× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 50e02704f9d8341a72eccdac2472c5a9347e3671ecd889211b884dbd0bf2e76d
Dateiname: hao123.1.0.0.1111.exe
Erkennungsrate: 7 / 67
Analyse-Datum: 2018-01-07 02:53:41 UTC ( vor 1 Jahr, 3 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
ESET-NOD32 a variant of Win32/Hao123.C potentially unwanted 20180106
Fortinet Riskware/Hao123 20180106
K7AntiVirus Adware ( 004bb0b61 ) 20180106
K7GW Adware ( 004bb0b61 ) 20180106
Malwarebytes Adware.Hao123 20180107
McAfee Adware-Hao123 20180102
McAfee-GW-Edition Adware-Hao123 20180106
Ad-Aware 20180107
AegisLab 20180105
AhnLab-V3 20180106
Alibaba 20180105
ALYac 20180107
Antiy-AVL 20180107
Arcabit 20180107
Avast 20180107
Avast-Mobile 20180105
AVG 20180107
Avira (no cloud) 20180106
AVware 20180103
Baidu 20180105
BitDefender 20180107
Bkav 20180106
CAT-QuickHeal 20180106
ClamAV 20180106
CMC 20180106
Comodo 20180107
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180107
Cyren 20180106
DrWeb 20180107
eGambit 20180107
Emsisoft 20180106
Endgame 20171130
F-Prot 20180107
F-Secure 20180107
GData 20180107
Ikarus 20180106
Sophos ML 20170914
Jiangmin 20180107
Kaspersky 20180107
Kingsoft 20180107
MAX 20180107
Microsoft 20180107
eScan 20180107
NANO-Antivirus 20180107
nProtect 20180107
Palo Alto Networks (Known Signatures) 20180107
Panda 20180106
Qihoo-360 20180107
Rising 20180106
SentinelOne (Static ML) 20171224
Sophos AV 20180107
SUPERAntiSpyware 20180107
Symantec 20180106
Tencent 20180107
TheHacker 20180103
TrendMicro 20180107
TrendMicro-HouseCall 20180107
Trustlook 20180107
VBA32 20180105
VIPRE 20180107
ViRobot 20180106
Webroot 20180107
WhiteArmor 20171226
Yandex 20171229
Zillya 20180105
ZoneAlarm by Check Point 20180107
Zoner 20180107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(C) 2011 Baidu.com。All Rights Reserved.

