a2459b825759a0136e5de777b0c9fa01

Sharing

Copy URL Twitter E-mail

General

Target

a2459b825759a0136e5de777b0c9fa01
Size

786KB
MD5

a2459b825759a0136e5de777b0c9fa01
SHA1

d94fa050e1f2fb29092d7d202301978d758de813
SHA256

4b69d490c840cf1b66d2efffa7990dbf75b0c3bd2bba52775e3fa6127733a271
SHA512

9b0ff58d063704ce292e815324c2474c766f1ef7bd801f21397619babd214c1387acc89a907e2512d5fff135e441488d4df6078df87a9813d99a1c70272c3928
SSDEEP

24576:+cvjlmxmyefwpzle4eLQk3BuA8Dk7xSNNLYrZE:Xvj8GwahLBuA8DwgDCZE

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/QQɱһţv8.8.exe
unpack001/QQ连连看秒杀一起牛v8.8.exe

Files

a2459b825759a0136e5de777b0c9fa01
.rar
QIYIlittle_3_29.exe
.exe windows:5 windows x86 arch:x86

a28733685f9756f0ce0fc4fdfa263284

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:8e:4b:92:bd:f7:4e:f5:bc:1d:02:5b:2d:4f:22:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/12/2010, 00:00

Not After

27/12/2013, 23:59

Subject

CN=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:7a:e6:fa:4a:05:84:15:5d:e3:73:9c:a0:a1:40:5b:29:48:f0:97
Signer

Actual PE Digest

c2:7a:e6:fa:4a:05:84:15:5d:e3:73:9c:a0:a1:40:5b:29:48:f0:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qiyi\project\plugin\CuteInstall\LiteInstall\LittleInstall2010\COMPILE_S\LittleInstall2010.pdb

Imports

urlmon

URLDownloadToCacheFileA

wininet

InternetOpenA
InternetOpenUrlA
InternetCanonicalizeUrlA
DeleteUrlCacheEntry

gdiplus

GdipDrawImageRectI
GdipGetImageWidth
GdipCreateFromHDC
GdipCloneImage
GdipGetImageHeight
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdiplusStartup
GdipDeleteGraphics
GdipDisposeImage

uxtheme

IsThemeActive
CloseThemeData
OpenThemeData

comctl32

InitCommonControlsEx

kernel32

GetStringTypeW
GetConsoleMode
FreeEnvironmentStringsW
SetFilePointer
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapSize
GetLastError
lstrlenA
LocalFree
FormatMessageA
WideCharToMultiByte
LockResource
LoadResource
FindResourceA
CreateMutexA
VerifyVersionInfoA
VerSetConditionMask
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
CloseHandle
GetModuleFileNameA
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
Sleep
GetVersion
TerminateProcess
GetExitCodeProcess
CreateProcessA
MultiByteToWideChar
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
GetEnvironmentStringsW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedDecrement
GetCurrentThreadId
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
QueryPerformanceCounter
LoadLibraryW
SetStdHandle
FlushFileBuffers
HeapReAlloc
WriteConsoleW
CreateFileW
GetTickCount

user32

DrawTextA
DestroyWindow
CreateDialogParamA
SetWindowTextA
MoveWindow
SetDlgItemTextA
SetForegroundWindow
SetFocus
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
GetWindowLongA
SetWindowLongA
MsgWaitForMultipleObjects
LoadCursorA
SetCursor
IsWindowVisible
EndPaint
ShowWindow
LoadIconA
KillTimer
SetTimer
IsWindow
GetDC
GetClientRect
FillRect
SendMessageA
InvalidateRect
UpdateWindow
ReleaseDC
ExitWindowsEx
CharNextA
LoadStringA
MessageBoxA
CharPrevA
GetDlgItem
BeginPaint

