79da8856f3f1faf28d1adca7da7fe2c7c7754f6e1a5f91673e71db97e2c66f95

Sharing

Copy URL

Twitter E-mail

General

Target

79da8856f3f1faf28d1adca7da7fe2c7c7754f6e1a5f91673e71db97e2c66f95
Size

2.7MB
MD5

df4a2742d874498c7a34f9d284956c84
SHA1

8f6ea6588f2e14d9f9796e6d983bf44aac21cbdb
SHA256

79da8856f3f1faf28d1adca7da7fe2c7c7754f6e1a5f91673e71db97e2c66f95
SHA512

1287157a17369e5ff30f357b6bebc844313aa23294dadb739a7f12a093297f38d843f6ea6bdb4955c83d358fe63e3714a7d43d1fa067368557d61d77d122c031
SSDEEP

49152:b/oRRQyq8T28Sv5Tf3oeNoAwoEO70O5izhQgIZL/yuxwYb:b/ovbqmENzwXO70IizegoyIb

Score

1^/10

Malware Config

Signatures

Files

79da8856f3f1faf28d1adca7da7fe2c7c7754f6e1a5f91673e71db97e2c66f95
.dll windows:4 windows x86 arch:x86

4513aaafed40092d5640fe00a10994cb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:f2:bc:14:14:fe:5d:30:16:33:d6:b7:dd:01:b6:af:dc:a6:40:4e
Signer

Actual PE Digest

6b:f2:bc:14:14:fe:5d:30:16:33:d6:b7:dd:01:b6:af:dc:a6:40:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins_Trunk\workspace\CEN_Hive_QQPCDownload_ForDCom\qqpcmgr_proj\bin\Release\QQPCDownload.pdb

Imports

ws2_32

htonl
WSCEnumProtocols
WSCInstallProvider
WSCWriteProviderOrder
WSCDeinstallProvider
htons
ntohl

psapi

GetModuleFileNameExW

kernel32

GetTickCount
TerminateThread
WaitForMultipleObjects
SetLastError
OpenProcess
InterlockedCompareExchange
GetCurrentThreadId
lstrcmpiW
InterlockedExchange
WritePrivateProfileStringW
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
GetCurrentThread
GetProcessTimes
SystemTimeToFileTime
OutputDebugStringW
CreateProcessW
SetFilePointer
OpenMutexW
GetFullPathNameW
GetCPInfo
HeapAlloc
GetProcessHeap
HeapFree
SearchPathW
TerminateProcess
SetUnhandledExceptionFilter
ReadProcessMemory
VirtualAllocEx
lstrcpynW
GetSystemTimeAsFileTime
GetLocalTime
GetTempPathW
MoveFileW
GetExitCodeProcess
CreateDirectoryW
MoveFileExW
OpenThread
CreateThread
CreateRemoteThread
OpenEventW
GetExitCodeThread
GetModuleHandleExW
ResumeThread
ReleaseMutex
MapViewOfFile
Module32FirstW
Module32NextW
GetTempFileNameW
RemoveDirectoryW
GetSystemDefaultLangID
GetSystemInfo
VirtualQuery
LoadLibraryA
ResetEvent
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
GetModuleFileNameA
LeaveCriticalSection
IsDebuggerPresent
TlsFree
PostQueuedCompletionStatus
TlsAlloc
TlsSetValue
GetQueuedCompletionStatus
CreateIoCompletionPort
TlsGetValue
LocalFileTimeToFileTime
SetFileTime
GetCurrentDirectoryW
VirtualAlloc
VirtualProtectEx
GetThreadContext
SetThreadContext
VirtualFree
GlobalLock
CreateFileA
UnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapReAlloc
ExitThread
GetCommandLineA
GetVersionExA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
HeapDestroy
HeapCreate
GetStdHandle
GetCurrentDirectoryA
GetTimeZoneInformation
GetConsoleCP
FreeResource
EnterCriticalSection
DeleteCriticalSection
GetCommandLineW
SetDllDirectoryW
InitializeCriticalSection
GetConsoleMode
CompareStringA
CompareStringW
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
CreateMutexW
GetPrivateProfileIntW
LoadLibraryExW
GetPrivateProfileStringW
CreateEventW
DuplicateHandle
WideCharToMultiByte
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WaitForSingleObject
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetEvent
FlushInstructionCache
InterlockedDecrement
lstrlenA
GetVersion
InterlockedIncrement
Sleep
IsBadWritePtr
VirtualProtect
GetModuleHandleW
GetSystemDirectoryW
WriteProcessMemory
lstrlenW
GlobalAlloc
GetCurrentProcessId
Process32NextW
Process32FirstW
GetCurrentProcess
CreateToolhelp32Snapshot
GlobalFree
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
WriteFile
ReadFile
GetFileSize
MultiByteToWideChar
DeleteFileW
GetDiskFreeSpaceExW
CopyFileW
FreeLibrary
GetDriveTypeW
GetLogicalDrives
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GetLastError
GetProcAddress
LoadLibraryW
FindResourceW
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
VirtualQueryEx
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
SetEndOfFile
SetEnvironmentVariableA
GetThreadLocale
IsProcessorFeaturePresent
ExitProcess
GetFileAttributesW
SuspendThread