Product hao123 Desktop Shortcut
Original name hao123.exe
Internal name hao123.exe
File version 1.0.0.111
Description hao123 Desktop Shortcut
Signature verification Signed file, verified signature
Signing date 10:56 AM 11/21/2014
Signers
[+] Beijing baidu Netcom science and technology co.ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 2/27/2012
Valid to 12:59 AM 2/27/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D60C12D1FDB9E45551A00C8815CCD486C043945B
Serial number 56 65 97 19 56 9B E0 7B 77 5A 1B 22 75 E2 D8 3A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-21 09:56:28
Entry Point 0x0006E73B
Number of sections 5
PE sections
Overlays
MD5 4b91a65eddf19670b0c4ee508c03285b
File type data
Offset 1560576
Size 9032
Entropy 7.34
PE imports
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
DeleteService
RegQueryValueExW
CloseServiceHandle
ChangeServiceConfig2W
OpenProcessToken
RegOpenKeyExW
RegOpenKeyW
LookupAccountNameW
RegEnumKeyExW
RegDeleteValueW
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
QueryServiceStatusEx
ChangeServiceConfigW
CertGetNameStringW
GetDeviceCaps
CreateRectRgn
DeleteDC
GetPixel
CombineRgn
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
GetAdaptersInfo
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
RtlZeroMemory
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
DeviceIoControl
InterlockedDecrement
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
FlushViewOfFile
LoadLibraryA
GetVolumeInformationA
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
SetThreadContext
TerminateProcess
SearchPathW
WriteConsoleA
VirtualQuery
GetConsoleMode
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CloseHandle
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetPrivateProfileIntW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindFirstFileA
FindNextFileA
IsValidLocale
GlobalLock
CreateFileMappingW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
CreateProcessW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
GetCurrentThread
SuspendThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
FindNextFileW
EnumSystemLocalesA
GetACP
GetModuleHandleW
FreeResource
FindResourceExW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetRoleTextW
WindowFromAccessibleObject
AccessibleObjectFromEvent
AccessibleObjectFromWindow
GetStateTextW
SysStringByteLen
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
VariantInit
EnumProcesses
GetModuleFileNameExW
NdrOleFree
NdrOleAllocate
SHGetFolderPathW
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathA
ShellExecuteExW
CommandLineToArgvW
PathFileExistsW
SHSetValueW
PathAppendW
SHGetValueW
PathFileExistsA
RegisterWindowMessageW
GetForegroundWindow
SetWindowRgn
UpdateWindow
EndDialog
PostQuitMessage
EnumWindows
DefWindowProcW
FindWindowW
GetMessageW
SetWinEventHook
BroadcastSystemMessageW
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
IsWindow
GetWindowRect
EndPaint
PostMessageA
MoveWindow
DialogBoxParamW
WindowFromPoint
MessageBoxExW
GetWindow
PostMessageW
GetDC
CreateWindowExW
ReleaseDC
BeginPaint
FindWindowA
ShowWindow
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
SetCursor
IsIconic
FindWindowExA
SetTimer
UnhookWinEvent
GetClassNameW
DialogBoxIndirectParamW
GetWindowTextW
LoadCursorW
LoadIconW
FindWindowExW
DispatchMessageW
LoadAcceleratorsW
RegisterClassExW
DestroyWindow
TranslateAcceleratorW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetOpenW
InternetReadFile
InternetCrackUrlW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetGetLastResponseInfoW
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext
WTHelperGetProvCertFromChain
inet_ntoa
htons
inet_addr
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateGuid
CoCreateInstance
Number of PE resources by type
RT_ICON 18
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 25
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.111

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
984576

EntryPoint
0x6e73b

OriginalFileName
hao123.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2011 Baidu.com All Rights Reserved.

FileVersion
1.0.0.111

TimeStamp
2014:11:21 10:56:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hao123.exe

ProductVersion
1.0.0.111

FileDescription
hao123 Desktop Shortcut

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Baidu.com

CodeSize
574976

ProductName
hao123 Desktop Shortcut

ProductVersionNumber
1.0.0.111

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
File identification
MD5 0bea12a5fe4b821a064db591dad69d59
SHA1 0e79bd6410392c6085749e057d59cac119b365a8
SHA256 50e02704f9d8341a72eccdac2472c5a9347e3671ecd889211b884dbd0bf2e76d
ssdeep
12288:3TggloJrK43/TditnXoqcJ1SVk1G+zB9rxjTNO77NSUZ+DH1HNIjlEVprSyAzOtx:3OxjTI77IH1HXVjAzOt3ZZZ

authentihash eb229b4ed7d04653c782bca2924b25f5f0d71e92750e16d62ec92a53c39de1da
imphash 20476b7a76bd32bfe9fbd8c95558f3b8
File size 1.5 MB ( 1569608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-12-19 21:02:36 UTC ( vor 4 Jahre, 4 Monate )
Last submission 2018-07-17 05:00:12 UTC ( vor 9 Monate, 1 Woche )
Dateinamen 0e79bd6410392c6085749e057d59cac119b365a8
hao123.exe
hao123.1.0.0.1111.exe
hao123.1.0.0.1111.exe
hao123.1.0.0.1111.exe
hao123.1.0.0.1111.exe
hao123.1.0.0.1111.exe
hao123.1.0.0.1111.exe
hao123.1.0.0.1111.exe
bdgF549.tmp
bdgD4DB.tmp
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections