23241ec319de15ce00bc2eb66091e5e0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

23241ec319de15ce00bc2eb66091e5e0N.exe
Size

2.9MB
MD5

23241ec319de15ce00bc2eb66091e5e0
SHA1

e9503eb10c64bf170eac7a92b11c3c1eb2512b89
SHA256

cd8564f81ef9aae3fabe1fd6f3e0c9cf5c48e2eadf52f9bd1edd6c9dbb49f1cf
SHA512

d549aede154728dffd148e3c365c9453fefe42e5a94dc9a63560af5a24e524d64c39a9db917e33fddf58d604504eb7990725747105b2aa85d90400b70e7628bf
SSDEEP

49152:aNE1QLZz7aPtdTiu1kAwQ+Pw7eB/e+QgIZx1cJ:aNEOZvabXwVPwCB/e3gJ

Score

1^/10

Malware Config

Signatures

Files

23241ec319de15ce00bc2eb66091e5e0N.exe
.dll windows:4 windows x86 arch:x86

14c04986595f966ee55d1a40efed25ec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:58:b6:60:57:30:56:31:b6:c2:6d:ab:1f:57:49:3f:25:19:e6:48
Signer

Actual PE Digest

86:58:b6:60:57:30:56:31:b6:c2:6d:ab:1f:57:49:3f:25:19:e6:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins_Trunk\workspace\CEN_Hive_QQPCDownload_ForDCom\qqpcmgr_proj\bin\Release\QQPCDownload.pdb

Imports

ws2_32

htonl
WSCEnumProtocols
WSCInstallProvider
WSCWriteProviderOrder
WSCDeinstallProvider
htons
ntohl

psapi

GetModuleFileNameExW

kernel32

SetLastError
OpenProcess
GetCurrentThreadId
lstrcmpiW
TerminateThread
WaitForMultipleObjects
InterlockedCompareExchange
GetVersion
InterlockedExchange
WritePrivateProfileStringW
UnmapViewOfFile
GetCurrentThread
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
CreateProcessW
SetFilePointer
OpenMutexW
GetFullPathNameW
GetCPInfo
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
HeapAlloc
GetProcessHeap
HeapFree
SearchPathW
TerminateProcess
SetUnhandledExceptionFilter
ReadProcessMemory
VirtualAllocEx
lstrcpynW
GetSystemTimeAsFileTime
GetExitCodeThread
GetModuleHandleExW
ReleaseMutex
MapViewOfFile
Module32FirstW
Module32NextW
GetLocalTime
GetTempPathW
CreateDirectoryW
MoveFileW
GetExitCodeProcess
OpenThread
CreateThread
MoveFileExW
ResumeThread
GetLogicalDriveStringsW
OpenEventW
IsBadReadPtr
RemoveDirectoryW
GetTempFileNameW
GetSystemDefaultLangID
GetSystemInfo
VirtualQuery
LoadLibraryA
ResetEvent
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetFileAttributesW
GetCommandLineW
TlsFree
TlsAlloc
GetQueuedCompletionStatus
TlsSetValue
TlsGetValue
CreateIoCompletionPort
IsDebuggerPresent
FindNextFileW
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
VirtualAlloc
VirtualProtectEx
GetThreadContext
SetThreadContext
CreateRemoteThread
VirtualFree
GlobalLock
CreateFileA
UnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
HeapReAlloc
GetCommandLineA
GetVersionExA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
HeapDestroy
HeapCreate
GetStdHandle
GetCurrentDirectoryA
CompareStringA
CompareStringW
GetTickCount
SetDllDirectoryW
LeaveCriticalSection
FreeResource
GetPrivateProfileIntW
EnterCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FlushFileBuffers
DeleteCriticalSection
GetPrivateProfileStringW
InitializeCriticalSection
LoadLibraryExW
CreateMutexW
WideCharToMultiByte
RaiseException
CreateEventW
DuplicateHandle
FlushInstructionCache
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
InterlockedDecrement
WaitForSingleObject
SetEvent
lstrlenA
InterlockedIncrement
Sleep
IsBadWritePtr
VirtualProtect
GetModuleHandleW
GetSystemDirectoryW
WriteProcessMemory
lstrlenW
GlobalAlloc
GetCurrentProcessId
Process32NextW
Process32FirstW
GetCurrentProcess
CreateToolhelp32Snapshot
GlobalFree
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
WriteFile
ReadFile
GetFileSize
MultiByteToWideChar
DeleteFileW
GetDiskFreeSpaceExW
CopyFileW
FreeLibrary
GetDriveTypeW
GetLogicalDrives
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GetLastError
GetProcAddress
LoadLibraryW
FindResourceW
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
VirtualQueryEx
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
SetEndOfFile
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetThreadLocale
ExitProcess
PostQueuedCompletionStatus
SuspendThread

