271d72945f783f7807cdac1acd1e2950N

Sharing

Copy URL Twitter E-mail

General

Target

271d72945f783f7807cdac1acd1e2950N
Size

2.5MB
MD5

271d72945f783f7807cdac1acd1e2950
SHA1

8668aebd7c71962595bb0496926f0eb2df18dd8b
SHA256

2867fd3dad8044a405917cc308a45dcc5875b68e3a986e2f5016433af95c81fa
SHA512

46ffaae525a0ee235a34498277d158b46a88d31836d7a0bf2adedbd74cd5f24853e175b55d90f0afb9ff6684db9bb9f2ac710d6a05df1fb49272fef8a2c8903a
SSDEEP

49152:lLCMis09NyioTeIh+Aw4DTrTS1UQgIZs26Hb9H:lLC1FNJu9wEHTSng39H

Score

1^/10

Malware Config

Signatures

Files

271d72945f783f7807cdac1acd1e2950N
.dll windows:4 windows x86 arch:x86

bdff09bca5463e84da83474afd84c2db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:8c:82:b2:ef:83:6e:fd:db:41:ed:17:80:2e:8d:c1:75:e1:6b:9f
Signer

Actual PE Digest

ae:8c:82:b2:ef:83:6e:fd:db:41:ed:17:80:2e:8d:c1:75:e1:6b:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins_Trunk\workspace\CEN_Hive_QQPCDownload_ForDCom\qqpcmgr_proj\bin\Release\QQPCDownload.pdb

Imports

ws2_32

htonl
WSCEnumProtocols
WSCInstallProvider
WSCWriteProviderOrder
WSCDeinstallProvider
htons
ntohl

psapi

GetModuleFileNameExW

kernel32

InterlockedDecrement
SetEvent
WaitForSingleObject
RaiseException
WideCharToMultiByte
GetPrivateProfileStringW
DuplicateHandle
CreateEventW
LoadLibraryExW
WritePrivateProfileStringW
GetProcessTimes
SystemTimeToFileTime
OutputDebugStringW
CreateProcessW
SetFilePointer
OpenMutexW
GetFullPathNameW
GetCPInfo
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
HeapFree
SearchPathW
TerminateProcess
SetUnhandledExceptionFilter
ReadProcessMemory
VirtualAllocEx
lstrcpynW
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
CreateRemoteThread
GetExitCodeThread
GetModuleHandleExW
ResumeThread
MapViewOfFile
ReleaseMutex
Module32FirstW
Module32NextW
GetTempPathW
GetExitCodeProcess
MoveFileW
CreateDirectoryW
OpenThread
CreateThread
MoveFileExW
GetTempFileNameW
RemoveDirectoryW
GetSystemDefaultLangID
GetSystemInfo
LoadLibraryA
ResetEvent
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
GetLocalTime
GetModuleFileNameA
FlushInstructionCache
IsDebuggerPresent
TlsFree
PostQueuedCompletionStatus
TlsAlloc
GetQueuedCompletionStatus
TlsSetValue
TlsGetValue
CreateIoCompletionPort
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
VirtualAlloc
VirtualProtectEx
GetThreadContext
SetThreadContext
VirtualFree
CreateFileA
UnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
HeapReAlloc
GetCommandLineA
GetVersionExA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
HeapDestroy
HeapCreate
GetStdHandle
GetCurrentDirectoryA
CompareStringA
CompareStringW
GetVersion
lstrlenA
lstrcmpiW
GetCurrentThreadId
InterlockedExchange
OpenProcess
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
SetLastError
InterlockedCompareExchange
WaitForMultipleObjects
TerminateThread
GetTickCount
LeaveCriticalSection
FreeResource
EnterCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
InitializeCriticalSection
GetCommandLineW
CreateMutexW
SetDllDirectoryW
GetPrivateProfileIntW
InterlockedIncrement
Sleep
IsBadWritePtr
VirtualProtect
GetModuleHandleW
GetSystemDirectoryW
WriteProcessMemory
lstrlenW
GlobalAlloc
GetCurrentProcessId
Process32NextW
Process32FirstW
GetCurrentProcess
CreateToolhelp32Snapshot
GlobalFree
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
WriteFile
ReadFile
GetFileSize
MultiByteToWideChar
DeleteFileW
GetDiskFreeSpaceExW
CopyFileW
FreeLibrary
GetDriveTypeW
GetLogicalDrives
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GetLastError
GetProcAddress
LoadLibraryW
FindResourceW
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
GlobalLock
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
SetEndOfFile
SetEnvironmentVariableA
GetThreadLocale
IsProcessorFeaturePresent
VirtualQueryEx
GetFileAttributesW
ExitProcess

