64f6828b13ff287f67f9c8b6d56f143d21bbf8ff4b1d3f6ce1478a195cd45ab2

Sharing

Copy URL Twitter E-mail

General

Target

64f6828b13ff287f67f9c8b6d56f143d21bbf8ff4b1d3f6ce1478a195cd45ab2
Size

1.5MB
MD5

c123ae3c9ee75e67063ea15480d348ec
SHA1

9175e7ae13fb54b4e97b1407efb05742da93554b
SHA256

64f6828b13ff287f67f9c8b6d56f143d21bbf8ff4b1d3f6ce1478a195cd45ab2
SHA512

88d43dfd1eb8bd617ed5275e2ac92b854980b693cfde5a86da25cdefab1114bbc48795bcdb050a66ebe9ce0409c1e7859387e3c0ed133de6e2b51d1f2910590f
SSDEEP

24576:W1XO5QxybJFe8QijvP4RhjFqrM7aOIoO4F2vIP34SeG+NyORWiKXToI+Z1v/48m/:vGYFFe8QijvP4RhjFj7vICC0LcAiKXxp

Score

1^/10

Malware Config

Signatures

Files

64f6828b13ff287f67f9c8b6d56f143d21bbf8ff4b1d3f6ce1478a195cd45ab2
.exe windows:5 windows x86 arch:x86

457400f65333a241ef93749b66c3c44f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/10/2022, 00:00

Not After

17/10/2025, 23:59

Subject

CN=Tencent Technology (Shenzhen) Company Limited,O=Tencent Technology (Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

97:44:e3:b9:07:ef:d9:e3:2d:9b:97:11:14:e3:a3:16:89:3e:a3:9e:50:94:7b:fa:5d:d9:9e:9b:a1:62:7e:ae
Signer

Actual PE Digest

97:44:e3:b9:07:ef:d9:e3:2d:9b:97:11:14:e3:a3:16:89:3e:a3:9e:50:94:7b:fa:5d:d9:9e:9b:a1:62:7e:ae

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\landun\p-b509c47dc4c74254aad211b0f5dd6bad\qqlivepc2\Symbol\FinalRelease\QQLivePluginUpdate.pdb

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
DuplicateHandle
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateEventW
CreateFileMappingW
CreateProcessW
SearchPathW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
Module32FirstW
Module32NextW
GetFileType
WriteFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
GetLocalTime
DeleteFileW
LoadLibraryExW
SetLastError
FindClose
lstrlenW
GetFullPathNameW
FindFirstFileW
FindNextFileW
CopyFileW
SetEvent
ResetEvent
lstrcatW
GetCommandLineW
WritePrivateProfileStringW
OpenProcess
GetExitCodeProcess
Sleep
OutputDebugStringA
RemoveDirectoryW
SetFileAttributesW
MoveFileW
MoveFileExW
Process32FirstW
Process32NextW
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetThreadTimes
UnregisterWait
SuspendThread
GetProcessAffinityMask
WriteProcessMemory
ReadProcessMemory
SetErrorMode
OpenThread
GetCurrentThreadId
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
VirtualAllocEx
VirtualQuery
GetSystemDirectoryW
LoadLibraryW
DeviceIoControl
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
FreeLibrary
DecodePointer
WaitForSingleObject
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
GetEnvironmentVariableW
TryEnterCriticalSection
GetExitCodeThread
GetTempPathW
GetLongPathNameW
GetNativeSystemInfo
GetFileAttributesW
CreateDirectoryW
GetPrivateProfileStringW
FindResourceExW
FindResourceW
SizeofResource
LoadResource
LockResource
CreateFileW
GetModuleHandleW
CloseHandle
ReadFile
GetProcAddress
GetFileAttributesExW
GetPrivateProfileIntW
GetModuleFileNameW
GetLastError
GetProcessHeap
GetVersionExW
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetModuleHandleA
WaitForSingleObjectEx
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetConsoleCP
SetStdHandle
PeekNamedPipe
GetDriveTypeW
GetACP
ExitProcess
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWaitEx
FindFirstFileExW
IsDebuggerPresent
OutputDebugStringW
FormatMessageW
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
VerSetConditionMask
VerifyVersionInfoW
SwitchToThread
UnlockFile
LockFileEx
GetConsoleMode
WriteConsoleW
AllocConsole
HeapCreate
GetCurrentThread
SetThreadPriority
GetThreadPriority
RtlCaptureStackBackTrace
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleHandleExW
VirtualAlloc
VirtualFree
FlushFileBuffers
GetFileSizeEx
SetEndOfFile
SetFilePointerEx

user32

IsWindow
SendMessageW
GetDesktopWindow
KillTimer
SetTimer

advapi32

RegCreateKeyExW
ReportEventW
RegisterEventSourceW
GetLengthSid
CopySid
DeregisterEventSource
SystemFunction036
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

StringFromGUID2
CLSIDFromString
CoCreateGuid
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen

shlwapi

PathFindFileNameW
PathIsDirectoryEmptyW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

wintrust

WinVerifyTrust

ws2_32

WSASocketW
WSASetLastError
GetAddrInfoW
recv
WSAStartup
WSAGetLastError
shutdown
ntohl
htonl
setsockopt
WSASend
closesocket
send
FreeAddrInfoW
WSACleanup
htons
connect
gethostname

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
InternetOpenW
InternetConnectW
InternetWriteFile
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW

winmm

timeGetTime

dbghelp

SymSetOptions
SymFromAddr
SymSetSearchPathW
SymGetSearchPathW
SymInitialize
SymGetLineFromAddr64

Exports

Exports

?AddExtraMem@TXBugReport@@YAHKI@Z
?AddExtraMem@TXBugReport@@YAHPAXI@Z
?AddIgnoreHookCheckModule@TXBugReport@@YAXPB_W@Z
?AddReleaseMonitorPoint@TXBugReport@@YAXPAJ@Z
?DoBugReport@TXBugReport@@YAJPAU_EXCEPTION_POINTERS@@PB_W@Z
?GetBugReportFlag@TXBugReport@@YAKXZ
?GetBugReportInfo@TXBugReport@@YAPAUtagBugReportInfo@1@XZ
?GetCustomFiltFunc@TXBugReport@@YAP6AHPAU_EXCEPTION_POINTERS@@@ZXZ
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?InitBugReportEx@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@ZH@Z
?RaiseSelfFatalException@TXBugReport@@YAXW4SelfException@1@@Z
?RecordCallStackIfNeed@TXBugReport@@YAXPAJ@Z
?SetBugReportFlag@TXBugReport@@YAHK@Z
?SetBugReportPath@TXBugReport@@YAHPB_W@Z
?SetBugReportUin@TXBugReport@@YAXKH@Z
?SetCustomFiltFunc@TXBugReport@@YAXP6AHPAU_EXCEPTION_POINTERS@@@Z@Z
?SetExtInfo@TXBugReport@@YAHKKPB_W@Z
?SetExtRptFilePath@TXBugReport@@YAHPB_W0@Z
?SetLogFileMd5Dir@TXBugReport@@YAHPB_W00@Z
?UninitBugReport@TXBugReport@@YAXXZ
?ValidateBugReport@TXBugReport@@YAXXZ
?pfPostBugReport@TXBugReport@@3P6AXXZA
?pfPreBugReport@TXBugReport@@3P6AXXZA
GetHandleVerifier

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 16B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

457400f65333a241ef93749b66c3c44f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fcCertificate

Extended Key Usages

Key Usages

97:44:e3:b9:07:ef:d9:e3:2d:9b:97:11:14:e3:a3:16:89:3e:a3:9e:50:94:7b:fa:5d:d9:9e:9b:a1:62:7e:aeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wintrust

ws2_32

version

netapi32

wininet

winmm

dbghelp

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 262KB - Virtual size: 264KB

.data Size: 25KB - Virtual size: 52KB

.gfids Size: 4KB - Virtual size: 8KB

.tls Size: 16B - Virtual size: 4KB

.rsrc Size: 133KB - Virtual size: 133KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fc
Certificate

97:44:e3:b9:07:ef:d9:e3:2d:9b:97:11:14:e3:a3:16:89:3e:a3:9e:50:94:7b:fa:5d:d9:9e:9b:a1:62:7e:ae
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 262KB - Virtual size: 264KB

.data
Size: 25KB - Virtual size: 52KB

.gfids
Size: 4KB - Virtual size: 8KB

.tls
Size: 16B - Virtual size: 4KB

.rsrc
Size: 133KB - Virtual size: 133KB