7ba85bc62fb39bd9cc6a783d7ee179fe

Sharing

Copy URL

Twitter E-mail

General

Target

7ba85bc62fb39bd9cc6a783d7ee179fe
Size

669KB
MD5

7ba85bc62fb39bd9cc6a783d7ee179fe
SHA1

9ecf106e32aafbbf4810a1c0c82b1af8535c1a2c
SHA256

f124bffe06ad7018fd9dc933005151c13c68319602b80f5dcfe95c3e65e38cfc
SHA512

a5225747fc4feb2e9c665d3af4b52ac5d41854fad7b8b311502b2a1648b2d40c08a2f8e06454c6c4c0400ef89ba5aedec8543c00f466aa3bca0c1a38bc390167
SSDEEP

12288:XXmsm8Kp177tq/BnOz3grv/eWa28+mt3q5tTsWlodwSaA9qnuRzE:XWs437tq/BnOyv/eWa28+mhqXTsUhA9I

Score

1^/10

Malware Config

Signatures

Files

7ba85bc62fb39bd9cc6a783d7ee179fe
.dll windows:4 windows x86 arch:x86

394e7b8f8b9e31723269898c976ae9ac

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:0e:31:a4:8d:ce:e0:21:d0:67:a6:c6:02:1b:d5:3e:b6:19:66:3e
Signer

Actual PE Digest

95:0e:31:a4:8d:ce:e0:21:d0:67:a6:c6:02:1b:d5:3e:b6:19:66:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\qqpcmgr_proj\QQPCMgr_safe_6.0Beta3\Basic\Output\BinFinal\plugins\RtpCommon.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

ntohl
htonl

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathIsDirectoryW
SHDeleteValueW
SHGetValueW
wnsprintfW
PathAppendW
PathFileExistsW
PathFindFileNameW
SHSetValueW

kernel32

LockFileEx
Sleep
QueryPerformanceCounter
GetDiskFreeSpaceW
CloseHandle
FormatMessageW
GetVersionExW
LoadLibraryA
DeleteFileW
GetFullPathNameW
GetCurrentProcessId
InterlockedCompareExchange
GetFileAttributesA
GetFullPathNameA
UnlockFile
GetTempPathA
GetFileAttributesW
LockFile
CreateFileMappingW
LocalFree
GetSystemTime
AreFileApisANSI
ReadFile
GetDiskFreeSpaceA
DeleteFileA
CreateFileA
GetTickCount
GetFileSize
UnlockFileEx
GetSystemInfo
CreateFileW
GetSystemTimeAsFileTime
FormatMessageA
SetFilePointer
MultiByteToWideChar
WriteFile
MapViewOfFile
FlushFileBuffers
UnmapViewOfFile
GetTempPathW
SetEndOfFile
GetLastError
GetFileAttributesExW
FreeLibrary
GetProcAddress
ReleaseMutex
CreateMutexW
WaitForSingleObject
GetModuleFileNameA
LoadLibraryW
OpenEventW
GetCurrentThreadId
InterlockedExchange
SetEvent
SetLastError
GetLocalTime
GetModuleHandleW
GetCurrentProcess
SetFileAttributesW
MoveFileExW
FindNextFileW
GetSystemDirectoryW
FindClose
RemoveDirectoryW
GetDriveTypeW
ProcessIdToSessionId
HeapSize
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
OpenProcess
Process32NextW
GetExitCodeProcess
CreateProcessW
ExpandEnvironmentStringsW
lstrcpynW
OpenMutexW
GlobalAlloc
GetModuleFileNameW
GlobalLock
GlobalUnlock
GetComputerNameW
lstrlenA
FindFirstFileW
GetFileTime
HeapFree
GetProcessHeap
HeapAlloc
lstrcpynA
Thread32Next
Thread32First
HeapReAlloc
HeapDestroy
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
WideCharToMultiByte
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
OpenFileMappingW
GetCurrentDirectoryW

user32

ShowWindow
IsWindowVisible
EnumWindows
WindowFromPoint
SetForegroundWindow
EnumThreadWindows
GetWindowThreadProcessId
EqualRect
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
DestroyIcon
SystemParametersInfoW
MessageBoxW
SetActiveWindow
SetWindowPos
SetWindowLongW
GetClientRect
GetWindowLongW
GetWindowRect
EnableWindow
IsWindow
FindWindowExW
SetWindowTextW
SendMessageW
ExitWindowsEx
SendMessageTimeoutW
FindWindowA
GetSystemMetrics
GetDesktopWindow
GetClassNameW
IsIconic
GetForegroundWindow
GetParent
GetWindowTextW

gdi32

GetObjectW
CreateFontIndirectW
CreateDCW
GetDeviceCaps
DeleteDC
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
SetFileSecurityW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetMalloc
SHCreateDirectoryExW
SHGetDesktopFolder
SHGetFileInfoW
SHBrowseForFolderW
SHGetSpecialFolderLocation

ole32

StgCreateDocfile
CoInitialize
StgIsStorageFile
CoUninitialize
StgOpenStorage

msvcr80

_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_except_handler3
_lock
_onexit
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
memset
_CxxThrowException
memcpy
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
__CxxFrameHandler3
iswspace
iswprint
_wcsupr_s
toupper
isdigit
_wcsnicmp
wcsncat
wcsrchr
_snwprintf_s
_snwprintf
_time64
memcpy_s
wcsncpy_s
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
vswprintf_s
?what@exception@std@@UBEPBDXZ
swprintf_s
??3@YAXPAX@Z
memmove_s
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
malloc
_stricmp
_strnicmp
free
_localtime64_s
realloc
memmove
strncmp
_wtoi
_wcsicmp
wcsncat_s
??_U@YAPAXI@Z
_purecall
wcsstr
??_V@YAXPAX@Z
rand
_memicmp
setlocale
_vsnwprintf_s
_snprintf_s
fopen_s
_vsnprintf_s
fclose
strncpy_s
_vsnprintf
strchr
fwrite
strrchr
fflush
wcscpy_s
wcstoul
_localtime64
wcsftime
tolower
swscanf
_wtol
_mktime64
_wcslwr_s
wcsncpy
swscanf_s
strstr
wcsncmp
strncpy
wcschr

msvcp80

?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

iphlpapi

GetIpForwardTable

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

Exports

Exports

CreateHipsUserChoosePolicy
CreateLogDataBaseInterface
DeleteHipsUserChoosePolicy
DeleteLogDataBaseInterface

Sections

.text
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

394e7b8f8b9e31723269898c976ae9ac

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

95:0e:31:a4:8d:ce:e0:21:d0:67:a6:c6:02:1b:d5:3e:b6:19:66:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

msvcr80

msvcp80

iphlpapi

psapi

Exports

Exports

Sections

.text Size: 524KB - Virtual size: 521KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 40KB - Virtual size: 42KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

95:0e:31:a4:8d:ce:e0:21:d0:67:a6:c6:02:1b:d5:3e:b6:19:66:3e
Signer

.text
Size: 524KB - Virtual size: 521KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 40KB - Virtual size: 42KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 16KB