user32

CharUpperW
MsgWaitForMultipleObjects
GetSysColor
GetFocus
GetWindowTextW
GetWindowTextLengthW
EndDialog
GetSystemMenu
SetCapture
LoadIconW
CallNextHookEx
wsprintfW
GetUserObjectInformationW
UnhookWindowsHookEx
CreateDesktopW
CloseDesktop
GetForegroundWindow
EndPaint
BeginPaint
SetWindowTextW
TrackPopupMenu
DestroyIcon
KillTimer
DrawFrameControl
DrawTextW
EqualRect
LoadImageW
GetDlgCtrlID
PtInRect
DrawIconEx
SetTimer
SetCursor
UnregisterClassW
IsWindowVisible
EnumWindows
EnableWindow
GetWindow
MoveWindow
PostMessageW
IsWindowEnabled
SetThreadDesktop
GetWindowThreadProcessId
FindWindowW
FindWindowExW
SetWindowsHookExW
SendMessageTimeoutW
IsIconic
FindWindowA
PostQuitMessage
GetQueueStatus
WaitMessage
CharNextW
DestroyWindow
IsWindow
GetKeyState
GetDesktopWindow
ReleaseDC
GetDC
SetWindowLongW
GetParent
ClientToScreen
GetClientRect
CallWindowProcW
InvalidateRect
GetWindowRect
SystemParametersInfoW
SetActiveWindow
SetWindowPos
DispatchMessageW
MapWindowPoints
DefWindowProcW
ShowWindow
TranslateMessage
RegisterClassExW
GetMessageW
GetWindowLongW
OffsetRect
GetActiveWindow
PeekMessageW
InflateRect
LoadCursorW
GetClassInfoExW
SetRect
SetWindowRgn
CreateWindowExW
GetMonitorInfoW
ReleaseCapture
MsgWaitForMultipleObjectsEx
SendMessageW
CopyRect
MonitorFromWindow
GetDlgItem
MessageBoxW
RegisterWindowMessageW
CopyImage
LoadStringW
UnregisterClassA
PostThreadMessageW

gdi32

SetBkColor
ExtTextOutW
DeleteDC
Rectangle
StretchBlt
CreatePen
CreateRectRgn
CombineRgn
CreateBitmap
SetTextColor
SetRectRgn
OffsetRgn
GetStockObject
GetObjectW
CreateFontIndirectW
BitBlt
CreateDIBSection
SelectObject
DeleteObject
SaveDC
RestoreDC
GetClipRgn
SetBkMode
CreateRectRgnIndirect
GetCurrentObject
CreateSolidBrush
SelectClipRgn
RoundRect
TextOutW
MoveToEx
GetTextExtentPoint32W
LineTo
CreateCompatibleDC
CreateCompatibleBitmap
RectInRegion

advapi32

RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyW
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
StartServiceW
DeleteService
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
QueryServiceStatus

shell32

Shell_NotifyIconW
SHCreateDirectoryExW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CLSIDFromProgID
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoFreeLibrary
CoLoadLibrary
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SysStringLen
SysAllocStringByteLen
VarUI4FromStr
SysAllocString
SysFreeString
SysStringByteLen
VarBstrCmp
OleLoadPicture

shlwapi

PathRemoveFileSpecW
PathCombineW
StrToIntA
PathFileExistsW
PathAppendW
PathRemoveExtensionW
PathAddExtensionW
PathQuoteSpacesW
PathFindFileNameW
PathAddBackslashW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

comctl32

_TrackMouseEvent

gdiplus

GdiplusStartup
GdipGetImageWidth
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetImageHeight
GdiplusShutdown
GdipDeleteGraphics
GdipDisposeImage
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageI
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDrawImageRectI
GdipCreateHBITMAPFromBitmap

rpcrt4

UuidCreate

wininet

InternetOpenW
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetGetConnectedState
InternetCloseHandle

Exports

Exports

CreateTxdlController
EntryPoint
IsSupportNoReName
TxDl_AsyncStartDownload
TxDl_Finalize
TxDl_GetChildLaucherParam
TxDl_GetCurrentLaucherIndex
TxDl_GetLaucher
TxDl_InitDownloadEngine
TxDl_Initialize
TxDl_IsDownloading
TxDl_LoadRoutine
TxDl_Main
TxDl_NotifyQuit
TxDl_RegisterCompleteEvent
TxDl_ReleaseLaucher
Txdl_GetVersion

Sections

.text
Size: 740KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareInj
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Downlaod
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DLLShare
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdff09bca5463e84da83474afd84c2db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ae:8c:82:b2:ef:83:6e:fd:db:41:ed:17:80:2e:8d:c1:75:e1:6b:9fSigner

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

netapi32

comctl32

gdiplus

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 740KB - Virtual size: 738KB

.rdata Size: 144KB - Virtual size: 141KB

.data Size: 112KB - Virtual size: 118KB

ShareInj Size: 4KB - Virtual size: 1KB

Downlaod Size: 28KB - Virtual size: 24KB

DLLShare Size: 4KB - Virtual size: 1KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.vmp0 Size: 48KB - Virtual size: 45KB

.vmp1 Size: 168KB - Virtual size: 166KB

.reloc Size: 36KB - Virtual size: 32KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ae:8c:82:b2:ef:83:6e:fd:db:41:ed:17:80:2e:8d:c1:75:e1:6b:9f
Signer

.text
Size: 740KB - Virtual size: 738KB

.rdata
Size: 144KB - Virtual size: 141KB

.data
Size: 112KB - Virtual size: 118KB

ShareInj
Size: 4KB - Virtual size: 1KB

Downlaod
Size: 28KB - Virtual size: 24KB

DLLShare
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.vmp0
Size: 48KB - Virtual size: 45KB

.vmp1
Size: 168KB - Virtual size: 166KB

.reloc
Size: 36KB - Virtual size: 32KB