeginPaint
CopyRect
GetCursorPos
ScreenToClient
ClientToScreen
GetKeyState
DestroyIcon
InflateRect
SetWindowPos
SetWindowLongW
GetWindowLongW
CreateWindowExW
IsWindow
SendMessageW
UnregisterHotKey
RegisterHotKey
SubtractRect
FindWindowW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
GetClipboardData
GetKeyNameTextW
GetWindowTextLengthW
GetWindowRgn
IntersectRect
EnumThreadWindows
GetMenuItemID
GetMenuState
SetLayeredWindowAttributes
SetActiveWindow
SetWindowPlacement
GetGUIThreadInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
InsertMenuItemW
SetRectEmpty
TrackPopupMenu
TrackPopupMenuEx
SetMenuInfo
MenuItemFromPoint
CheckMenuRadioItem
LoadBitmapW
GetDoubleClickTime
GetSystemMenu
GetPropW
DestroyMenu
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
KillTimer
GetMenu
GetFocus
InvalidateRect
SetTimer
LoadStringW
RegisterWindowMessageW
AllowSetForegroundWindow
GetWindowThreadProcessId
PtInRect
GetKeyboardLayout
EnumWindows
GetClassNameW
IsWindowVisible
IsDlgButtonChecked
DrawIcon
LoadIconW
DrawTextW
CheckDlgButton
ShowWindow
DestroyWindow
MessageBoxW
GetForegroundWindow
EnableWindow
GetAncestor
SetForegroundWindow
TranslateMessage
DispatchMessageW
PeekMessageW
SetParent
PostQuitMessage
GetWindow
AttachThreadInput
EndMenu
SendMessageTimeoutW
WaitForInputIdle
EqualRect
PostThreadMessageW
ReplyMessage
InSendMessageEx
CreateAcceleratorTableW
LoadAcceleratorsW
TranslateAcceleratorW
DestroyAcceleratorTable
GetMenuItemInfoW
EnumChildWindows
SetCursorPos
SetWindowTextW
GetWindowTextW
CallWindowProcW
PostMessageW
DefWindowProcW
ReleaseDC
GetDC
GetMenuStringW
ReleaseCapture
SetCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsIconic
GetDlgItemTextW
MapVirtualKeyW
keybd_event
GetMessagePos
RegisterClipboardFormatW
CreatePopupMenu
InsertMenuW
SetMenuItemInfoW
FindWindowExW
LoadCursorW
SetCursor
TrackMouseEvent
UpdateWindow
IsChild
CharNextW
GetWindowDC
WindowFromPoint
GetWindowPlacement
SystemParametersInfoW
GetMessageW
ActivateKeyboardLayout
SetClassLongW
GetParent
GetSystemMetrics
DeleteMenu
RemoveMenu
CheckMenuItem
IsZoomed
MsgWaitForMultipleObjects
OffsetRect
DrawIconEx
CopyAcceleratorTableW
IsMenu
GetMenuItemCount

gdi32

FillRgn
RoundRect
SetPixel
CreatePolygonRgn
CreateRoundRectRgn
GetStockObject
SetBkMode
DeleteDC
CreateRectRgnIndirect
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBitmapBits
CreateDIBSection
SetTextColor
CreateSolidBrush
StretchBlt
SetStretchBltMode
DeleteObject
CombineRgn
Rectangle
CreatePen
CreateFontIndirectW
GetObjectW
GetBitmapBits
LineTo
MoveToEx
GetDeviceCaps
GetDIBits
EnumFontsW
GetTextMetricsW
CreateRectRgn

