360DrvMgrInstaller_beta[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

360DrvMgrInstaller_beta.exe
Size

9.5MB
MD5

24eb7f431b5992321055dbfefb3e96df
SHA1

f0364dcaaee80685c79ab63738e9c6b50cf54e7c
SHA256

869c459d026528164c8d2246c0b38f7f09da25d3abb396c46900d40bcaeb9485
SHA512

a9023e71e9efcc781823d975b31bd9052b9abcabc574289c8582ceda4ba021f683fc5d08d13cac464e4257d3b4aefc718aac62668cdb0a7c8f9f6b0fb1bea02c
SSDEEP

196608:Oe3S7ydxHLVBU16b6IcXOJUZXEiDztAJ0rk/RaUdoJTUiCCx6E8R:O8hRRGA+gmZDzacFUJq0lR

Score

1^/10

Malware Config

Signatures

Files

360DrvMgrInstaller_beta.exe
.exe windows:5 windows x86 arch:x86

7b130e2959b45e6eb1eb558779fc4c56

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:d2:a7:41:cb:21:00:2c:41:cb:83:61:c4:d9:6b:44:d4:70:2e:63:80:c8:35:d1:18:bf:7a:eb:78:43:31:7b
Signer

Actual PE Digest

d4:d2:a7:41:cb:21:00:2c:41:cb:83:61:c4:d9:6b:44:d4:70:2e:63:80:c8:35:d1:18:bf:7a:eb:78:43:31:7b

Digest Algorithm

sha256

PE Digest Matches

true

03:b4:a6:51:f6:12:f8:92:98:d0:9e:f4:3c:64:90:c2:53:54:eb:1a
Signer

Actual PE Digest

03:b4:a6:51:f6:12:f8:92:98:d0:9e:f4:3c:64:90:c2:53:54:eb:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\驱动大师\DriverManager-2.0.0.1430-20180821-2.0.0.1420-temp\Setup\install\ReleaseInstaller.pdb

Imports

kernel32

FindFirstChangeNotificationW
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
GetFileInformationByHandle
ReadFile
SetEndOfFile
GetStdHandle
CompareFileTime
FileTimeToSystemTime
LockResource
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
CreateMutexW
SetLastError
WideCharToMultiByte
GetDiskFreeSpaceExW
GetExitCodeThread
Sleep
RaiseException
InterlockedIncrement
LeaveCriticalSection
GlobalUnlock
GlobalLock
CreateEventW
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
GetSystemTime
GetLocalTime
FormatMessageW
GetFileSizeEx
SetFilePointerEx
FindCloseChangeNotification
SystemTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetTimeZoneInformation
WriteConsoleW
EnterCriticalSection
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
WriteFile
LCMapStringA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
GetTempFileNameW
SearchPathW
GetCurrentDirectoryW
GetFullPathNameW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
SetFileTime
GetSystemDirectoryW
GetWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetVolumeInformationW
MoveFileW
ResetEvent
SetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
LocalFileTimeToFileTime
MulDiv
GetCurrentThreadId
FlushInstructionCache
GetTickCount
lstrcpynW
GetLastError
LocalFree
DeleteFileW
MoveFileExW
lstrlenA
OutputDebugStringW
DebugBreak
SetFileAttributesW
GetFileAttributesW
InterlockedDecrement
lstrlenW
GetTempPathW
TlsGetValue
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
FindResourceExW
InterlockedCompareExchange
GetModuleHandleA
lstrcmpiA
lstrcmpA
GetCurrentProcessId
DeviceIoControl
CreateThread
ExpandEnvironmentStringsW
LocalAlloc
GetSystemInfo
GetProcessTimes
GetSystemTimeAsFileTime
DuplicateHandle
HeapFree
GetProcessHeap
HeapAlloc
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
VirtualQuery
SetProcessWorkingSetSize
WaitForMultipleObjects
TerminateProcess
OpenProcess
CopyFileW
LCMapStringW
CreateFileW
GetVersionExW
GetCurrentProcess
GetModuleHandleW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessW
FreeLibrary
LoadLibraryW
GetConsoleOutputCP
GetProcAddress

