3a505d8c3079b20e1203efc0531086b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3a505d8c3079b20e1203efc0531086b0N.exe
Size

4.0MB
MD5

3a505d8c3079b20e1203efc0531086b0
SHA1

e4c51443187142b782cae2168ab89d49aded202f
SHA256

62a701e72b164aa61502a4d299d70d02660592a9a62ef48f7149d2f90877ff31
SHA512

e496af2bf0a3c6300456c8e103af5e6124ab16979478fe7671f05bf2bac2a3cc3aa87f996ddb26f5313e4720b700b841153628d7f0fa7fbf42d53d5b0ee5ad32
SSDEEP

98304:zjkgjg4xMclrXQ+uAyFMJ/EhnROHvQnmXnyh+c2aUgbALNb7I:0e9tlJ/YROHvymXe22bALG

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/FileInfo.dll
unpack001/$PLUGINSDIR/RCWidgetPlugin.dll
unpack001/$PLUGINSDIR/System.dll

Files

3a505d8c3079b20e1203efc0531086b0N.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2013, 00:00

Not After

22/05/2016, 23:59

Subject

CN=2345.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=总办,O=2345.com,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:ef:7b:cc:78:f5:65:ca:a1:f2:2d:af:97:1e:84:c9:b0:cf:0a:35
Signer

Actual PE Digest

e0:ef:7b:cc:78:f5:65:ca:a1:f2:2d:af:97:1e:84:c9:b0:cf:0a:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FileInfo.dll
.dll windows:4 windows x86 arch:x86

5ff9f5e6e5160c6ab075b885caf2e551

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

CloseHandle
TerminateProcess
GetCurrentProcessId
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
lstrcpyW
Process32FirstW
SetLastError
CreateProcessW
GetCurrentProcess
GetModuleFileNameW
CreateFileA
WriteConsoleW
Process32NextW
OpenProcess
CreateToolhelp32Snapshot
lstrcpynW
MulDiv
FlushFileBuffers
GetLastError
GetModuleHandleA
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
WriteFile
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

wsprintfW
ReleaseDC
GetDC

gdi32

GetDeviceCaps

advapi32

SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetLengthSid
FreeSid
AllocateAndInitializeSid
DuplicateTokenEx

Exports

Exports

CheckInstallTime
CreateLowIntegrityProcess
DPIScaleX
DPIScaleY
FindProc
GetSpecialBuild
GetSpreadUserID
GetSpreadUserID2
KillProc

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/RCWidgetPlugin.dll
.dll windows:4 windows x86 arch:x86

7ce941252eb6ec98470a46615c1b03a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SVN\rczip4.4\bin\win32\release\RCWidgetPlugin.pdb

Imports

gdiplus

GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCloneImage
GdipRestoreGraphics
GdipBitmapLockBits
GdipGetMatrixElements
GdipScaleWorldTransform
GdipDrawImagePointRectI
GdipReleaseDC
GdipDeleteMatrix
GdipGetRegionHRgn
GdipSaveGraphics
GdipTransformPointsI
GdipSetClipRectI
GdipDeleteRegion
GdipCreateRegion
GdipCloneBitmapAreaI
GdipGetClip
GdipBitmapUnlockBits
GdipTranslateWorldTransform
GdipCreateMatrix
GdipGetWorldTransform
GdipGraphicsClear
GdipGetDC
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipDrawImageRectRectI
GdipCreateImageAttributes
GdipCreateStringFormat
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipSetStringFormatLineAlign
GdipCreateFontFromLogfontW
GdipMeasureString
GdipDeleteFont
GdipDrawString
GdipDeleteStringFormat
GdiplusShutdown
GdipGetImagePaletteSize
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipFillRectangleI
GdipGetImagePixelFormat
GdipSetPixelOffsetMode
GdipGetImageWidth
GdipDisposeImage
GdipGetImageHeight
GdiplusStartup
GdipAlloc
GdipFree
GdipGetImageGraphicsContext
GdipDeleteBrush
GdipDrawImageRectRect

