1333c2e458d1c838576b7dca865f9d02

Sharing

Copy URL Twitter E-mail

General

Target

1333c2e458d1c838576b7dca865f9d02
Size

1.1MB
MD5

1333c2e458d1c838576b7dca865f9d02
SHA1

d6d7a1659bd953f97dae75adf7897a35ad7f5a9d
SHA256

51c9207d765e552492ffedd99d298b9bec64000467a3c6a9d76a3ef13fcb20e5
SHA512

b5d25ca249f5c82d93812a502ad901bcfc2c8367314835fe9340a05443667c8e27e102d17ce6538001ccdbb402df2d4072b5a33d2ccdf18b5d08cfe29447a68b
SSDEEP

24576:oeLvyimpABvoQVFbAS1tTW8ZDiIZfC4l5m1ePXZ5sBlTYYs:hLhmpsvHcS1tTW8AItC4l5m1e/ZCHE

Score

1^/10

Malware Config

Signatures

Files

1333c2e458d1c838576b7dca865f9d02
.dll windows:4 windows x86 arch:x86

c32777748260977961ccf3b4cb9929d3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:f7:66:49:2b:fc:0d:a6:7b:a3:d8:af:f8:b7:87:2d:13:07:dd:8d
Signer

Actual PE Digest

75:f7:66:49:2b:fc:0d:a6:7b:a3:d8:af:f8:b7:87:2d:13:07:dd:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\for10.0\bin\release\QQPCDownload.pdb

Imports

ws2_32

htonl
ntohl
htons

kernel32

GetProcessTimes
SystemTimeToFileTime
OutputDebugStringW
CreateProcessW
SetFilePointer
GetFullPathNameW
GetCPInfo
GetPrivateProfileStringW
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
CreateEventW
OpenProcess
WaitForMultipleObjects
TerminateProcess
SetUnhandledExceptionFilter
lstrcpynW
GetSystemTimeAsFileTime
GetExitCodeProcess
GetExitCodeThread
GetModuleHandleExW
InterlockedCompareExchange
InterlockedExchange
RemoveDirectoryW
GetSystemInfo
GetSystemDefaultLangID
LoadLibraryA
GetTempPathW
CreateDirectoryW
ResetEvent
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
GetLocalTime
GetModuleFileNameA
GetFileAttributesW
IsDebuggerPresent
TlsAlloc
GetQueuedCompletionStatus
TlsSetValue
TlsGetValue
CreateIoCompletionPort
PostQueuedCompletionStatus
GlobalFree
OpenEventW
MapViewOfFile
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
GetTempFileNameW
GlobalLock
ExitThread
CreateThread
HeapReAlloc
GetCommandLineA
GetVersionExA
RtlUnwind
LCMapStringA
GetStringTypeA
GetStringTypeW
GetModuleHandleA
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
HeapSize
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetStdHandle
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
ExpandEnvironmentStringsW
lstrlenW
GlobalAlloc
FindClose
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoA
FindFirstFileW
WriteFile
ReadFile
GetFileSize
MultiByteToWideChar
DeleteFileW
GetDiskFreeSpaceExW
CopyFileW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
SetEndOfFile
FreeLibrary
GetDriveTypeW
GetLogicalDrives
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
LoadResource
LockResource
SizeofResource
GetLastError
GetProcAddress
FindResourceW
LoadLibraryW
GetModuleFileNameW
FindResourceExW
CompareStringA
CompareStringW
SetEnvironmentVariableA
UnmapViewOfFile
OpenFileMappingW
WaitForSingleObject
SetEvent
WideCharToMultiByte
InterlockedDecrement
GetSystemDirectoryW
GetVersion
LoadLibraryExW
TerminateThread
lstrlenA
GetCurrentThreadId
lstrcmpiW
GetCommandLineW
SetLastError
SetDllDirectoryW
GetModuleHandleW
LeaveCriticalSection
FreeResource
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
InitializeCriticalSection
RaiseException
FlushInstructionCache
DuplicateHandle
InterlockedIncrement
Sleep
GetCurrentProcessId
Process32NextW
Process32FirstW
GetCurrentProcess
LCMapStringW
CreateToolhelp32Snapshot
IsProcessorFeaturePresent
GetThreadLocale
CreateFileA
UnhandledExceptionFilter
FileTimeToSystemTime
TlsFree
FileTimeToLocalFileTime

