× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9200a4eecf93f07855c90cbdefe44620bed8b04a3720d09cee69247382282a0e
File name: qq2013sp3.exe
Detection ratio: 0 / 46
Analysis date: 2013-11-01 10:17:29 UTC ( 5 months, 2 weeks ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20131101
Agnitum 20131101
AhnLab-V3 20131031
AntiVir 20131101
Antiy-AVL 20131101
Avast 20131101
Baidu-International 20131101
BitDefender 20131101
Bkav 20131101
ByteHero 20131028
CAT-QuickHeal 20131101
ClamAV 20131101
Commtouch 20131101
Comodo 20131101
DrWeb 20131101
ESET-NOD32 20131101
Emsisoft 20131101
F-Prot 20131101
F-Secure 20131101
Fortinet 20131101
GData 20131101
Ikarus 20131101
Jiangmin 20131101
K7AntiVirus 20131031
K7GW 20131031
Kaspersky 20131101
Kingsoft 20130829
Malwarebytes 20131101
McAfee 20131101
McAfee-GW-Edition 20131101
MicroWorld-eScan 20131028
Microsoft 20131101
NANO-Antivirus 20131101
Norman 20131101
Panda 20131031
Rising 20131101
SUPERAntiSpyware 20131101
Sophos 20131101
Symantec 20131101
TheHacker 20131029
TotalDefense 20131101
TrendMicro 20131101
TrendMicro-HouseCall 20131101
VBA32 20131101
VIPRE 20131101
ViRobot 20131101
nProtect 20131101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) 2013 Tencent. All Rights Reserved