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
HeapSize
Sleep
IsValidCodePage
GetOEMCP
GetCPInfo
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
CreateThread
ExitThread
GetProcessHeap
GetVersionExA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualAlloc
lstrlenW
lstrcpyW
GlobalAlloc
WideCharToMultiByte
lstrcpynW
MultiByteToWideChar
GlobalFree
SetFilePointer
GetFileAttributesW
EnterCriticalSection
WriteFile
ReadFile
FindClose
FreeLibrary
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
LoadLibraryA
CloseHandle
GetACP
LoadLibraryW
GetFileSizeEx
GetComputerNameW
FreeEnvironmentStringsW
GetProcAddress
GetModuleHandleW
LeaveCriticalSection
FindFirstFileW
RaiseException
GetCurrentProcess
FlushInstructionCache
LockResource
UpdateResourceW
BeginUpdateResourceW
SetLastError
SetErrorMode
FindResourceW
GetCurrentThreadId
SizeofResource
GetVersion
FreeResource
LoadResource
EndUpdateResourceW
GetCommandLineW
lstrcatW
LocalFree
GlobalLock
GlobalUnlock
ResumeThread
GetLastError
CreateEventW
ResetEvent
SetEvent
InterlockedExchangeAdd
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetEnvironmentStringsW
QueryPerformanceCounter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
VirtualProtect
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
InterlockedCompareExchange
IsProcessorFeaturePresent
GetVersionExW

user32

ReleaseCapture
TrackMouseEvent
SetCapture
ReleaseDC
IsRectEmpty
SetRectEmpty
UnionRect
GetWindowTextW
GetWindowTextLengthW
InflateRect
DispatchMessageW
LoadCursorW
GetActiveWindow
MapWindowPoints
GetWindow
DestroyWindow
SystemParametersInfoW
EnableWindow
GetClassInfoExW
SetActiveWindow
IsWindow
GetMessageW
GetDC
InvalidateRect
RedrawWindow
SetWindowPos
UnregisterClassA
PostMessageW
GetKeyState
GetWindowLongW
GetDlgCtrlID
OffsetRect
BeginPaint
GetDlgItem
GetParent
CopyRect
SetWindowRgn
ScreenToClient
GetWindowRect
CallWindowProcW
MoveWindow
PtInRect
SetWindowTextW
SetCursor
IsWindowVisible
ShowWindow
SendMessageA
IsWindowEnabled
DefWindowProcW
LoadIconW
SetWindowLongW
SendMessageW
CharNextW
TranslateMessage
RegisterClassExW
GetDesktopWindow
SetRect
wsprintfW
CharPrevW
PeekMessageW
CreateWindowExW
GetClientRect
EndPaint

gdi32

DeleteDC
DeleteObject
BitBlt
CreatePolygonRgn
SetViewportOrgEx
GetObjectW
GetStockObject
CreateFontIndirectW
EnumFontsW
CreateSolidBrush
SetTextColor
ExtTextOutW
SetDCBrushColor
SetBkMode
SetGraphicsMode
SetWorldTransform
SetStretchBltMode
SetBrushOrgEx
SelectClipRgn
SetArcDirection
SetROP2
SetDCPenColor
CreateCompatibleBitmap
SetBkColor
SelectObject
CreateCompatibleDC

advapi32

GetUserNameW

shell32

SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation
ShellExecuteW
SHBrowseForFolderW

ole32

CoTaskMemFree
OleUninitialize
CreateStreamOnHGlobal
OleInitialize

shlwapi

StrToIntA

comctl32

InitCommonControlsEx

Exports

Exports

ChangeLoaderRes
CheckSignerInfo
GetCheckValue
GetInstDir
Init
OnRepair
OnSetup
OnSetupPost
OnUninstall
PopInt
PopString
PushInt
PushString
SetProgress
SetRTL
ShowInstall
ShowUnInstall

