4f133794560d5e13d6552d00390eb46bf1fbafb7b8f2be6a88859733b8db3e21N

Sharing

Copy URL Twitter E-mail

General

Target

4f133794560d5e13d6552d00390eb46bf1fbafb7b8f2be6a88859733b8db3e21N
Size

2.9MB
MD5

205309f1332e744e223b10c930aea380
SHA1

8d52a3cdad4734e6afa15d5ad9f0cf1d1024293d
SHA256

4f133794560d5e13d6552d00390eb46bf1fbafb7b8f2be6a88859733b8db3e21
SHA512

408867f052904d7dad4925ecab3b53d00efa6e03a157bddd6c331c791dee28ec11c23222fbb9026e79a5da3812ba7018e00c60ed9f974c04e5ef9829c64c9a11
SSDEEP

49152:EpIe9AF8+T/kMOAwZHKg7lt/e+QgIZgeg:Ept9I8iNwxKQX/e3gd

Score

1^/10

Malware Config

Signatures

Files

4f133794560d5e13d6552d00390eb46bf1fbafb7b8f2be6a88859733b8db3e21N
.dll windows:4 windows x86 arch:x86

35b31b62a11d51ff33e2cd8afa098c9d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:3e:4c:7d:0d:30:6e:1a:6e:b8:75:db:19:0a:5d:3a:b2:ac:aa:68
Signer

Actual PE Digest

af:3e:4c:7d:0d:30:6e:1a:6e:b8:75:db:19:0a:5d:3a:b2:ac:aa:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins_Trunk\workspace\CEN_Hive_QQPCDownload_ForDCom\qqpcmgr_proj\bin\Release\QQPCDownload.pdb

Imports

ws2_32

htonl
WSCEnumProtocols
WSCInstallProvider
WSCWriteProviderOrder
WSCDeinstallProvider
htons
ntohl

psapi

GetModuleFileNameExW

kernel32

WaitForMultipleObjects
InterlockedCompareExchange
GetVersion
InterlockedExchange
SetEvent
WaitForSingleObject
lstrlenA
DuplicateHandle
CreateEventW
WritePrivateProfileStringW
GetCurrentThread
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
CreateProcessW
SetFilePointer
OpenMutexW
GetFullPathNameW
GetCPInfo
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
TerminateProcess
SetUnhandledExceptionFilter
ReadProcessMemory
VirtualAllocEx
lstrcpynW
HeapAlloc
GetProcessHeap
HeapFree
SearchPathW
GetSystemTimeAsFileTime
ReleaseMutex
MapViewOfFile
Module32FirstW
Module32NextW
GetLocalTime
GetTempPathW
MoveFileW
GetExitCodeProcess
CreateDirectoryW
OpenThread
MoveFileExW
CreateThread
CreateRemoteThread
GetExitCodeThread
ResumeThread
GetModuleHandleExW
GetLogicalDriveStringsW
OpenEventW
IsBadReadPtr
RemoveDirectoryW
GetTempFileNameW
LoadLibraryA
GetSystemInfo
GetSystemDefaultLangID
VirtualQuery
ResetEvent
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
TerminateThread
IsDebuggerPresent
GetQueuedCompletionStatus
CreateIoCompletionPort
TlsGetValue
TlsFree
PostQueuedCompletionStatus
TlsAlloc
TlsSetValue
FindNextFileW
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
VirtualAlloc
VirtualProtectEx
GetThreadContext
SetThreadContext
VirtualFree
GlobalLock
CreateFileA
UnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
HeapReAlloc
GetCommandLineA
GetVersionExA
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
HeapSize
HeapDestroy
HeapCreate
GetStdHandle
GetCurrentDirectoryA
CompareStringA
CompareStringW
lstrcmpiW
GetCurrentThreadId
OpenProcess
SetLastError
GetCommandLineW
SetDllDirectoryW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
GetTickCount
GetPrivateProfileIntW
LeaveCriticalSection
FreeResource
EnterCriticalSection
GetPrivateProfileStringW
DeleteCriticalSection
LoadLibraryExW
WideCharToMultiByte
FreeEnvironmentStringsA
RaiseException
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
InitializeCriticalSection
CreateMutexW
FlushInstructionCache
InterlockedDecrement
InterlockedIncrement
Sleep
IsBadWritePtr
VirtualProtect
GetModuleHandleW
GetSystemDirectoryW
WriteProcessMemory
lstrlenW
GlobalAlloc
GetCurrentProcessId
Process32NextW
Process32FirstW
GetCurrentProcess
CreateToolhelp32Snapshot
GlobalFree
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
WriteFile
ReadFile
GetFileSize
MultiByteToWideChar
DeleteFileW
GetDiskFreeSpaceExW
CopyFileW
FreeLibrary
GetDriveTypeW
GetLogicalDrives
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GetLastError
GetProcAddress
LoadLibraryW
FindResourceW
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
VirtualQueryEx
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDriveTypeA
SetEndOfFile
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetThreadLocale
ExitProcess
GetFileAttributesW
SuspendThread