user32

DestroyWindow
wvsprintfW
CharNextW
ExitWindowsEx
BeginPaint
SendMessageW
GetWindowLongW
GetClientRect
GetWindowTextW
EndPaint
SetWindowPos
SetWindowLongW
InvalidateRect
KillTimer
GetWindowRect
SetTimer
LoadCursorW
ShowWindow
CharToOemW
CopyRect
GetUpdateRect
SetRect
ReleaseDC
GetWindowDC
GetWindow
MonitorFromWindow
GetMonitorInfoW
LoadImageW
GetWindowTextLengthW
ReleaseCapture
GetDlgCtrlID
SystemParametersInfoW
SetCapture
CreateDialogParamW
CallWindowProcW
GetDlgItem
GetDC
PtInRect
ClientToScreen
GetCapture
UpdateWindow
DrawFocusRect
GetSystemMetrics
InflateRect
DrawEdge
GetSysColor
IsWindowEnabled
OffsetRect
FillRect
DrawTextW
PeekMessageW
TranslateMessage
DispatchMessageW
CharLowerW
MessageBoxW
DefWindowProcW
BringWindowToTop
SetForegroundWindow
FindWindowW
SetWindowRgn
GetParent
AdjustWindowRectEx
GetMenu
SetCursor
CreateWindowExW
GetClassInfoExW
RegisterClassExW
IsWindow
RedrawWindow
IsIconic
LoadStringW
PostQuitMessage
PostThreadMessageW
SetDlgItemTextW
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MonitorFromPoint
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
FindWindowExW
SubtractRect
PostMessageW
MapVirtualKeyW
GetKeyNameTextW
UnregisterClassA
GetMessageW
GetDesktopWindow
MapWindowPoints
EnableWindow
SetWindowTextW

gdi32

GetBitmapBits
OffsetViewportOrgEx
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontW
CreateSolidBrush
GetCurrentObject
CreateDIBSection
SetTextColor
CreatePolygonRgn
CreateFontIndirectW
GetObjectW
GetStockObject
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject
SetBkMode
GetDeviceCaps

advapi32

SetNamedSecurityInfoW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryValueExW
CopySid
GetTokenInformation
RegEnumKeyW
RegSetKeySecurity
FreeSid
RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExA
SetEntriesInAclW
GetNamedSecurityInfoW
SetSecurityDescriptorDacl
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegGetKeySecurity
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAce
InitializeSecurityDescriptor

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
ord165
SHGetSpecialFolderPathW
SHFileOperationW
SHFreeNameMappings
SHAppBarMessage
SHGetSpecialFolderLocation
SHChangeNotify
SHGetFileInfoW

ole32

CoCreateGuid
CoTaskMemFree
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
OleInitialize
OleUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

OleLoadPicture
SysFreeString
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantInit
VariantClear
VarUI4FromStr

wininet

InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

shlwapi

PathRemoveFileSpecW
PathIsPrefixW
StrStrIW
PathFindFileNameW
PathRemoveExtensionW
SHSetValueW
PathIsRootW
PathCombineW
PathFileExistsW
SHGetValueW
PathAppendW
SHDeleteKeyW
PathMatchSpecW
PathFindExtensionW
PathIsURLW
StrToIntExW
SHGetValueA
PathIsDirectoryW

comctl32

ImageList_Destroy
ImageList_Remove
ImageList_Duplicate
ImageList_SetImageCount
ImageList_Add
ImageList_Create
ImageList_GetIconSize
InitCommonControlsEx
ImageList_Draw
_TrackMouseEvent

msimg32

AlphaBlend

setupapi

SetupIterateCabinetW

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WTHelperProvDataFromStateData

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertGetNameStringW

netapi32

Netbios

rasapi32

RasGetConnectStatusW
RasEnumConnectionsW

psapi

EnumProcesses
GetProcessMemoryInfo
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b130e2959b45e6eb1eb558779fc4c56

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

d4:d2:a7:41:cb:21:00:2c:41:cb:83:61:c4:d9:6b:44:d4:70:2e:63:80:c8:35:d1:18:bf:7a:eb:78:43:31:7bSigner

03:b4:a6:51:f6:12:f8:92:98:d0:9e:f4:3c:64:90:c2:53:54:eb:1aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

comctl32

msimg32

setupapi

wintrust

version

crypt32

netapi32

rasapi32

psapi

comdlg32

Sections

.text Size: 394KB - Virtual size: 394KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 12KB - Virtual size: 38KB

.rsrc Size: 9.0MB - Virtual size: 9.0MB

.reloc Size: 41KB - Virtual size: 41KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

d4:d2:a7:41:cb:21:00:2c:41:cb:83:61:c4:d9:6b:44:d4:70:2e:63:80:c8:35:d1:18:bf:7a:eb:78:43:31:7b
Signer

03:b4:a6:51:f6:12:f8:92:98:d0:9e:f4:3c:64:90:c2:53:54:eb:1a
Signer

.text
Size: 394KB - Virtual size: 394KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 12KB - Virtual size: 38KB

.rsrc
Size: 9.0MB - Virtual size: 9.0MB

.reloc
Size: 41KB - Virtual size: 41KB