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/2345PicDown.exe
.exe windows:4 windows x86 arch:x86

e4e6ecd6ea8974c4487c0a63134e9dfe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:d2:08:d5:87:8e:4d:25:73:4d:33:5f:71:c6:4a:5d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/05/2012, 00:00

Not After

05/06/2013, 23:59

Subject

CN=上海瑞创网络科技股份有限公司,OU=Provided by TrustAsia,O=上海瑞创网络科技股份有限公司,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fc:82:7b:71:7c:ed:66:d6:e1:11:2f:ac:9c:40:da:41:f2:34:2b:f4
Signer

Actual PE Digest

fc:82:7b:71:7c:ed:66:d6:e1:11:2f:ac:9c:40:da:41:f2:34:2b:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetSetOptionW

kernel32

SizeofResource
GetFileAttributesW
CreateMutexW
DeleteCriticalSection
ReleaseMutex
GetModuleHandleW
FindResourceW
LoadLibraryExW
InterlockedDecrement
MultiByteToWideChar
GetModuleFileNameW
GetLastError
lstrcmpiW
GetCurrentThreadId
GetProcAddress
GetVersionExW
CloseHandle
DeleteFileW
GetTempFileNameW
CreateFileW
GetLongPathNameW
GetTickCount
Sleep
GetTempPathW
WriteFile
GetExitCodeProcess
lstrcpynW
WaitForSingleObject
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
LeaveCriticalSection
GetStdHandle
HeapCreate
HeapDestroy
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
HeapReAlloc
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
SetFilePointer
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
LoadResource
EnterCriticalSection
RaiseException
SetLastError
InitializeCriticalSection
GetConsoleCP
InterlockedIncrement
FlushInstructionCache
lstrlenW
GetCurrentProcess
FreeLibrary
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetConsoleMode
GetStringTypeA
SetStdHandle
GetStringTypeW
GetModuleFileNameA

user32

UnregisterClassA
SetWindowTextW
SetWindowPos
SetDlgItemTextW
GetClientRect
GetDlgItem
MessageBoxW
GetParent
MapWindowPoints
GetWindow
EnableWindow
BringWindowToTop
SystemParametersInfoW
GetWindowRect
wsprintfW
GetMenuDefaultItem
GetClassInfoExW
DestroyMenu
DestroyIcon
SendMessageW
RegisterWindowMessageW
KillTimer
GetWindowLongW
CreateWindowExW
GetCursorPos
IsWindow
GetSystemMetrics
LoadMenuW
IsMenu
LoadCursorW
SetForegroundWindow
GetSubMenu
RegisterClassExW
SetMenuDefaultItem
TrackPopupMenu
CallWindowProcW
SetTimer
LoadImageW
PostMessageW
PeekMessageW
GetDesktopWindow
GetMessageW
ShowWindow
DestroyWindow
CreateDialogParamW
DispatchMessageW
SetWindowLongW
DefWindowProcW
CharNextW
TranslateMessage
PostQuitMessage

gdi32

CreateFontIndirectW
DeleteObject

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW

shell32

ShellExecuteExW
Shell_NotifyIconW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

StrStrW

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2345好压免责声明.txt
7zNew.data
.7z
HaoZip.chm
.chm
HaoZip.dll
HaoZip.exe
HaoZipC.exe
HaoZipCD.exe
HaoZipCom.dll
HaoZipEditor.dll
HaoZipExt.dll
HaoZipExt64.dll
HaoZipFormats.dll
HaoZipImage.dll
HaoZipLoader.exe
HaoZipLoader64.exe
HaoZipMd5.exe
HaoZipRename.exe
HaoZipReplace.exe
HaoZipScan.exe
HaoZipUI.dll
HaoZipUpdate.exe
HaoZipVirtualCDBus.inf
HaoZipVirtualCDBus.sys
.sys windows:4 windows x86 arch:x86

01d10d86f3f444e21866ec715c35d7c2

Code Sign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:62:60:29:63:d7:a8:68:ba:d4:e3:02:87:dc:de:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

