f7571c08b5748af4a2f17c443111b2bf023c90718dda1f997204ee5d797d75f3

Sharing

Copy URL Twitter E-mail

General

Target

f7571c08b5748af4a2f17c443111b2bf023c90718dda1f997204ee5d797d75f3
Size

864KB
MD5

dbda319a9e642db8e0b205154e869b4a
SHA1

00860c37085ddd47c43daf5cb4a9491e3cafdab3
SHA256

f7571c08b5748af4a2f17c443111b2bf023c90718dda1f997204ee5d797d75f3
SHA512

e731411f42e67bb46296166a805f57d6103e94dae5dad9641f317a523c139fd85a907c338ec93f9e4d68da4f23eb6eff854f70797337b9ed542eee481fdbdbd6
SSDEEP

12288:5lwtjCdvWm0OjQQ1dBMCd60wMmPVMNnMHMBpjs4b98gsqTjrvsNs:5WtKgVMNMHaJbNJ3Ds

Score

1^/10

Malware Config

Signatures

Files

f7571c08b5748af4a2f17c443111b2bf023c90718dda1f997204ee5d797d75f3
.exe windows:4 windows x86 arch:x86

a37f408c527254ea95ba89468c8fafdf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:08:67:15:fb:28:98:c1:c0:4b:5c:d2:50:6e:a5:7c:42:85:19:20
Signer

Actual PE Digest

d7:08:67:15:fb:28:98:c1:c0:4b:5c:d2:50:6e:a5:7c:42:85:19:20

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\src\QQMiniDL_proj\trunk\QQMiniDLUI\binD\QQMiniDL.pdb

Imports

kernel32

LocalFree
GlobalLock
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalAlloc
LocalReAlloc
GlobalFree
GetModuleHandleA
FormatMessageA
ResumeThread
SuspendThread
GetVersionExA
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
SetErrorMode
DeleteFileA
SetEndOfFile
LocalAlloc
FindFirstFileA
CreateFileA
FileTimeToLocalFileTime
GetFileAttributesA
FindNextFileA
LockResource
CompareStringW
CompareStringA
GetVersion
ResetEvent
GetFullPathNameW
SearchPathW
CreateDirectoryW
GetStdHandle
RemoveDirectoryA
VirtualQuery
GetCurrentProcessId
DuplicateHandle
WriteProcessMemory
SetUnhandledExceptionFilter
Thread32Next
Thread32First
OpenThread
TerminateProcess
CreateProcessW
ReadProcessMemory
VirtualAllocEx
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetDriveTypeW
GetStartupInfoW
HeapSize
ExitProcess
VirtualFree
HeapDestroy
HeapCreate
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetTimeZoneInformation
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
ReadFile
WriteFile
FlushFileBuffers
GetShortPathNameW
GetEnvironmentVariableW
lstrcpyW
lstrcatW
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
LoadLibraryW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateFileW
GetDriveTypeA
SetEnvironmentVariableA
OpenEventA
CreateWaitableTimerA
DeviceIoControl
lstrlenA
GetVersionExW
CreateMutexW
GetSystemDirectoryW
lstrcpynW
GetCommandLineW
CreateThread
Sleep
CopyFileW
DeleteFileW
OpenMutexW
ReleaseMutex
CreateToolhelp32Snapshot
OpenProcess
GetExitCodeProcess
CreateWaitableTimerW
CreateEventW
GetModuleFileNameA
SleepEx
GetSystemTimeAsFileTime
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetTickCount
InterlockedCompareExchange
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
WaitForMultipleObjects
TerminateThread
QueueUserAPC
HeapAlloc
PostQueuedCompletionStatus
SetWaitableTimer
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
GetProcAddress
GetPrivateProfileIntW
GetFileAttributesW
WideCharToMultiByte
GetCurrentThreadId
WaitForSingleObject
OutputDebugStringW
OutputDebugStringA
TlsAlloc
InterlockedExchangeAdd
SetEvent
CloseHandle
CreateEventA
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
TlsFree
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
FindResourceA

user32

SetForegroundWindow
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowRect
GetWindow
MapWindowPoints
GetMenuCheckMarkDimensions
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
WinHelpA
LoadIconA
RegisterWindowMessageA
SetWindowTextA
ClientToScreen
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
PostQuitMessage
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
GetForegroundWindow
GetWindowTextA
SetMenuItemBitmaps
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetWindowPlacement
MessageBoxA
GetParent
PtInRect
IsWindow
GetClientRect
RegisterClassExW
CreateWindowExW
DefWindowProcW
GetMessageW
DispatchMessageW
TranslateMessage
CharUpperW
PostThreadMessageW
PostMessageW
CharNextW

gdi32

DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
TextOutA
SaveDC
RestoreDC
SetMapMode
ExtTextOutA
PtVisible
RectVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
AllocateAndInitializeSid
RegCreateKeyW

shell32

ShellExecuteA
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHChangeNotify
SHFileOperationW

ole32

CLSIDFromProgID
StringFromGUID2
StringFromCLSID
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoLoadLibrary
CoTaskMemRealloc
CoFreeLibrary

oleaut32

VariantClear
SysFreeString
SysStringLen
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
VariantInit
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocString

shlwapi

wnsprintfW
SHDeleteKeyA
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathRemoveFileSpecA

ws2_32

WSAGetLastError
sendto
socket
recvfrom
setsockopt
closesocket
htonl
WSACleanup
getaddrinfo
htons
inet_addr
ntohs
inet_ntoa
WSAStartup

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

Netbios

wintrust

WTHelperGetProvCertFromChain
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WinVerifyTrust

crypt32

CertGetNameStringW

oleacc

CreateStdAccessibleObject
LresultFromObject

iphlpapi

GetAdaptersAddresses
GetIpForwardTable
GetAdaptersInfo

Sections

.text
Size: 576KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a37f408c527254ea95ba89468c8fafdf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d7:08:67:15:fb:28:98:c1:c0:4b:5c:d2:50:6e:a5:7c:42:85:19:20Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

imm32

version

netapi32

wintrust

crypt32

oleacc

iphlpapi

Sections

.text Size: 576KB - Virtual size: 572KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 20KB - Virtual size: 35KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 68KB - Virtual size: 65KB

.reloc Size: 92KB - Virtual size: 106KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d7:08:67:15:fb:28:98:c1:c0:4b:5c:d2:50:6e:a5:7c:42:85:19:20
Signer

.text
Size: 576KB - Virtual size: 572KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 20KB - Virtual size: 35KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 68KB - Virtual size: 65KB

.reloc
Size: 92KB - Virtual size: 106KB