user32

GetFocus
GetWindowTextW
GetWindowTextLengthW
GetSysColor
EndDialog
LoadIconW
MsgWaitForMultipleObjects
CharUpperW
SendMessageTimeoutW
CallNextHookEx
GetUserObjectInformationW
CreateDesktopW
CloseDesktop
BeginPaint
SetWindowTextW
TrackPopupMenu
DestroyIcon
KillTimer
DrawFrameControl
DrawTextW
EqualRect
LoadImageW
GetDlgCtrlID
PtInRect
DrawIconEx
PostThreadMessageW
SetTimer
ReleaseCapture
IsWindowVisible
UnregisterClassW
SetCapture
IsWindowEnabled
EnumWindows
DestroyWindow
SetWindowLongW
IsWindow
GetForegroundWindow
SetThreadDesktop
GetWindowThreadProcessId
FindWindowW
FindWindowExW
wsprintfW
IsIconic
FindWindowA
GetQueueStatus
PostQuitMessage
EndPaint
WaitMessage
CallWindowProcW
GetDesktopWindow
SetActiveWindow
DefWindowProcW
ReleaseDC
MapWindowPoints
GetDC
GetWindowLongW
GetParent
GetActiveWindow
ClientToScreen
GetClientRect
InvalidateRect
GetWindowRect
SystemParametersInfoW
SetWindowPos
DispatchMessageW
ShowWindow
TranslateMessage
CreateWindowExW
RegisterClassExW
GetMessageW
SetWindowRgn
OffsetRect
PeekMessageW
InflateRect
LoadCursorW
GetClassInfoExW
SetRect
GetMonitorInfoW
SendMessageW
CopyRect
MonitorFromWindow
GetWindow
GetDlgItem
GetSystemMenu
MsgWaitForMultipleObjectsEx
RegisterWindowMessageW
EnableWindow
GetKeyState
MoveWindow
PostMessageW
MessageBoxW
CharNextW
LoadStringW
CopyImage
UnregisterClassA
SetCursor

gdi32

DeleteObject
CreateCompatibleBitmap
SelectObject
SetBkColor
ExtTextOutW
DeleteDC
StretchBlt
CreatePen
CreateRectRgn
CombineRgn
CreateBitmap
SetTextColor
Rectangle
GetStockObject
GetObjectW
CreateFontIndirectW
SetRectRgn
CreateCompatibleDC
BitBlt
CreateRectRgnIndirect
SaveDC
GetCurrentObject
CreateSolidBrush
RestoreDC
GetClipRgn
SelectClipRgn
RoundRect
TextOutW
MoveToEx
GetTextExtentPoint32W
LineTo
RectInRegion
SetBkMode
OffsetRgn
CreateDIBSection

advapi32

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
RegQueryInfoKeyW
StartServiceW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromProgID
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoFreeLibrary
CoLoadLibrary
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocStringLen
VarBstrCmp
SysStringLen
SysAllocStringByteLen
SysAllocString
VarUI4FromStr
SysFreeString
SysStringByteLen
OleLoadPicture

shlwapi

PathCombineW
PathRemoveExtensionW
PathFileExistsW
PathUnquoteSpacesW
PathAddExtensionW
PathRemoveFileSpecW
StrToIntA
PathAppendW
PathQuoteSpacesW
PathFindFileNameW
PathAddBackslashW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

comctl32

_TrackMouseEvent

gdiplus

GdipDeleteGraphics
GdipDrawImageRectRectI
GdiplusStartup
GdipDisposeImageAttributes
GdipGetImageWidth
GdipCreateImageAttributes
GdipCreateFromHDC
GdipDisposeImage
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageI
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipDrawImageRectI
GdiplusShutdown
GdipCreateHBITMAPFromBitmap

rpcrt4

UuidCreate

wininet

InternetGetConnectedState
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
HttpQueryInfoW
InternetReadFile

Exports

Exports

CreateTxdlController
EntryPoint
IsSupportNoReName
TxDl_AsyncStartDownload
TxDl_Finalize
TxDl_GetChildLaucherParam
TxDl_GetCurrentLaucherIndex
TxDl_GetLaucher
TxDl_InitDownloadEngine
TxDl_Initialize
TxDl_IsDownloading
TxDl_LoadRoutine
TxDl_Main
TxDl_NotifyQuit
TxDl_RegisterCompleteEvent
TxDl_ReleaseLaucher
Txdl_GetVersion

Sections

.text
Size: 772KB - Virtual size: 771KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareInj
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Downlaod
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DLLShare
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EventHoo
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14c04986595f966ee55d1a40efed25ec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

86:58:b6:60:57:30:56:31:b6:c2:6d:ab:1f:57:49:3f:25:19:e6:48Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

netapi32

comctl32

gdiplus

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 772KB - Virtual size: 771KB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 112KB - Virtual size: 118KB

ShareInj Size: 4KB - Virtual size: 1KB

Downlaod Size: 28KB - Virtual size: 24KB

DLLShare Size: 4KB - Virtual size: 1KB

EventHoo Size: 4KB - Virtual size: 1KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.vmp0 Size: 52KB - Virtual size: 49KB

.vmp1 Size: 44KB - Virtual size: 42KB

.reloc Size: 36KB - Virtual size: 34KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

86:58:b6:60:57:30:56:31:b6:c2:6d:ab:1f:57:49:3f:25:19:e6:48
Signer

.text
Size: 772KB - Virtual size: 771KB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 112KB - Virtual size: 118KB

ShareInj
Size: 4KB - Virtual size: 1KB

Downlaod
Size: 28KB - Virtual size: 24KB

DLLShare
Size: 4KB - Virtual size: 1KB

EventHoo
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.vmp0
Size: 52KB - Virtual size: 49KB

.vmp1
Size: 44KB - Virtual size: 42KB

.reloc
Size: 36KB - Virtual size: 34KB