VulDetector_2_0_766_127[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

VulDetector_2_0_766_127.exe
Size

2.7MB
MD5

3ca7808debb1f860ca703bb1923e09b3
SHA1

b8d2f3070e7d580918381ddfe8fc8c854a0ca310
SHA256

e32f164aaf85732998c5d8b43f222a916d67ba62809af9406c50415bb4f19347
SHA512

47310dd449486a37bcedea94deae064bcc94c59b1f6be6b1bd4df05994dadc3f2e8380aff555f01baa1640a64c4dcb8669740bb70e11244d91ba811075545192
SSDEEP

49152:7ysVgzOTodcT+Np/LoLvlmHQVSaQyNudND4QJLsHbF5vilpOlpaOA4:GscIodX/LoLvlmHc7NQD4ALspJqQc2

Score

1^/10

Malware Config

Signatures

Files

VulDetector_2_0_766_127.exe
.exe windows:4 windows x86 arch:x86

76f22803e4757b88261ca21bcbff61c8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:81:22:09:2e:76:ce:b2:8e:56:41:34:ef:f1:1e:49:fc:3e:04:9a:1c:c7:e6:5f:87:c2:72:a6:fd:26:58:8e
Signer

Actual PE Digest

2c:81:22:09:2e:76:ce:b2:8e:56:41:34:ef:f1:1e:49:fc:3e:04:9a:1c:c7:e6:5f:87:c2:72:a6:fd:26:58:8e

Digest Algorithm

sha256

PE Digest Matches

true

64:b2:8c:6d:9b:37:38:b9:22:1a:96:e6:43:32:31:4b:35:a8:52:01
Signer

Actual PE Digest

64:b2:8c:6d:9b:37:38:b9:22:1a:96:e6:43:32:31:4b:35:a8:52:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\Qzz_vul\qqpcmgr_proj\bin\Release\VulDetector.pdb

Imports

ws2_32

htonl
htons

kernel32

GetCPInfo
OpenFileMappingW
UnmapViewOfFile
GetSystemTimeAsFileTime
GetTempPathW
MapViewOfFile
InterlockedExchange
ResetEvent
InterlockedCompareExchange
InterlockedExchangeAdd
MoveFileW
GetLocalTime
GetFileAttributesExW
GetSystemInfo
GetSystemDefaultLangID
LoadLibraryA
CreateDirectoryW
WaitForMultipleObjects
DuplicateHandle
InitializeCriticalSectionAndSpinCount
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameA
TerminateProcess
TlsGetValue
CreateIoCompletionPort
PostQueuedCompletionStatus
TlsFree
GetQueuedCompletionStatus
TlsSetValue
TlsAlloc
IsDebuggerPresent
OpenEventW
WriteFile
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
GetStartupInfoW
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
CreateProcessW
OutputDebugStringW
MultiByteToWideChar
ReadFile
GetFileSize
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
DeleteFileW
CopyFileW
FreeLibrary
CreateFileW
EnumSystemLocalesA
EnterCriticalSection
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
CloseHandle
WaitForSingleObject
SetEvent
CreateEventW
LeaveCriticalSection
GetVersionExW
LoadResource
LockResource
SizeofResource
GetLastError
GetProcAddress
FindResourceW
LoadLibraryW
GetModuleFileNameW
FindResourceExW
IsProcessorFeaturePresent
InterlockedDecrement
CreateMutexW
lstrcmpiW
GetVersion
GetCommandLineW
GetCurrentThreadId
SetDllDirectoryW
RemoveDirectoryW
SetLastError
RaiseException
FreeResource
WideCharToMultiByte
FlushInstructionCache
LoadLibraryExW
lstrlenA
GetSystemDirectoryW
GetModuleHandleW
GetFileAttributesW
InterlockedIncrement
Sleep
GlobalFree
ExpandEnvironmentStringsW
GlobalAlloc
lstrlenW
GetCurrentProcess
GetCurrentProcessId
GetModuleHandleA
GetThreadLocale
GetTempFileNameW
GlobalLock
HeapReAlloc
ExitThread
CreateThread