23/07/2013, 23:59

Subject

CN=Shanghai RuiChuang Network Technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai RuiChuang Network Technology Co.\,Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:1b:24:6b:81:93:dc:a4:5f:ac:9c:36:79:ab:30:0e:19:e8:d2:3e
Signer

Actual PE Digest

ae:1b:24:6b:81:93:dc:a4:5f:ac:9c:36:79:ab:30:0e:19:e8:d2:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\MyDoc\Visual Studio 2005\Projects\rczip\bin\win32\release\HaoZipVirtualCDBus.pdb

Imports

ntoskrnl.exe

KeInitializeMutex
KeReleaseMutex
RtlInitUnicodeString
RtlCopySid
ZwSetInformationFile
ZwSetValueKey
ZwQueryValueKey
_vsnwprintf
ZwClose
ZwCreateFile
ZwReadFile
ZwDeleteValueKey
wcsrchr
ZwWriteFile
ZwEnumerateValueKey
memmove
IoGetRequestorProcess
ZwQueryInformationFile
PoStartNextPowerIrp
IofCompleteRequest
PsTerminateSystemThread
_purecall
ZwEnumerateKey
ZwDeleteKey
swprintf
ZwClearEvent
ZwSetEvent
ZwDuplicateObject
KeQuerySystemTime
ZwCreateEvent
KeUnstackDetachProcess
KeStackAttachProcess
KeWaitForSingleObject
KeDelayExecutionThread
IoBuildSynchronousFsdRequest
IofCallDriver
ExAllocatePool
KeGetCurrentThread
ZwWaitForSingleObject
IoAttachDeviceToDeviceStack
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
KeClearEvent
IoDetachDevice
ObReferenceObjectByHandle
PsThreadType
ObfDereferenceObject
IoDeleteSymbolicLink
RtlFreeUnicodeString
KeReleaseSemaphore
IoDeleteDevice
ZwQuerySecurityObject
ZwSetSecurityObject
PoCallDriver
ExFreePoolWithTag
ExAllocatePoolWithTag
KeBugCheck
IoRequestDeviceEject
ObfReferenceObject
IoInvalidateDeviceRelations
MmMapLockedPagesSpecifyCache
ZwOpenKey
ZwCreateKey
RtlValidSid
RtlLengthSid
RtlCreateAcl
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSelfRelativeToAbsoluteSD
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
DbgPrint
_snprintf
KeInitializeSemaphore
strstr
atoi
ZwQueryDirectoryFile
PsGetCurrentThreadId
KeSetEvent
PsCreateSystemThread
IoCreateDevice
KeInitializeEvent
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
memcpy
memset
_aulldiv
_aullrem
_alldiv

hal

ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
ExReleaseFastMutex
KeGetCurrentIrql

