746ba9f6f739f854e5db408d41d29a1b212324327f4d7952e091f64d91811593

Sharing

Copy URL Twitter E-mail

General

Target

746ba9f6f739f854e5db408d41d29a1b212324327f4d7952e091f64d91811593
Size

2.0MB
MD5

0dea795b799095fba6122d416f8d916a
SHA1

1351711e379c443669976f53c8f119c597c69e4f
SHA256

746ba9f6f739f854e5db408d41d29a1b212324327f4d7952e091f64d91811593
SHA512

471fe762cbc9b2ae658968301badc1aab9ef1c95d631b560da1e4504596cb8f9856aacd8a1e874cd010a74499ac26432072134d22259ffdf4c0e16a7542da53a
SSDEEP

49152:oHb3lgVJQhlpq7wXJ1Z5s7vhbRgJO/i0TGc:o715pq7sx45i

Score

1^/10

Malware Config

Signatures

Files

746ba9f6f739f854e5db408d41d29a1b212324327f4d7952e091f64d91811593
.exe windows:5 windows x86 arch:x86

0390be6a0585f7742074ad3e32277705

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:27:3d:47:07:1a:30:bd:0d:1b:cc:4a:c7:f9:54:3b:42:cf:e1:dd
Signer

Actual PE Digest

1a:27:3d:47:07:1a:30:bd:0d:1b:cc:4a:c7:f9:54:3b:42:cf:e1:dd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\building\360project\360sd\branches\beta\Build\x86\feedback.pdb

Imports

kernel32

LocalLock
GetDiskFreeSpaceW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
ResetEvent
CreateSemaphoreW
CreateEventW
WaitForSingleObjectEx
OutputDebugStringA
ReadFileEx
SetThreadPriority
ReleaseSemaphore
SetEvent
GetExitCodeThread
CreateFileA
SetNamedPipeHandleState
QueryPerformanceCounter
WaitForMultipleObjects
UnmapViewOfFile
DuplicateHandle
CreateFileMappingW
MapViewOfFile
GetFileType
GetFileInformationByHandle
GetSystemTime
FileTimeToDosDateTime
GlobalDeleteAtom
GlobalAddAtomA
LoadLibraryExW
DeviceIoControl
SetFilePointer
GetTimeZoneInformation
MoveFileExW
MoveFileW
TerminateProcess
CreateMutexW
GetFileAttributesW
RemoveDirectoryW
GetACP
lstrcmpW
GetLongPathNameW
ExpandEnvironmentStringsW
GetCommandLineW
GetExitCodeProcess
CreateProcessW
TlsGetValue
TlsSetValue
CopyFileW
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
ReadProcessMemory
AreFileApisANSI
QueryDosDeviceW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
WritePrivateProfileSectionW
OpenProcess
SetEnvironmentVariableW
GlobalMemoryStatus
ResumeThread
CreateToolhelp32Snapshot
Thread32First
OpenThread
Thread32Next
GetCurrentProcessId
ProcessIdToSessionId
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
TlsFree
GetVersion
GetLastError
ReleaseMutex
FreeResource
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
CreateMutexA
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
InterlockedCompareExchange
LoadLibraryW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTempPathW
GetPrivateProfileStringW
GetFileAttributesExW
GetTempFileNameW
Sleep
WideCharToMultiByte
WriteFile
GetModuleHandleW
GetProcAddress
GetSystemInfo
lstrcmpiW
InterlockedExchange
SuspendThread
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetWindowsDirectoryW
CreateDirectoryW
GetVersionExW
CreateFileW
GetFileSize
ReadFile
InterlockedDecrement
InterlockedIncrement
lstrlenW
CreateThread
GetModuleFileNameW
GetTickCount
WaitForSingleObject
TerminateThread
CloseHandle
SetLastError
MulDiv
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalFree
GetVersionExA
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
GetStringTypeExW
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsAlloc
LocalReAlloc
GlobalFlags
GlobalGetAtomNameW
GetAtomNameW
lstrlenA
SetErrorMode
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileTime
GetCurrentDirectoryW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
lstrcpynW
SetFilePointerEx
OutputDebugStringW
AddAtomW
FindAtomW
DeleteAtom
FindResourceW
LoadResource
LockResource
LocalUnlock
SizeofResource