Publisher Tencent Technology(Shenzhen) Company Limited
Product QQ2013
File version 1.98.8557.0
Description QQ2013
Signature verification Signed file, verified signature
Signing date 9:08 AM 10/15/2013
Signers
[+] Tencent Technology(Shenzhen) Company Limited
Status Valid
Valid from 1:00 AM 1/17/2013
Valid to 12:59 AM 2/17/2016
Valid usage Code Signing
Algorithm SHA1
Thumbrint 2FDD445591CD2EEDBEF8B8A281896A59C08B3DC9
Serial number 71 70 BD 93 CF 3F 18 9A E6 45 2B 51 4C 49 34 0E
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-15 08:07:38
Entry Point 0x000B41D7
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCreateKeyExW
RegCloseKey
CopySid
RegQueryValueExA
AccessCheck
RegCreateKeyW
OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
GetNamedSecurityInfoW
OpenProcessToken
RegEnumKeyW
QueryServiceStatus
DuplicateToken
RegOpenKeyExW
RegOpenKeyExA
CreateServiceW
GetTokenInformation
CloseServiceHandle
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegEnumKeyExA
CreateProcessAsUserW
RegEnumValueW
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
CheckTokenMembership
QueryServiceStatusEx
ChangeServiceConfigW
SetNamedSecurityInfoW
CertGetNameStringW
GetDeviceCaps
SelectObject
DeleteDC
CreateRectRgn
SetBkMode
OffsetRgn
GetStockObject
CreateFontW
GetTextExtentExPointW
CreateSolidBrush
CombineRgn
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetTextExtentPointW
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
CreateIoCompletionPort
GetDriveTypeA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
FindResourceExW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
WritePrivateProfileStringW
SetLastError
DeviceIoControl
CopyFileW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
lstrcmpiW
QueryPerformanceFrequency
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
GetFullPathNameW
InterlockedExchangeAdd
CreateThread
MoveFileExW
GetSystemDirectoryW
DeleteCriticalSection
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetProcessHeap
AssignProcessToJobObject
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
SetEvent
GetTempPathW
GetModuleFileNameA
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetNativeSystemInfo
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
Process32NextW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
WriteFile
PostQueuedCompletionStatus
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
GetOEMCP
CompareStringA
Ord(92)
Ord(159)
Ord(141)
Ord(88)
Ord(70)
Ord(195)
Ord(118)
Ord(32)
Ord(8)
Ord(137)
Ord(160)
Ord(6)
Ord(7)
Ord(2)
Ord(9)
GetModuleFileNameExW
EnumProcessModules
SHGetFolderPathW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetSpecialFolderPathW
CommandLineToArgvW
PathStripToRootW
PathCombineW
PathAppendW
SHDeleteKeyW
PathFileExistsW
MapWindowPoints
CreateDialogParamW
GetParent
CharLowerW
LoadBitmapW
EndDialog
BeginPaint
SetClassLongW
OffsetRect
DefWindowProcW
ReleaseCapture
KillTimer
GetDlgCtrlID
TrackMouseEvent
PostQuitMessage
ShowWindow
CallMsgFilterW
GetMessageW
SetWindowPos
SetWindowRgn
GetWindowThreadProcessId
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EndPaint
SetWindowPlacement
MoveWindow
DialogBoxParamW
LoadImageW
GetFocus
GetWindowDC
TranslateMessage
CreateWindowExW
GetWindow
PostMessageW
MsgWaitForMultipleObjectsEx
SetDlgItemTextW
DispatchMessageW
GetKeyState
GetCursorPos
ReleaseDC
WaitMessage
SendMessageW
UnregisterClassA
GetQueueStatus
DestroyWindow
GetWindowLongW
DrawIconEx
IsWindowVisible
GetWindowPlacement
UnregisterClassW
GetClientRect
GetDlgItem
SystemParametersInfoW
BringWindowToTop
MessageBoxW
ScreenToClient
SetRect
CharNextW
CallNextHookEx
EnumWindows
DrawFocusRect
SetTimer
CharUpperW
GetClassNameW
InvalidateRect
IsDialogMessageW
EnableWindow
SetWindowTextW
GetWindowTextW
CheckDlgButton
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
MapVirtualKeyW
GetDC
RegisterClassExW
GetDlgItemTextW
DrawTextW
PtInRect
ExitWindowsEx
SetFocus
SetCursor
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
timeEndPeriod
timeGetTime
timeBeginPeriod
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
Ord(12)
Ord(3)
Ord(11)
Ord(23)
Ord(21)
Ord(16)
Ord(116)
Ord(4)
Ord(115)
Ord(52)
Ord(19)
Ord(9)
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipLoadImageFromStream
GdipDrawImagePointsI
GdipDisposeImage
GdipBitmapGetPixel
GdipGetImageHeight
GdipAlloc
GdipFree
GdipCloneImage
GdipReleaseDC
GdipDrawImageRectRectI
GdipGetImageWidth
GdipDeleteGraphics
GdiplusStartup
GdipCreateBitmapFromStream
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
Number of PE resources by type
PNG 38
RT_ICON 15
RT_DIALOG 10
XML 6
RT_BITMAP 6
MSI 5
RT_GROUP_ICON 3
LICENSE 2
CFG 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 87
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.98.8557.0

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
58966016

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.98.8557.0

TimeStamp
2013:10:15 09:07:38+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.98.8557.0

FileDescription
QQ2013

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2013 Tencent. All Rights Reserved

MachineType
Intel 386 or later, and compatibles

CompanyName
Tencent

CodeSize
999424

ProductName
QQ2013

ProductVersionNumber
1.98.8557.0

EntryPoint
0xb41d7

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 8725ed60cacfa88cce48e80059b7a8bd
SHA1 edb0db6d7d26c31523441b72f30032332923a5a8
SHA256 9200a4eecf93f07855c90cbdefe44620bed8b04a3720d09cee69247382282a0e
ssdeep
1572864:Sjk2TsnL8eUjCQiF/P2PDfLib2m0zmXgaXlThQo:EsLDCCdNPGA2mv/

File size 57.2 MB ( 59977400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-10-25 08:13:03 UTC ( 5 months, 3 weeks ago )
Last submission 2013-11-01 10:17:29 UTC ( 5 months, 2 weeks ago )
File names QQ2013SP3_1.98.8557.0.exe
qq2013sp3.exe
QQ2013SP3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!