user32

GetSysColor
EqualRect
GetDlgCtrlID
GetWindowTextLengthW
GetWindowTextW
GetFocus
MsgWaitForMultipleObjects
CharUpperW
FindWindowExW
SendMessageTimeoutW
LoadImageW
PtInRect
IsIconic
PostThreadMessageW
DrawFrameControl
SetCursor
DrawTextW
ReleaseCapture
IsWindowVisible
SetTimer
SetCapture
DrawIconEx
EndPaint
LoadIconW
SetWindowTextW
GetSystemMenu
DestroyIcon
KillTimer
EnableWindow
MoveWindow
GetWindow
IsWindowEnabled
PostMessageW
FindWindowA
WaitMessage
UnregisterClassW
MsgWaitForMultipleObjectsEx
PostQuitMessage
GetQueueStatus
TrackPopupMenu
DestroyWindow
CharNextW
IsWindow
CallWindowProcW
GetDesktopWindow
SetActiveWindow
FillRect
GetWindowDC
DefWindowProcW
GetKeyState
ReleaseDC
GetDC
GetActiveWindow
ClientToScreen
GetParent
GetClientRect
GetWindowRect
InvalidateRect
SetWindowLongW
SystemParametersInfoW
SetWindowPos
DispatchMessageW
ShowWindow
TranslateMessage
CreateWindowExW
RegisterClassExW
GetMessageW
MapWindowPoints
PeekMessageW
OffsetRect
GetWindowLongW
InflateRect
LoadCursorW
FrameRect
GetClassInfoExW
SetRect
GetMonitorInfoW
SetWindowRgn
SendMessageW
MonitorFromWindow
CopyRect
GetDlgItem
MessageBoxW
CopyImage
LoadStringW
UnregisterClassA
BeginPaint

gdi32

MoveToEx
SetBkMode
RectInRegion
GetTextExtentPoint32W
TextOutW
RoundRect
SelectClipRgn
GetClipRgn
RestoreDC
SaveDC
CreateDIBSection
BitBlt
ExtSelectClipRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetObjectW
GetStockObject
LineTo
OffsetRgn
SetRectRgn
SetTextColor
CreateBitmap
GetTextMetricsW
CombineRgn
CreatePen
CreateRectRgn
StretchBlt
CreateSolidBrush
DeleteDC
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
Rectangle
GetCurrentObject

advapi32

ChangeServiceConfig2W
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
DeleteService
StartServiceW
RegQueryInfoKeyW
GetUserNameW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
CreateServiceW

shell32

SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoCreateGuid
CoInitialize
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CLSIDFromProgID
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoFreeLibrary
CoLoadLibrary
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysAllocStringByteLen
VarUI4FromStr
SysAllocString
SysFreeString
SysStringByteLen
VarBstrCmp
OleLoadPicture

shlwapi

PathAddBackslashW
StrToIntA
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathQuoteSpacesW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

comctl32

_TrackMouseEvent

gdiplus

GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipDisposeImageAttributes
GdipCreateBitmapFromStream
GdipLoadImageFromStream
GdipAlloc
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipDrawImageRectI
GdipCloneImage
GdipSetImageAttributesColorMatrix
GdiplusShutdown
GdipDrawImageRectRectI
GdipDrawImageI
GdipFree
GdipDisposeImage
GdipGetImageWidth

wininet

InternetReadFile
InternetOpenW
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW

Exports

Exports

CreateTxdlController
EntryPoint
TxDl_AsyncStartDownload
TxDl_Finalize
TxDl_Initialize
TxDl_IsDownloading
TxDl_Main
TxDl_NotifyQuit
TxDl_RegisterCompleteEvent
Txdl_GetVersion

Sections

.text
Size: 488KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DLLShare
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c32777748260977961ccf3b4cb9929d3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

75:f7:66:49:2b:fc:0d:a6:7b:a3:d8:af:f8:b7:87:2d:13:07:dd:8dSigner

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

netapi32

comctl32

gdiplus

wininet

Exports

Exports

Sections

.text Size: 488KB - Virtual size: 485KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 20KB - Virtual size: 27KB

DLLShare Size: 4KB - Virtual size: 1KB

.rsrc Size: 448KB - Virtual size: 444KB

.reloc Size: 40KB - Virtual size: 37KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

75:f7:66:49:2b:fc:0d:a6:7b:a3:d8:af:f8:b7:87:2d:13:07:dd:8d
Signer

.text
Size: 488KB - Virtual size: 485KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 20KB - Virtual size: 27KB

DLLShare
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 448KB - Virtual size: 444KB

.reloc
Size: 40KB - Virtual size: 37KB