user32

MsgWaitForMultipleObjects
GetFocus
GetWindowTextW
GetWindowTextLengthW
GetSysColor
EndDialog
BeginPaint
SetWindowTextW
CharUpperW
CreateDesktopW
SetWinEventHook
CloseDesktop
UnhookWindowsHookEx
SetThreadDesktop
GetForegroundWindow
GetWindowThreadProcessId
TrackPopupMenu
DestroyIcon
KillTimer
DrawFrameControl
DrawTextW
EqualRect
LoadImageW
GetDlgCtrlID
PtInRect
DrawIconEx
PostThreadMessageW
SetTimer
ReleaseCapture
IsWindowVisible
GetSystemMenu
UnregisterClassW
LoadIconW
EndPaint
EnumWindows
IsWindow
GetDesktopWindow
SetWindowLongW
ReleaseDC
FindWindowW
FindWindowExW
wsprintfW
SetWindowsHookExW
SendMessageTimeoutW
CallNextHookEx
GetUserObjectInformationW
IsIconic
FindWindowA
PostQuitMessage
GetQueueStatus
WaitMessage
GetDC
CallWindowProcW
GetParent
ClientToScreen
SetActiveWindow
GetClientRect
DefWindowProcW
InvalidateRect
MapWindowPoints
GetWindowRect
SystemParametersInfoW
GetWindowLongW
SetWindowPos
DispatchMessageW
GetActiveWindow
ShowWindow
TranslateMessage
RegisterClassExW
GetMessageW
OffsetRect
PeekMessageW
InflateRect
LoadCursorW
CreateWindowExW
GetClassInfoExW
SetWindowRgn
SetRect
GetMonitorInfoW
SendMessageW
CopyRect
MonitorFromWindow
GetDlgItem
RegisterWindowMessageW
GetWindow
EnableWindow
SetCapture
MsgWaitForMultipleObjectsEx
MoveWindow
PostMessageW
IsWindowEnabled
CharNextW
DestroyWindow
MessageBoxW
GetKeyState
CopyImage
LoadStringW
UnregisterClassA
SetCursor

gdi32

DeleteObject
CreateCompatibleBitmap
SelectObject
SetBkColor
ExtTextOutW
DeleteDC
StretchBlt
CreatePen
CreateRectRgn
Rectangle
CombineRgn
CreateBitmap
SetTextColor
SetRectRgn
GetStockObject
OffsetRgn
GetObjectW
CreateCompatibleDC
BitBlt
CreateRectRgnIndirect
SaveDC
RestoreDC
RectInRegion
SetBkMode
CreateSolidBrush
GetCurrentObject
GetClipRgn
SelectClipRgn
RoundRect
TextOutW
MoveToEx
GetTextExtentPoint32W
CreateFontIndirectW
CreateDIBSection
LineTo

advapi32

RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyW
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
StartServiceW
DeleteService
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
QueryServiceStatus

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromProgID
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoFreeLibrary
CoLoadLibrary
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysStringLen
SysStringByteLen
SysAllocString
VarUI4FromStr
SysFreeString
SysAllocStringByteLen
VarBstrCmp
OleLoadPicture

shlwapi

PathAppendW
PathCombineW
PathRemoveExtensionW
PathFileExistsW
PathAddExtensionW
PathRemoveFileSpecW
StrToIntA
PathQuoteSpacesW
PathFindFileNameW
PathUnquoteSpacesW
PathAddBackslashW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

comctl32

_TrackMouseEvent

gdiplus

GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImageAttributes
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC

rpcrt4

UuidCreate

wininet

InternetOpenUrlW
InternetGetConnectedState
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenW

Exports

Exports

CreateTxdlController
EntryPoint
IsSupportNoReName
TxDl_AsyncStartDownload
TxDl_Finalize
TxDl_GetChildLaucherParam
TxDl_GetCurrentLaucherIndex
TxDl_GetLaucher
TxDl_InitDownloadEngine
TxDl_Initialize
TxDl_IsDownloading
TxDl_LoadRoutine
TxDl_Main
TxDl_NotifyQuit
TxDl_RegisterCompleteEvent
TxDl_ReleaseLaucher
Txdl_GetVersion

Sections

.text
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareInj
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Downlaod
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DLLShare
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EventHoo
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4513aaafed40092d5640fe00a10994cb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6b:f2:bc:14:14:fe:5d:30:16:33:d6:b7:dd:01:b6:af:dc:a6:40:4eSigner

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

netapi32

comctl32

gdiplus

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 756KB - Virtual size: 755KB

.rdata Size: 152KB - Virtual size: 148KB

.data Size: 112KB - Virtual size: 118KB

ShareInj Size: 4KB - Virtual size: 1KB

Downlaod Size: 28KB - Virtual size: 24KB

DLLShare Size: 4KB - Virtual size: 1KB

EventHoo Size: 4KB - Virtual size: 1KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.vmp0 Size: 48KB - Virtual size: 47KB

.vmp1 Size: 148KB - Virtual size: 144KB

.reloc Size: 36KB - Virtual size: 34KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6b:f2:bc:14:14:fe:5d:30:16:33:d6:b7:dd:01:b6:af:dc:a6:40:4e
Signer

.text
Size: 756KB - Virtual size: 755KB

.rdata
Size: 152KB - Virtual size: 148KB

.data
Size: 112KB - Virtual size: 118KB

ShareInj
Size: 4KB - Virtual size: 1KB

Downlaod
Size: 28KB - Virtual size: 24KB

DLLShare
Size: 4KB - Virtual size: 1KB

EventHoo
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.vmp0
Size: 48KB - Virtual size: 47KB

.vmp1
Size: 148KB - Virtual size: 144KB

.reloc
Size: 36KB - Virtual size: 34KB