006e812085fd05981652497c9013d3a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

006e812085fd05981652497c9013d3a0N.exe
Size

323KB
MD5

006e812085fd05981652497c9013d3a0
SHA1

d6fda84dce14ac714b635ffe3126ab891b26efb2
SHA256

934619a6288489851ed2ab82bbbc2a203708cfe4bce2221e6bb143aaa28d1627
SHA512

fbbec1b3fb201fa799dec91ff5ab7874c77ff55236ec5f4e7dfcd411c59d283cb3041fe4be5cd6d35211916dd556ff58f8a757ca720b33c1f485e0ffebb87298
SSDEEP

6144:3DRIu43BBJhFzwqGZMyMR7/CROJCbCadH9Cqfbvfd9rCx4932jLSq1cCb0ZSR:qLrFz7GMyETob5dH9Cufd9W6932jLSf+

Score

1^/10

Malware Config

Signatures

Files

006e812085fd05981652497c9013d3a0N.exe
.exe windows:4 windows x86 arch:x86

c982e640d63badf706096cb4230e903f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:5d:62:c2:d1:0d:f8:9c:0b:54:dd:58:83:3a:46:06:fa:df:73:63
Signer

Actual PE Digest

cc:5d:62:c2:d1:0d:f8:9c:0b:54:dd:58:83:3a:46:06:fa:df:73:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\TXGJRepair_Gongfang\qqpcmgr_proj\FTSafeApp\QQPCRepair\Release\TXGJRepair.pdb

Imports

shlwapi

SHDeleteKeyW
StrStrIA
StrStrW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathFileExistsA
PathRemoveFileSpecA
PathAppendA

wininet

InternetOpenW
InternetSetStatusCallbackW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
HttpOpenRequestW
InternetConnectW

ws2_32

htonl
shutdown
htons
WSAStartup
getaddrinfo
freeaddrinfo
recv
send
select
WSASocketW
ioctlsocket
WSAConnect
WSAGetLastError
closesocket

kernel32

LoadLibraryW
LocalFree
UnhandledExceptionFilter
Sleep
GetVersionExW
GetModuleHandleW
GetProcAddress
CreateFileW
DeviceIoControl
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
OpenEventW
FindFirstFileA
FindNextFileA
FindClose
CreateSemaphoreW
FileTimeToSystemTime
GetFileSize
SetEvent
LocalAlloc
GetCurrentProcessId
GetSystemDirectoryW
CopyFileW
FreeLibrary
CreateEventW
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
ResetEvent
lstrcmpA
Process32NextW
OpenProcess
GetFileAttributesExW
CreateProcessW
GetLastError
ExpandEnvironmentStringsW
OpenMutexW
GetPrivateProfileIntW
ResumeThread
InterlockedDecrement
CreateFileA
WaitForSingleObject
GetSystemTime
GetSystemDefaultLangID
VirtualQuery
lstrlenW
InterlockedCompareExchange
InterlockedIncrement
SwitchToThread
lstrcmpiW
IsBadWritePtr
VirtualProtect
GetModuleFileNameA
IsBadStringPtrA
SetFilePointer
WriteFile
UnmapViewOfFile
MapViewOfFile
GetLocalTime
SetLastError
OpenFileMappingW
GetProcessHeap
HeapFree
lstrlenA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
TerminateProcess
GetStartupInfoW
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
GetTickCount
GlobalMemoryStatusEx
GetSystemInfo
ReadFile
CloseHandle
GetSystemDirectoryA

user32

SendMessageW
SetActiveWindow
GetSystemMetrics
CharUpperA
EnumWindows
IsWindow
IsIconic
FindWindowA
SendMessageTimeoutW
SetForegroundWindow
ShowWindow
IsWindowVisible
GetPropW
GetLastActivePopup

advapi32

RegCreateKeyW
RegNotifyChangeKeyValue
RegFlushKey
RegDeleteKeyW
StartServiceW
ChangeServiceConfig2W
CreateServiceW
RegEnumValueW
RegOpenKeyA
RegSetValueExA
RegDeleteValueW
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHCreateDirectoryExW
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

msvcr80

wcsncpy_s
_itow_s
wcsncat_s
_wcsnicmp
_wtol
_snprintf_s
_itoa_s
memcpy_s
wcsstr
swprintf_s
swscanf_s
wcsnlen
_strnicmp
wcscat_s
_snwprintf_s
_purecall
atoi
??2@YAPAXI@Z
strtok_s
_stricmp
srand
rand
_wtoi64
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
wcsrchr
_wsplitpath_s
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_vsnprintf_s
_vsnwprintf_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strncpy_s
??_U@YAPAXI@Z
strnlen
_gmtime64_s
wcslen
_beginthreadex
memset
_endthreadex
_time64
strlen
_except_handler3
??_V@YAXPAX@Z
memcpy
strcpy_s
free
malloc
_wcsicmp
wcscpy_s
??3@YAXPAX@Z
_CxxThrowException
strrchr
_memicmp
strchr
fclose
fflush
fwrite
sprintf_s

msvcp80

??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

psapi

GetModuleFileNameExW
GetModuleBaseNameA
EnumProcesses
EnumProcessModules
GetProcessMemoryInfo
GetModuleBaseNameW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

imm32

ImmDisableIME

crypt32

CryptMsgClose
CryptDecodeObject
CryptMsgGetParam
CryptQueryObject
CertCloseStore

imagehlp

ImageUnload
ImageLoad
ImageRvaToSection

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c982e640d63badf706096cb4230e903f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cc:5d:62:c2:d1:0d:f8:9c:0b:54:dd:58:83:3a:46:06:fa:df:73:63Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wininet

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcr80

msvcp80

psapi

version

imm32

crypt32

imagehlp

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 156KB - Virtual size: 155KB

.reloc Size: 12KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cc:5d:62:c2:d1:0d:f8:9c:0b:54:dd:58:83:3a:46:06:fa:df:73:63
Signer

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 156KB - Virtual size: 155KB

.reloc
Size: 12KB - Virtual size: 9KB