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkMode
BitBlt
DeleteObject
DeleteDC
CreateFontIndirectA
CreateSolidBrush

advapi32

AllocateAndInitializeSid
FreeSid

shell32

Shell_NotifyIconA

ole32

CreateStreamOnHGlobal

netapi32

Netbios

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQllkyqnfz.zip
.zip
QIYIlittle_3_29.exe
.exe windows:5 windows x86 arch:x86

a28733685f9756f0ce0fc4fdfa263284

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:8e:4b:92:bd:f7:4e:f5:bc:1d:02:5b:2d:4f:22:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/12/2010, 00:00

Not After

27/12/2013, 23:59

Subject

CN=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.\,LTD.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:7a:e6:fa:4a:05:84:15:5d:e3:73:9c:a0:a1:40:5b:29:48:f0:97
Signer

Actual PE Digest

c2:7a:e6:fa:4a:05:84:15:5d:e3:73:9c:a0:a1:40:5b:29:48:f0:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qiyi\project\plugin\CuteInstall\LiteInstall\LittleInstall2010\COMPILE_S\LittleInstall2010.pdb

Imports

urlmon

URLDownloadToCacheFileA

wininet

InternetOpenA
InternetOpenUrlA
InternetCanonicalizeUrlA
DeleteUrlCacheEntry

gdiplus

GdipDrawImageRectI
GdipGetImageWidth
GdipCreateFromHDC
GdipCloneImage
GdipGetImageHeight
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdiplusStartup
GdipDeleteGraphics
GdipDisposeImage

uxtheme

IsThemeActive
CloseThemeData
OpenThemeData

comctl32

InitCommonControlsEx

kernel32

GetStringTypeW
GetConsoleMode
FreeEnvironmentStringsW
SetFilePointer
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapSize
GetLastError
lstrlenA
LocalFree
FormatMessageA
WideCharToMultiByte
LockResource
LoadResource
FindResourceA
CreateMutexA
VerifyVersionInfoA
VerSetConditionMask
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
CloseHandle
GetModuleFileNameA
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
Sleep
GetVersion
TerminateProcess
GetExitCodeProcess
CreateProcessA
MultiByteToWideChar
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
GetEnvironmentStringsW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedDecrement
GetCurrentThreadId
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
QueryPerformanceCounter
LoadLibraryW
SetStdHandle
FlushFileBuffers
HeapReAlloc
WriteConsoleW
CreateFileW
GetTickCount

user32

DrawTextA
DestroyWindow
CreateDialogParamA
SetWindowTextA
MoveWindow
SetDlgItemTextA
SetForegroundWindow
SetFocus
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
GetWindowLongA
SetWindowLongA
MsgWaitForMultipleObjects
LoadCursorA
SetCursor
IsWindowVisible
EndPaint
ShowWindow
LoadIconA
KillTimer
SetTimer
IsWindow
GetDC
GetClientRect
FillRect
SendMessageA
InvalidateRect
UpdateWindow
ReleaseDC
ExitWindowsEx
CharNextA
LoadStringA
MessageBoxA
CharPrevA
GetDlgItem
BeginPaint

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkMode
BitBlt
DeleteObject
DeleteDC
CreateFontIndirectA
CreateSolidBrush

advapi32

AllocateAndInitializeSid
FreeSid

shell32

Shell_NotifyIconA

ole32

CreateStreamOnHGlobal

netapi32

Netbios

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQɱһţv8.8.exe
.exe windows:4 windows x86 arch:x86

c52e3df75b61afc5d308ea27810d670b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetFileSize
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
UnmapViewOfFile
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
RaiseException
HeapSize
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

