832bb4d51d46dddd681b33dc4dc89cad60acc6e93a0b925082e4d16d6cbdde12

Sharing

Copy URL Twitter E-mail

General

Target

832bb4d51d46dddd681b33dc4dc89cad60acc6e93a0b925082e4d16d6cbdde12
Size

10.1MB
MD5

02e707ec496f813432b19a7983d36889
SHA1

80e1bba63528c96874c6d02bbdb232014fa6602c
SHA256

832bb4d51d46dddd681b33dc4dc89cad60acc6e93a0b925082e4d16d6cbdde12
SHA512

370e6f81b057d20070c378313f8464cd8b92192ec2caf24c912c787a7157d58e8cbbce90e375fdd564fbe5ac5f117fd482639f9b7adcdcdd72299e6c18612401
SSDEEP

196608:7xTcv9d0RWFeBsHUXgzyr0m25eO4ZNg9kJ4x6k8cL1Xyn6xt2:1TcjbF8sHueeX294ZNu6k8cL1bc

Score

1^/10

Malware Config

Signatures

Files

832bb4d51d46dddd681b33dc4dc89cad60acc6e93a0b925082e4d16d6cbdde12
.exe windows:5 windows x86 arch:x86

fef4e3d11a5d52749bf3411b72a90997

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:7b:bc:ab:c6:42:54:44:ca:8c:48:93:5f:4b:cf:8d:1f:4c:4e:03
Signer

Actual PE Digest

d4:7b:bc:ab:c6:42:54:44:ca:8c:48:93:5f:4b:cf:8d:1f:4c:4e:03

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\360APSetup_source\Build\x86\Setup_Free.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

TerminateProcess
WaitForSingleObject
CreateProcessW
GetTickCount
GetTempPathW
WriteFile
ReleaseMutex
CreateMutexA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcatW
LoadLibraryW
DeviceIoControl
GetCurrentProcessId
SetFilePointer
ReadFile
FreeLibrary
DeleteFileA
WritePrivateProfileStringW
CreateThread
CopyFileW
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryExW
GetModuleFileNameW
GetPrivateProfileStringW
LocalFree
GetStdHandle
SetFileTime
SetFileAttributesW
RemoveDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
GetFileSize
GetFileInformationByHandle
SetEndOfFile
CompareFileTime
FileTimeToSystemTime
GetExitCodeProcess
GetFileAttributesW
ExpandEnvironmentStringsW
lstrcmpiA
lstrcmpA
FreeResource
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetTempFileNameW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
GetModuleFileNameA
FatalAppExitA
HeapCreate
GetCurrentThread
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
ExitProcess
Sleep
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
CreateMutexW
GetSystemTime
GetLocalTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedDecrement
InterlockedIncrement
SetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrcmpiW
lstrcpyW
lstrlenW
CompareStringW
GetModuleHandleW
FlushInstructionCache
VirtualAlloc
VirtualFree
CreateDirectoryW
OpenProcess
lstrlenA
MoveFileW
MoveFileExW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
CreateFileW
CloseHandle
DeleteFileW
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetVersionExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocaleInfoW

user32

UnregisterClassA
SetWindowLongW
CreateWindowExW
GetWindowLongW
SetWindowTextW
GetClientRect
SetWindowPos
ShowWindow
GetDlgItem
IsDialogMessageW
AdjustWindowRectEx
IsWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
SendMessageW
InvalidateRect
IsWindowEnabled
DrawTextW
DefWindowProcW
EndDialog
GetSysColor
SetRectEmpty
DestroyWindow
UpdateLayeredWindow
GetSystemMetrics
GetWindowTextW
GetWindowTextLengthW
ScreenToClient
UpdateWindow
SetCapture
SetFocus
GetMenu
PostMessageW
IsIconic
IsZoomed
SetWindowRgn
TrackMouseEvent
CopyRect
GetWindowRgn
CharToOemW
CharUpperW
DialogBoxParamW
CreateDialogParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
SendMessageTimeoutW
wsprintfW
FindWindowW
GetWindowThreadProcessId
DestroyCursor
LoadImageW
LoadStringW
SystemParametersInfoW
GetDlgCtrlID
KillTimer
SetTimer
ClientToScreen
RegisterClassExW
PostQuitMessage
GetClassInfoExW
FillRect
MessageBoxW
IsWindowVisible
MoveWindow
GetClassNameW
LoadCursorW
OffsetRect
ReleaseDC
GetDC
EndPaint
BeginPaint
CharNextW
GetCursorPos
GetCapture
ReleaseCapture
PtInRect
SetCursor
CallWindowProcW

gdi32

CreateRoundRectRgn
CreateDIBSection
SetViewportOrgEx
CreateSolidBrush
GetStockObject
CreateFontIndirectW
GetObjectW
CreateRectRgn
DeleteDC
SetTextColor
SetBkMode
DeleteObject
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
BitBlt
CombineRgn
GdiAlphaBlend
StretchBlt
SetStretchBltMode
PtInRegion

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHChangeNotify
ShellExecuteExW
CommandLineToArgvW
ord680
ShellExecuteW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString
VariantCopy
VariantChangeType
VariantInit
SysAllocStringByteLen
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantClear

shlwapi

StrStrIW
PathFileExistsA
PathAppendW
SHGetValueW
SHSetValueW
PathFileExistsW
SHGetValueA
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
PathCombineW
SHSetValueA
StrToIntExW

comctl32

_TrackMouseEvent
ImageList_Destroy
InitCommonControlsEx
ImageList_GetIconSize

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

winmm

timeBeginPeriod
timeEndPeriod
timeKillEvent
timeSetEvent
timeGetDevCaps

gdiplus

GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipDeletePath
GdipDeleteGraphics
GdipFree
GdipDeleteBrush
GdiplusStartup
GdipCreateSolidFill
GdipCloneBrush
GdipSetPathFillMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipCreateFromHDC
GdipFillRectangle
GdipFillRectangleI
GdipCreatePath
GdipAlloc

setupapi

SetupIterateCabinetW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW

netapi32

Netbios

msimg32

AlphaBlend

Sections

.text
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fef4e3d11a5d52749bf3411b72a90997

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d4:7b:bc:ab:c6:42:54:44:ca:8c:48:93:5f:4b:cf:8d:1f:4c:4e:03Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

winmm

gdiplus

setupapi

wintrust

crypt32

wininet

netapi32

msimg32

Sections

.text Size: 588KB - Virtual size: 587KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 18KB - Virtual size: 29KB

.rsrc Size: 9.4MB - Virtual size: 9.4MB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d4:7b:bc:ab:c6:42:54:44:ca:8c:48:93:5f:4b:cf:8d:1f:4c:4e:03
Signer

.text
Size: 588KB - Virtual size: 587KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 18KB - Virtual size: 29KB

.rsrc
Size: 9.4MB - Virtual size: 9.4MB