user32

SetTimer
KillTimer
DestroyIcon
TrackPopupMenu
GetWindowTextW
GetFocus
GetSysColor
GetWindowTextLengthW
SendMessageTimeoutW
EqualRect
GetDlgCtrlID
GetSystemMetrics
DrawFrameControl
PtInRect
DrawTextW
PostThreadMessageW
SetCursor
DrawIconEx
ReleaseCapture
IsWindowVisible
SetCapture
GetSystemMenu
EndPaint
BeginPaint
SetWindowTextW
FindWindowW
GetKeyState
EnableWindow
CallWindowProcW
SetWindowLongW
DestroyWindow
PostMessageW
FindWindowA
MsgWaitForMultipleObjectsEx
GetQueueStatus
PostQuitMessage
WaitMessage
UnregisterClassW
LoadImageW
SetActiveWindow
DefWindowProcW
IsWindow
MoveWindow
CharNextW
GetActiveWindow
IsWindowEnabled
MapWindowPoints
GetWindowLongW
GetWindowDC
ReleaseDC
GetDesktopWindow
GetDC
GetParent
CreateWindowExW
FillRect
SystemParametersInfoW
TranslateMessage
ClientToScreen
GetMessageW
GetClientRect
InvalidateRect
GetWindowRect
RegisterClassExW
SetWindowPos
OffsetRect
SetWindowRgn
ShowWindow
InflateRect
LoadCursorW
GetClassInfoExW
GetWindow
SetRect
FrameRect
SendMessageW
CopyRect
GetDlgItem
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
UnregisterClassA
LoadStringW
CopyImage
LoadIconW

gdi32

SetBkMode
MoveToEx
RectInRegion
GetTextExtentPoint32W
TextOutW
RoundRect
SelectClipRgn
GetClipRgn
RestoreDC
SaveDC
CreateCompatibleDC
CreateDIBSection
OffsetRgn
SetRectRgn
BitBlt
CreateFontIndirectW
GetObjectW
LineTo
GetStockObject
ExtSelectClipRgn
GetTextMetricsW
CreateRectRgnIndirect
SetTextColor
CreateBitmap
CombineRgn
CreateRectRgn
StretchBlt
CreatePen
DeleteDC
ExtTextOutW
CreateSolidBrush
SetBkColor
SelectObject
CreateCompatibleBitmap
DeleteObject
Rectangle
GetCurrentObject

advapi32

RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
OleLoadPicture

shlwapi

StrToIntA
PathAppendW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW

comctl32

_TrackMouseEvent

gdiplus

GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipDisposeImageAttributes
GdipAlloc
GdipFree
GdipDisposeImage
GdipDrawImageRectI
GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesColorMatrix
GdipLoadImageFromStream
GdiplusStartup
GdipDrawImageRectRectI
GdiplusShutdown
GdipDrawImageI
GdipCloneImage
GdipCreateBitmapFromStream
GdipGetImageWidth

wininet

InternetOpenW
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetGetConnectedState
InternetCloseHandle

Sections

.text
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76f22803e4757b88261ca21bcbff61c8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

2c:81:22:09:2e:76:ce:b2:8e:56:41:34:ef:f1:1e:49:fc:3e:04:9a:1c:c7:e6:5f:87:c2:72:a6:fd:26:58:8eSigner

64:b2:8c:6d:9b:37:38:b9:22:1a:96:e6:43:32:31:4b:35:a8:52:01Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

gdiplus

wininet

Sections

.text Size: 376KB - Virtual size: 373KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

2c:81:22:09:2e:76:ce:b2:8e:56:41:34:ef:f1:1e:49:fc:3e:04:9a:1c:c7:e6:5f:87:c2:72:a6:fd:26:58:8e
Signer

64:b2:8c:6d:9b:37:38:b9:22:1a:96:e6:43:32:31:4b:35:a8:52:01
Signer

.text
Size: 376KB - Virtual size: 373KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB