114395e49757ade9c36b31ce01601b59

Sharing

Copy URL

Twitter E-mail

General

Target

114395e49757ade9c36b31ce01601b59
Size

673KB
MD5

114395e49757ade9c36b31ce01601b59
SHA1

f03d45795717946b4d47fa121b249437eae3506a
SHA256

be180d5c22c0e3ebd84ab5113da84778086ead4731a1c4ae42b39f1c3dc3136e
SHA512

e54d19c9756d076f577ad8009382eecc67934f593aa2bb428760862cbf2ed06a525f0800b23358a401a41b6a16ca32e0905c6e6be4f3b5c8641a6c29d709acf3
SSDEEP

12288:D3H0IlCZh0NKWuxqPLioyJM7tTupnAUQj95oVn:DX0IlCZh0NKNqziktTu5ZQj95oVn

Score

1^/10

Malware Config

Signatures

Files

114395e49757ade9c36b31ce01601b59
.exe windows:4 windows x86 arch:x86

e2bd5a0855df19a760579c97460266fd

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:9d:fb:1e:5d:98:a7:fb:c0:da:24:84:c6:25:16:8e:0a:f4:2b:31
Signer

Actual PE Digest

0d:9d:fb:1e:5d:98:a7:fb:c0:da:24:84:c6:25:16:8e:0a:f4:2b:31

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateWaitableTimerW
SystemTimeToFileTime
GetDiskFreeSpaceExW
SetFileTime
SetEndOfFile
SetFilePointer
WriteFile
lstrcpynA
CreateThread
CreateMutexW
FindClose
FindNextFileW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
GetFileSize
CreateDirectoryW
GetSystemTime
LocalFree
LocalAlloc
GetPrivateProfileStructW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
GetVersionExW
ResumeThread
SetThreadPriority
lstrcmpA
lstrcmpiA
GetCurrentProcessId
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GlobalMemoryStatusEx
SetWaitableTimer
FlushInstructionCache
GetModuleHandleW
GlobalAlloc
GlobalFree
GetWindowsDirectoryW
LockResource
LoadResource
SizeofResource
FindResourceW
GetLocalTime
GetCommandLineW
OutputDebugStringW
MoveFileW
GetTempFileNameW
ResetEvent
GetTickCount
WaitForMultipleObjects
CancelWaitableTimer
SuspendThread
TerminateThread
lstrcpyA
VirtualAlloc
VirtualFree
GetStartupInfoA
GetModuleHandleA
IsBadReadPtr
IsBadWritePtr
TlsSetValue
SetEvent
CreateEventW
DeviceIoControl
lstrlenA
MultiByteToWideChar
CreateFileW
GetLastError
ReadFile
lstrcpynW
RemoveDirectoryW
GetShortPathNameW
lstrcpyW
WritePrivateProfileStringW
GetModuleFileNameW
GetTempPathW
InterlockedIncrement
InitializeCriticalSection
WaitForSingleObject
GetExitCodeProcess
GetPrivateProfileIntW
GetCurrentProcess
GetPrivateProfileStringW
CopyFileW
DeleteFileW
lstrcatW
GetLongPathNameW
SetErrorMode
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
lstrlenW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
Sleep
CreateProcessW
CloseHandle
GetSystemInfo
FreeLibrary

user32

DialogBoxParamW
GetMessageW
PostThreadMessageW
GetDesktopWindow
RemovePropW
EndDialog
MoveWindow
ScreenToClient
GetWindowRect
SendMessageW
GetDlgItem
LoadIconW
FindWindowExW
CharNextW
wsprintfA
TranslateMessage
DispatchMessageW
CreateWindowExW
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
RegisterClassExW
IsWindow
LoadStringW
MessageBoxW
DestroyWindow
SetPropW
ShowWindow
SetForegroundWindow
PostMessageW
FindWindowW
GetPropW
LoadCursorW
SetWindowPos
GetSystemMetrics
UnregisterClassW
GetWindowTextLengthW
SetWindowLongW
GetMenu
AdjustWindowRectEx
RedrawWindow
SetCapture
CallWindowProcW
GetDlgCtrlID
ReleaseCapture
GetDC
OffsetRect
DrawTextW
GetSysColor
DrawEdge
InflateRect
DrawFocusRect
GetCapture
ClientToScreen
PtInRect
InvalidateRect
UpdateWindow
SetCursor
GetWindowLongW
GetWindow
SystemParametersInfoW
MapWindowPoints
SetWindowRgn
CreateDialogParamW
FillRect
wsprintfW
CharLowerW
CheckDlgButton
GetClientRect
LoadImageW
SetTimer
IsWindowEnabled
KillTimer
SetDlgItemTextW
EnableWindow
GetWindowTextW
SetWindowTextW
PeekMessageW
GetParent