user32

ClientToScreen
GetWindowDC
BeginPaint
EndPaint
InflateRect
GetCursorPos
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetDesktopWindow
CharUpperW
ValidateRect
GetMessageW
SetCursor
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
GetSysColorBrush
LoadCursorW
GetMenuItemInfoW
DestroyMenu
GetDialogBaseUnits
UnregisterClassW
DeleteMenu
DestroyIcon
CharNextW
IsRectEmpty
SetRect
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetRectEmpty
RegisterClipboardFormatW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
PostThreadMessageW
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
GetUpdateRgn
CopyImage
IsClipboardFormatAvailable
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
IsZoomed
EnumChildWindows
SetWindowRgn
GetMonitorInfoW
MonitorFromWindow
EnumWindows
DrawIcon
DrawIconEx
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
SendMessageW
RegisterWindowMessageW
SetTimer
PostMessageW
EnableWindow
DestroyWindow
GetTabbedTextExtentW
FrameRect
GetClientRect
InvalidateRect
GetSystemMetrics
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetWindowThreadProcessId
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
ScrollWindowEx
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetParent
GetDlgItem
SetWindowTextW
AppendMenuW
SetFocus
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
GetPropA
SetPropA
CallWindowProcW
UpdateLayeredWindow
SetLayeredWindowAttributes
LoadStringW
EnumThreadWindows
CharLowerBuffW
SendMessageTimeoutW
SwitchToThisWindow
SystemParametersInfoW
WindowFromPoint
WaitForInputIdle
FindWindowW
IsIconic
BringWindowToTop
SetForegroundWindow
GetClassInfoW
IsWindowEnabled
GetActiveWindow
SetActiveWindow
GetWindowLongW
SetWindowLongW
GetWindow
IsWindowVisible
ReleaseCapture
SetCapture
OffsetRect
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
SetWindowPos
GetMenuStringW
GetMenuState
GetWindowPlacement
GetSysColor
IsWindow
GetDC
ReleaseDC
LoadImageW
PostQuitMessage
LoadIconW
KillTimer
ShowWindow
GetWindowRect
RemovePropW
GetFocus
GetWindowTextLengthW
GetWindowTextW
SystemParametersInfoA
IntersectRect
GetMenu
PtInRect
CopyRect
DefWindowProcW
GetDlgCtrlID
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
RegisterClassW
GetClassInfoExW
CreateWindowExW
MessageBoxW
UpdateWindow
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenu
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMenuItemID

gdi32

SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
BitBlt
GetTextExtentPoint32W
RectInRegion
DeleteObject
CreateRectRgn
CreateCompatibleDC
SetArcDirection
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
GetCharWidthW
CreateFontW
StretchDIBits
CreateDIBSection
GetDIBits
SetPixel
GetBkMode
GetCurrentObject
SetDIBits
ExtCreateRegion
GetBitmapBits
GetClipRgn
SelectClipRgn
CreateBitmap
SetBkColor
SetTextColor
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
GetClipBox
GetObjectW
SetColorAdjustment
GetDCOrgEx
CreateDCW
CopyMetaFileW
CreateCompatibleBitmap
SetMapperFlags
GetDeviceCaps

advapi32

GetFileSecurityW
RegEnumKeyExW
RegQueryValueExA
RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
SetFileSecurityW
RegOpenKeyW
RegSetValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
EqualSid
IsValidSid
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

CommandLineToArgvW
SHGetFolderPathW
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFileInfoW
ExtractIconW
DragFinish
DragQueryFileW
ShellExecuteW

ole32

StringFromGUID2
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
StgCreateDocfileOnILockBytes
ReadFmtUserTypeStg
OleRegGetUserType
CoGetClassObject
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateILockBytesOnHGlobal
OleRun
OleUninitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoInitialize
IIDFromString
OleInitialize
CoRegisterClassObject
WriteClassStg
StgOpenStorageOnILockBytes
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
ReadClassStg
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
OleLoadPicture
CreateErrorInfo
SetErrorInfo
GetErrorInfo
OleCreateFontIndirect
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringLen
VariantChangeType
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString
SysStringLen

shlwapi

PathIsDirectoryW
PathFileExistsW
StrStrIW
SHGetValueW
StrCmpIW
PathFindExtensionW
StrCmpW
PathAppendW
PathRemoveFileSpecW
SHSetValueW
StrCmpNW
SHDeleteValueW
SHDeleteKeyW
StrCmpNIW
PathAddBackslashW
PathCombineW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ws2_32

select

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

winspool.drv

OpenPrinterW
GetJobW
DocumentPropertiesW
ClosePrinter

comdlg32

GetFileTitleW

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0390be6a0585f7742074ad3e32277705

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1a:27:3d:47:07:1a:30:bd:0d:1b:cc:4a:c7:f9:54:3b:42:cf:e1:ddSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

oledlg

ws2_32

version

wintrust

crypt32

winspool.drv

comdlg32

msimg32

comctl32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 316KB - Virtual size: 315KB

.data Size: 33KB - Virtual size: 53KB

.rsrc Size: 31KB - Virtual size: 30KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1a:27:3d:47:07:1a:30:bd:0d:1b:cc:4a:c7:f9:54:3b:42:cf:e1:dd
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 316KB - Virtual size: 315KB

.data
Size: 33KB - Virtual size: 53KB

.rsrc
Size: 31KB - Virtual size: 30KB