GetSystemMetrics
GetCursorPos
MessageBoxA
MessageBeep
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
EmptyClipboard
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
SetClipboardData
OpenClipboard
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
GetClipboardData
CloseClipboard
wsprintfA
GetTopWindow
SendDlgItemMessageA
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
GetDesktopWindow
UnregisterHotKey
RegisterHotKey
CreateWindowExA
CallWindowProcA
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
UnregisterClassA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer

gdi32

DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
SelectClipRgn
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
CreateFontA
TranslateCharsetInfo
GetNearestPaletteIndex
CreatePen
GetMapMode
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueA

shell32

ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileA
Shell_NotifyIconA

ole32

CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromString
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CLSIDFromProgID
OleInitialize
OleUninitialize
CoGetClassObject
CoTaskMemFree

oleaut32

SysAllocString
SafeArrayCreate
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
OleCreateFontIndirect
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SafeArrayGetElemsize
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime

comctl32

ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_EndDrag
ord17
ImageList_Add

oledlg

ord8

ws2_32

WSAAsyncSelect
recvfrom
ioctlsocket
recv
getpeername
accept
WSACleanup
closesocket
inet_ntoa

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
GetFileTitleA

Sections

.text
Size: 504KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
˵.txt
һţ.url
.url
װ˵.txt
QQ.url
QQ连连看秒杀一起牛v8.8.exe
.exe windows:4 windows x86 arch:x86

c52e3df75b61afc5d308ea27810d670b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetFileSize
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
UnmapViewOfFile
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
RaiseException
HeapSize
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

GetSystemMetrics
GetCursorPos
MessageBoxA
MessageBeep
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
EmptyClipboard
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
SetClipboardData
OpenClipboard
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
GetClipboardData
CloseClipboard
wsprintfA
GetTopWindow
SendDlgItemMessageA
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
GetDesktopWindow
UnregisterHotKey
RegisterHotKey
CreateWindowExA
CallWindowProcA
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
UnregisterClassA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer

gdi32

DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
SelectClipRgn
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
CreateFontA
TranslateCharsetInfo
GetNearestPaletteIndex
CreatePen
GetMapMode
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueA

shell32

ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileA
Shell_NotifyIconA

ole32

CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromString
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CLSIDFromProgID
OleInitialize
OleUninitialize
CoGetClassObject
CoTaskMemFree

oleaut32

SysAllocString
SafeArrayCreate
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
OleCreateFontIndirect
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SafeArrayGetElemsize
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime

comctl32

ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_EndDrag
ord17
ImageList_Add

oledlg

ord8

ws2_32

WSAAsyncSelect
recvfrom
ioctlsocket
recv
getpeername
accept
WSACleanup
closesocket
inet_ntoa

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
GetFileTitleA

Sections

.text
Size: 504KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.txt
数码资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

a28733685f9756f0ce0fc4fdfa263284

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

53:8e:4b:92:bd:f7:4e:f5:bc:1d:02:5b:2d:4f:22:c6Certificate

Extended Key Usages

Key Usages

c2:7a:e6:fa:4a:05:84:15:5d:e3:73:9c:a0:a1:40:5b:29:48:f0:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

wininet

gdiplus

uxtheme

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

netapi32

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 7KB - Virtual size: 7KB

a28733685f9756f0ce0fc4fdfa263284

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

53:8e:4b:92:bd:f7:4e:f5:bc:1d:02:5b:2d:4f:22:c6Certificate

Extended Key Usages

Key Usages

c2:7a:e6:fa:4a:05:84:15:5d:e3:73:9c:a0:a1:40:5b:29:48:f0:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

wininet

gdiplus

uxtheme

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

netapi32

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 55KB - Virtual size: 54KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

53:8e:4b:92:bd:f7:4e:f5:bc:1d:02:5b:2d:4f:22:c6
Certificate

c2:7a:e6:fa:4a:05:84:15:5d:e3:73:9c:a0:a1:40:5b:29:48:f0:97
Signer

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

53:8e:4b:92:bd:f7:4e:f5:bc:1d:02:5b:2d:4f:22:c6
Certificate

c2:7a:e6:fa:4a:05:84:15:5d:e3:73:9c:a0:a1:40:5b:29:48:f0:97
Signer

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 504KB - Virtual size: 501KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 72KB - Virtual size: 199KB

.rsrc
Size: 24KB - Virtual size: 21KB

.text
Size: 504KB - Virtual size: 501KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 72KB - Virtual size: 199KB

.rsrc
Size: 24KB - Virtual size: 21KB