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
GetTokenInformation
CopySid
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegSetValueExW

shell32

ord680
SHChangeNotify
ShellExecuteExW
SHFileOperationW
ExtractIconExW
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteW
SHGetFolderPathW
SHGetFileInfoW
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
DragQueryFileW
SHGetSpecialFolderLocation
SHGetDesktopFolder

ole32

CLSIDFromString
OleRun
CLSIDFromProgID
PropVariantClear
OleSetContainedObject
ReleaseStgMedium
CoMarshalInterface
GetHGlobalFromStream
OleDraw
OleCreate
OleInitialize
OleUninitialize
CoGetClassObject
CreateStreamOnHGlobal
CoUnmarshalInterface
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoGetMalloc
CoInitialize
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
RevokeDragDrop
OleDuplicateData
DoDragDrop
RegisterDragDrop

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SysStringLen
VariantClear
SysAllocString
SafeArrayCreateVector
SysFreeString

shlwapi

UrlGetPartW
SHGetValueW
StrStrIA
PathIsDirectoryW
PathCombineW
PathIsURLW
PathFileExistsW
StrStrIW
SHStrDupW
SHDeleteKeyW
SHSetValueW
SHDeleteValueW
PathGetDriveNumberW
PathFindExtensionW
PathFindFileNameW
PathFindFileNameA
StrCmpIW
PathRemoveFileSpecW
UrlEscapeW
PathIsRootW
UrlCanonicalizeW
StrStrW
PathMatchSpecW
PathIsUNCW
StrRetToBufW
SHEnumKeyExW
UrlUnescapeW
UrlIsOpaqueW

wininet

InternetTimeToSystemTimeW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
InternetCanonicalizeUrlW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetSetStatusCallbackA
HttpOpenRequestA
InternetOpenA
CommitUrlCacheEntryA
CreateUrlCacheEntryA
RetrieveUrlCacheEntryStreamA
UnlockUrlCacheEntryStream
InternetSetCookieW
InternetOpenW
InternetGetCookieW
InternetGetCookieExW
HttpAddRequestHeadersA
GetUrlCacheEntryInfoW
HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW
FtpOpenFileW
InternetWriteFile
InternetGetLastResponseInfoW
FtpCommandW
InternetQueryOptionW
InternetSetOptionW
InternetCrackUrlW
InternetSetCookieExW

winmm

waveOutWrite
midiStreamClose
midiStreamOut

dsound

ord1

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvcrt

_snprintf
toupper
isalnum
sprintf
iswalpha
wcspbrk
_ltow
_ftol
_wcsicmp
time
_wtoi
_beginthreadex
wcsrchr
_wtol
??2@YAPAXI@Z
wcschr
_itow
isalpha
_wcsnicmp
wcscpy
wcscat
wcsncmp
wcscmp
wcsstr
wcslen
_purecall
_snwprintf
__CxxFrameHandler
_ui64tow
wcsncat
_wtoi64
_stricmp
fclose
fread
ftell
fseek
fopen
_wfopen
wcsncpy
fwrite
memmove
free
malloc
strstr
_except_handler3
mktime
localtime
fflush
wcstok
qsort
swprintf
iswdigit
strncpy
strncmp
wcstod
iswspace
strrchr
fputs
swscanf
fputws
fwprintf
_strlwr
strncat
_CIpow
towlower
_ismbslead
fprintf
_strnicmp
fgets
rewind
_atoi64
realloc
exit
scanf
printf
memset
memcpy
_CxxThrowException
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
vswprintf
?terminate@@YAXXZ

gdiplus

GdipSetImageAttributesGamma
GdipSetImageAttributesColorMatrix
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx
ImageList_Duplicate
ImageList_SetBkColor
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create

Sections

.text
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 962KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taihang
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62ada2f453abed8f46eeb00106dd8e9a

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

urlmon

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

dsound

msvcp60

msvcrt

gdiplus

version

netapi32

comctl32

Sections

.text Size: 684KB - Virtual size: 684KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 96KB - Virtual size: 962KB

.taihang Size: 184KB - Virtual size: 184KB

.rsrc Size: 480KB - Virtual size: 480KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 684KB - Virtual size: 684KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 96KB - Virtual size: 962KB

.taihang
Size: 184KB - Virtual size: 184KB

.rsrc
Size: 480KB - Virtual size: 480KB