360sdToasts[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

360sdToasts.exe
Size

221KB
MD5

4f87a229c63b4ec7ddae4190c9a5499a
SHA1

a2ad113d96f1cd533d51683834d29b93ef3d6b9c
SHA256

9b194c4ea2e07180329dc59ea70cfabc860a341615421a329063eaafa7893abc
SHA512

d9c400e6590f48f2dd47c66198cdde71fdd294a1c09f9654ac15bdada3728599c0d46653c226f186d72813f61ffc526dc899cd4130e7e389668fbf07fa90814c
SSDEEP

3072:2QE8LdyVu+ZvPS8969tY+aI019WTa3pCov0wLmS+fQih+MIP3LV3nkHUL5Z:2QE8LdyVu+ZvPS/PTmpvjLmS+fQO0JL3

Score

1^/10

Malware Config

Signatures

Files

360sdToasts.exe
.exe windows:6 windows x64 arch:x64

6dcf02a43d359139a75cfe0795f1df05

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:bc:d2:ef:d4:90:ce:6d:f4:6d:2c:85:b6:f0:87:8e:75:ff:19:d4
Signer

Actual PE Digest

61:bc:d2:ef:d4:90:ce:6d:f4:6d:2c:85:b6:f0:87:8e:75:ff:19:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\x64\360sdToasts.pdb

Imports

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

shlwapi

PathAppendW
PathFileExistsW
StrStrIW
StrCmpNIW
StrStrW
SHStrDupW

kernel32

GetProcAddress
GetModuleHandleW
LoadLibraryW
GetWindowsDirectoryW
DeleteFileW
GetModuleFileNameW
CreateFileW
GetFileSize
ReadFile
CloseHandle
WriteFile
WideCharToMultiByte
GetCurrentProcessId
ReleaseMutex
GetLastError
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
FreeLibrary
MultiByteToWideChar
GetACP
OpenThread
WaitForSingleObject
CreateProcessW
CreateMutexW
SystemTimeToFileTime
Sleep
TerminateProcess
GetCommandLineW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetEnvironmentVariableW
GetFileAttributesW
RaiseException
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlushFileBuffers
GetTickCount64
QueryPerformanceCounter
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
SetLastError
GetCPInfo
GetOEMCP
IsValidCodePage
GetStartupInfoW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
RtlUnwindEx
RtlLookupFunctionEntry
AddAtomW
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
RtlPcToFileHeader
GetSystemTimeAsFileTime
DecodePointer
LocalFree
FormatMessageW
GetFileSizeEx
LocalFileTimeToFileTime
CreateFileA
ReadConsoleW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer

user32

PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
CreateWindowExW

advapi32

RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

PropVariantClear
CoCreateInstance
CoInitialize

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dcf02a43d359139a75cfe0795f1df05

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

61:bc:d2:ef:d4:90:ce:6d:f4:6d:2c:85:b6:f0:87:8e:75:ff:19:d4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

shlwapi

kernel32

user32

advapi32

ole32

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 17KB - Virtual size: 26KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 4KB - Virtual size: 3KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

61:bc:d2:ef:d4:90:ce:6d:f4:6d:2c:85:b6:f0:87:8e:75:ff:19:d4
Signer

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 17KB - Virtual size: 26KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 4KB - Virtual size: 3KB