user32

MsgWaitForMultipleObjects
GetSysColor
GetFocus
GetWindowTextW
GetWindowTextLengthW
EndDialog
SetCursor
CharUpperW
SetWindowsHookExW
SendMessageTimeoutW
CallNextHookEx
GetUserObjectInformationW
CreateDesktopW
UnhookWindowsHookEx
CloseDesktop
ReleaseCapture
IsWindowVisible
GetSystemMenu
SetCapture
LoadIconW
EndPaint
BeginPaint
SetWindowTextW
TrackPopupMenu
DestroyIcon
KillTimer
DrawFrameControl
DrawTextW
EqualRect
GetDlgCtrlID
PtInRect
GetQueueStatus
PostThreadMessageW
SetTimer
EnumWindows
EnableWindow
GetKeyState
MoveWindow
PostMessageW
SetThreadDesktop
GetForegroundWindow
SetWinEventHook
GetWindowThreadProcessId
FindWindowW
FindWindowExW
wsprintfW
IsIconic
FindWindowA
UnregisterClassW
MsgWaitForMultipleObjectsEx
PostQuitMessage
SetWindowLongW
IsWindowEnabled
CharNextW
DestroyWindow
CallWindowProcW
IsWindow
SetActiveWindow
GetDesktopWindow
DefWindowProcW
MapWindowPoints
ReleaseDC
GetWindowLongW
GetActiveWindow
GetDC
GetParent
ClientToScreen
GetClientRect
InvalidateRect
GetWindowRect
SystemParametersInfoW
SetWindowPos
DispatchMessageW
CreateWindowExW
SetWindowRgn
ShowWindow
TranslateMessage
RegisterClassExW
GetMessageW
OffsetRect
PeekMessageW
InflateRect
LoadCursorW
GetClassInfoExW
SetRect
GetWindow
DrawIconEx
WaitMessage
GetMonitorInfoW
SendMessageW
CopyRect
MonitorFromWindow
GetDlgItem
MessageBoxW
RegisterWindowMessageW
CopyImage
LoadStringW
UnregisterClassA
LoadImageW

gdi32

SetBkColor
ExtTextOutW
DeleteDC
StretchBlt
CreatePen
CreateRectRgn
CombineRgn
CreateBitmap
SetTextColor
Rectangle
GetStockObject
GetObjectW
CreateFontIndirectW
SetRectRgn
BitBlt
OffsetRgn
CreateDIBSection
SelectObject
DeleteObject
RoundRect
TextOutW
GetClipRgn
SelectClipRgn
GetCurrentObject
CreateSolidBrush
MoveToEx
GetTextExtentPoint32W
LineTo
RectInRegion
SetBkMode
CreateRectRgnIndirect
SaveDC
CreateCompatibleDC
CreateCompatibleBitmap
RestoreDC

advapi32

RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
RegQueryInfoKeyW
StartServiceW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle

shell32

SHCreateDirectoryExW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoFreeLibrary
CoLoadLibrary
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

SysAllocStringLen
VarBstrCmp
SysStringLen
SysAllocStringByteLen
SysAllocString
VarUI4FromStr
SysFreeString
SysStringByteLen
OleLoadPicture

shlwapi

PathRemoveExtensionW
PathCombineW
PathAddExtensionW
PathFileExistsW
PathRemoveFileSpecW
StrToIntA
PathAppendW
PathQuoteSpacesW
PathFindFileNameW
PathUnquoteSpacesW
PathAddBackslashW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

comctl32

_TrackMouseEvent

gdiplus

GdipCreateImageAttributes
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipGetImageHeight
GdipDisposeImageAttributes
GdipDeleteGraphics
GdipDisposeImage
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageI
GdipCreateFromHDC
GdipDrawImageRectRectI
GdiplusShutdown
GdipSetImageAttributesColorMatrix
GdipDrawImageRectI

rpcrt4

UuidCreate

wininet

InternetOpenUrlW
InternetGetConnectedState
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenW

Exports

Exports

CreateTxdlController
EntryPoint
IsSupportNoReName
TxDl_AsyncStartDownload
TxDl_Finalize
TxDl_GetChildLaucherParam
TxDl_GetCurrentLaucherIndex
TxDl_GetLaucher
TxDl_InitDownloadEngine
TxDl_Initialize
TxDl_IsDownloading
TxDl_LoadRoutine
TxDl_Main
TxDl_NotifyQuit
TxDl_RegisterCompleteEvent
TxDl_ReleaseLaucher
Txdl_GetVersion

Sections

.text
Size: 780KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareInj
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Downlaod
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DLLShare
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EventHoo
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35b31b62a11d51ff33e2cd8afa098c9d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

af:3e:4c:7d:0d:30:6e:1a:6e:b8:75:db:19:0a:5d:3a:b2:ac:aa:68Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

netapi32

comctl32

gdiplus

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 780KB - Virtual size: 776KB

.rdata Size: 168KB - Virtual size: 165KB

.data Size: 112KB - Virtual size: 119KB

ShareInj Size: 4KB - Virtual size: 1KB

Downlaod Size: 28KB - Virtual size: 24KB

DLLShare Size: 4KB - Virtual size: 1KB

EventHoo Size: 4KB - Virtual size: 1KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.vmp0 Size: 52KB - Virtual size: 49KB

.vmp1 Size: 36KB - Virtual size: 35KB

.reloc Size: 36KB - Virtual size: 35KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

af:3e:4c:7d:0d:30:6e:1a:6e:b8:75:db:19:0a:5d:3a:b2:ac:aa:68
Signer

.text
Size: 780KB - Virtual size: 776KB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 112KB - Virtual size: 119KB

ShareInj
Size: 4KB - Virtual size: 1KB

Downlaod
Size: 28KB - Virtual size: 24KB

DLLShare
Size: 4KB - Virtual size: 1KB

EventHoo
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.vmp0
Size: 52KB - Virtual size: 49KB

.vmp1
Size: 36KB - Virtual size: 35KB

.reloc
Size: 36KB - Virtual size: 35KB