gdi32

SelectObject
BitBlt
DeleteDC
CreateCompatibleBitmap
CombineRgn
CreateSolidBrush
DeleteObject
CreateCompatibleDC
SetTextColor
CreateDIBSection
CreateFontW
SetViewportOrgEx
GetCurrentObject
GetStockObject
CreateRectRgn
SetBkMode
GetObjectW
CreateFontIndirectW

advapi32

RegLoadKeyW
RegUnLoadKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSaveKeyW
RegOpenKeyExW
RegCloseKey

shell32

ord680
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
OleInitialize
OleUninitialize
CoInitialize
OleCreate
CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocString
SysFreeString

shlwapi

PathRemoveExtensionW
PathIsRootW
PathGetDriveNumberW
StrStrIW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW
StrStrIA
SHDeleteKeyW
SHDeleteValueW
SHSetValueW
SHGetValueW
PathAppendW
PathFileExistsW
SHGetValueA
PathMatchSpecW
StrStrW
StrCmpIW
StrToIntW

wininet

InternetGetConnectedState
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
HttpAddRequestHeadersW
HttpSendRequestW
CommitUrlCacheEntryW
HttpQueryInfoW
FtpGetFileSize
InternetSetOptionA
InternetReadFileExA
InternetReadFile
FtpOpenFileW
InternetWriteFile
InternetGetLastResponseInfoW
FtpCommandW
HttpEndRequestW
InternetSetOptionW
InternetCrackUrlW
HttpOpenRequestW
HttpSendRequestExW
InternetSetStatusCallbackW
InternetQueryOptionW
InternetCloseHandle
InternetConnectW
InternetOpenW

urlmon

ObtainUserAgentString

comctl32

_TrackMouseEvent
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_Create
ImageList_Add
InitCommonControlsEx

atl

ord47
ord42
ord39

msvcp60

??1_Winit@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Xlen@std@@YAXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0_Winit@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??_7runtime_error@std@@6B@
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

msimg32

AlphaBlend

gdiplus

GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdipDisposeImage

msvcrt

__getmainargs
_initterm
__setusermatherr
wcsncat
_wtoi
_itow
wcsrchr
_snwprintf
_acmdln
strncpy
strncmp
??2@YAPAXI@Z
free
__CxxFrameHandler
_wcsicmp
wcslen
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
strrchr
strstr
atof
_filelength
rewind
fgets
_strnicmp
wcsstr
wcschr
wcsncpy
iswspace
fgetws
localtime
realloc
fwrite
fwprintf
_ltow
wcsncmp
swscanf
strncat
_strlwr
_except_handler3
strpbrk
_purecall
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_beginthreadex
sprintf
isalnum
wcscmp
time
_vsnwprintf
vswprintf
swprintf
iswdigit
isprint
isspace
tolower
wcscpy
_ui64tow
_wtol
_ftol
_wtoi64
exit
atoi
__p___argv
__p___argc
fclose
ftell
fseek
_wfopen
fprintf
_vsnprintf
fread
malloc
_wcsnicmp
_waccess
mktime
gmtime
_snprintf
memmove
wcscat
??0exception@@QAE@ABV0@@Z
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_stricmp
memcpy
memcmp
memset
sscanf

setupapi

SetupIterateCabinetW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses
EnumProcessModules

netapi32

Netbios

Sections

.text
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e2bd5a0855df19a760579c97460266fd

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0d:9d:fb:1e:5d:98:a7:fb:c0:da:24:84:c6:25:16:8e:0a:f4:2b:31Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

urlmon

comctl32

atl

msvcp60

msimg32

gdiplus

msvcrt

setupapi

version

wintrust

psapi

netapi32

Sections

.text Size: 316KB - Virtual size: 313KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 64KB - Virtual size: 485KB

.rsrc Size: 213KB - Virtual size: 233KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0d:9d:fb:1e:5d:98:a7:fb:c0:da:24:84:c6:25:16:8e:0a:f4:2b:31
Signer

.text
Size: 316KB - Virtual size: 313KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 64KB - Virtual size: 485KB

.rsrc
Size: 213KB - Virtual size: 233KB