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.STL
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaozipCD.dll
Microsoft.VC80.CRT.manifest
RarNew.data
.rar
TarNew.data
UNACEV2.DLL
Uninstall.exe.nsis
ZipNew.data
haozipvirtualcdbus.cat
lang/HaoZipLang_chs.dll
msvcr80.dll
sfx/HaoZip7zCon.sfx
sfx/HaoZip7zSetup.sfx
skins/HaoZip.dui
.zip
objects.xml
.xml
shareres.xml
.xml
skins/HaoZip.skn
.zip
Add_large.png
.png
Add_large_Mouseover.png
.png
Add_small.png
.png
Add_small_Mouseover.png
.png
Adressbar_list.png
.png
Button.png
.png
Caption_Btn.png
.png
Choose2.png
.png
Download_Bg.png
.png
HaoZip.skn
HorzLine.png
.png
Left_Border.png
.png
Menubar_Btn_Hot.png
.png
Menubar_Btn_Press.png
.png
OkayIcon.png
.png
PageBtn.png
.png
ProgressBar.png
.png
RCHaoClients.png
.png
RCHaoClients2.png
.png
RCHaoFileTreeView.png
.png
RCHaoNavigateBar.BackBtn.png
.png
RCHaoNavigateBar.ForwardBtn.png
.png
Right_Border.png
.png
SettingBG_Close.png
.png
SettingBG_Inside.png
.png
SettingBG_Projection.png
.png
Setting_Btn.png
.png
Sidebar_Infopane_Btn1.png
.png
Sidebar_Infopane_Btn2.png
.png
Skin_Close_Btn.png
.png
Skin_Preview_Highlight_Large.png
.png
Skin_Preview_Highlight_Small.png
.png
Skin_Recommend_Preview.png
.png
Skin_preview_large.png
.png
Skin_preview_small.png
.png
Skin_recommend_bg.png
.png
Skinpanel_Bg.png
.png
View_D (2).png
.png
View_H (2).png
.png
View_L (2).png
.png
View_M (2).png
.png
View_N (2).png
.png
WarnIcon.png
.png
WrongIcon.png
.png
adressbar.png
.png
checkbox.png
.png
close_sidebar.png
.png
folder-bg.png
.png
foot.png
.png
haozip_skin_config.txt
haozip_skin_description.txt
haozip_skin_preview_bg.png
.png
head.png
.png
help.png
.png
hide.png
.png
hide2.png
.png
hz-smallcancelbtn.png
.png
hz_Installbtn.png
.png
hz_Nextbtn.png
.png
hz_Upgradebtn.png
.png
hz_bg.png
.png
hz_bigcancelbtn.png
.png
hz_closebtn.png
.png
hz_confirmbtn.png
.png
hz_confirmbtn_two.png
.png
hz_logo.png
.png
hz_minbtn.png
.png
hz_msgbg.png
.png
hz_note.png
.png
hz_process.png
.png
hz_processbg.png
.png
info.png
.png
info_icon.png
.png
installed.png
.png
list-btn.png
.png
main_splitter.png
.png
menubar.png
.png
objects.xml
.xml
prop.xml
.xml
scan_bg.png
.png
scan_close_hot.png
.png
scan_close_normal.png
.png
scan_inf.png
.png
scan_pass.png
.png
scan_running.png
.png
shareres.xml
.xml
show.png
.png
show2.png
.png
size-contrl.png
.png
skin_btn.png
.png
splitter1.png
.png
splitter2.png
.png
toolbar-small.png
.png
toolbar.png
.png
toolicon_Bg.png
.png
up.png
.png
skins/HaoZip.xml
.xml

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e0:ef:7b:cc:78:f5:65:ca:a1:f2:2d:af:97:1e:84:c9:b0:cf:0a:35Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 129KB

.ndata Size: - Virtual size: 424KB

.rsrc Size: 18KB - Virtual size: 17KB

5ff9f5e6e5160c6ab075b885caf2e551

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 6KB - Virtual size: 6KB

7ce941252eb6ec98470a46615c1b03a9

Headers

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 232KB - Virtual size: 231KB

.reloc Size: 20KB - Virtual size: 17KB

039bcbc605477e8e87ec550c2e60e748

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e0:ef:7b:cc:78:f5:65:ca:a1:f2:2d:af:97:1e:84:c9:b0:cf:0a:35
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 129KB

.ndata
Size: - Virtual size: 424KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 232KB - Virtual size: 231KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

11:d2:08:d5:87:8e:4d:25:73:4d:33:5f:71:c6:4a:5d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

fc:82:7b:71:7c:ed:66:d6:e1:11:2f:ac:9c:40:da:41:f2:34:2b:f4
Signer

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 17KB - Virtual size: 16KB

61:19:93:e4:00:00:00:00:00:1c
Certificate

07:62:60:29:63:d7:a8:68:ba:d4:e3:02:87:dc:de:2e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ae:1b:24:6b:81:93:dc:a4:5f:ac:9c:36:79:ab:30:0e:19:e8:d2:3e
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 4KB - Virtual size: 4KB