× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6ea06f11f7eee56a67f7471ea1a5925209550dc3beb0959228e98b94c5b5f8d
File name: qqintl2.0.exe
Detection ratio: 1 / 45
Analysis date: 2014-01-02 13:21:24 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
NANO-Antivirus Trojan.Win32.Huhk.cqpaux 20140102
AVG 20140102
Ad-Aware 20140102
Agnitum 20140101
AhnLab-V3 20140102
AntiVir 20140102
Antiy-AVL 20140102
Avast 20140102
Baidu-International 20131213
BitDefender 20140102
Bkav 20140102
ByteHero 20131226
CAT-QuickHeal 20140102
ClamAV 20140102
Commtouch 20140102
Comodo 20140102
DrWeb 20140102
ESET-NOD32 20140102
Emsisoft 20140102
F-Prot 20140102
F-Secure 20140102
Fortinet 20140102
GData 20140102
Ikarus 20140102
Jiangmin 20140102
K7AntiVirus 20131231
K7GW 20131231
Kaspersky 20140102
Kingsoft 20130829
Malwarebytes 20140102
McAfee 20140102
McAfee-GW-Edition 20140102
MicroWorld-eScan 20140102
Microsoft 20140102
Norman 20140102
Panda 20140102
Rising 20140102
SUPERAntiSpyware 20131231
Sophos 20140102
Symantec 20140102
TheHacker 20131231
TotalDefense 20140102
TrendMicro 20140102
TrendMicro-HouseCall 20140102
VBA32 20140101
VIPRE 20140102
ViRobot 20140102
nProtect 20140102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) 2013 Tencent All Rights Reserved

Publisher Tencent Technology(Shenzhen) Company Limited
Product QQ International
File version 1.91.1213.0
Description QQ International
Signature verification Signed file, verified signature
Signing date 5:21 AM 8/26/2013
Signers
[+] Tencent Technology(Shenzhen) Company Limited
Status Valid
Valid from 1:00 AM 1/17/2013
Valid to 12:59 AM 2/17/2016
Valid usage Code Signing
Algorithm SHA1
Thumbrint 2FDD445591CD2EEDBEF8B8A281896A59C08B3DC9
Serial number 71 70 BD 93 CF 3F 18 9A E6 45 2B 51 4C 49 34 0E
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-26 04:21:11
Entry Point 0x000A9026
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
GetSecurityDescriptorControl
RegCreateKeyW
OpenServiceW
InitializeAcl
RegEnumKeyW
RegDeleteKeyW
GetAclInformation
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
GetFileSecurityW
QueryServiceStatus
AddAccessAllowedAce
RegOpenKeyExW
SetFileSecurityW
LookupAccountNameW
GetUserNameW
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegDeleteValueW
RegEnumKeyExW
GetLengthSid
GetAce
CreateProcessAsUserW
RegEnumValueW
StartServiceW
RegSetValueExW
OpenSCManagerW
InitializeSecurityDescriptor
EqualSid
ChangeServiceConfigW
AddAce
CertGetNameStringW
GetDeviceCaps
SelectObject
DeleteDC
CreateRectRgn
SetBkMode
OffsetRgn
GetStockObject
CreateFontW
GetTextExtentExPointW
CreateSolidBrush
CombineRgn
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetTextExtentPointW
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
CreateIoCompletionPort
GetDriveTypeA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
SetLastError
CopyFileW
lstrlenW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemDefaultLCID
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
GetFullPathNameW
InterlockedExchangeAdd
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
lstrcmpiW
RtlUnwind
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetProcessHeap
AssignProcessToJobObject
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
WaitForMultipleObjects
GetProcAddress
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetNativeSystemInfo
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
Process32NextW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
GetTempPathW
PostQueuedCompletionStatus
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
CompareStringA
Ord(70)
Ord(195)
Ord(137)
Ord(141)
Ord(88)
Ord(6)
Ord(7)
Ord(2)
Ord(9)
GetModuleFileNameExW
EnumProcessModules
SHGetFolderPathW
SHCreateDirectoryExW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetSpecialFolderPathW
CommandLineToArgvW
PathStripToRootW
PathCombineW
PathIsRelativeW
SHDeleteKeyW
PathFileExistsW
SetFocus
CreateDialogParamW
GetParent
EndPaint
LoadBitmapW
EndDialog
GetMessageW
EnumWindows
DefWindowProcW
ReleaseCapture
KillTimer
GetDlgCtrlID
MapVirtualKeyW
PostQuitMessage
ShowWindow
CallMsgFilterW
SetWindowPos
SetWindowRgn
GetWindowThreadProcessId
SetCursor
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
RegisterClassExW
CallNextHookEx
SetWindowPlacement
CharUpperW
DialogBoxParamW
LoadImageW
MapWindowPoints
GetWindowDC
TranslateMessage
BeginPaint
CharLowerW
PostMessageW
MsgWaitForMultipleObjectsEx
SetDlgItemTextW
DispatchMessageW
GetKeyState
GetCursorPos
ReleaseDC
WaitMessage
TrackMouseEvent
MoveWindow
SendMessageW
UnregisterClassA
GetQueueStatus
DestroyWindow
DrawIconEx
CreateWindowExW
GetWindowPlacement
UnregisterClassW
GetClientRect
GetDlgItem
OffsetRect
SystemParametersInfoW
GetWindow
BringWindowToTop
MessageBoxW
ScreenToClient
SetRect
InvalidateRect
DrawFocusRect
SetTimer
CallWindowProcW
GetClassNameW
IsDialogMessageW
EnableWindow
SetWindowTextW
GetWindowTextW
CheckDlgButton
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetFocus
GetDC
GetWindowLongW
GetDlgItemTextW
DrawTextW
CharNextW
ExitWindowsEx
IsWindowVisible
PtInRect
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
timeEndPeriod
timeGetTime
timeBeginPeriod
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
Ord(12)
Ord(3)
Ord(11)
Ord(23)
Ord(16)
Ord(116)
Ord(4)
Ord(115)
Ord(52)
Ord(19)
Ord(9)
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipLoadImageFromStream
GdipDrawImagePointsI
GdipFree
GdipBitmapGetPixel
GdipGetImageHeight
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipReleaseDC
GdipDrawImageRectRectI
GdipGetImageWidth
GdipDrawImageRectI
GdipDeleteGraphics
GdiplusStartup
GdipCreateBitmapFromStream
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoInitializeEx
Number of PE resources by type
PNG 38
RT_ICON 15
RT_DIALOG 11
XML 6
RT_BITMAP 6
MSI 5
LICENSE 3
RT_GROUP_ICON 3
CFG 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 89
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.91.1213.0

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
54497280

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.91.1213.0

TimeStamp
2013:08:26 05:21:11+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.91.1213.0

FileDescription
QQ International

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2013 Tencent All Rights Reserved

MachineType
Intel 386 or later, and compatibles

CompanyName
Tencent

CodeSize
937984

ProductName
QQ International

ProductVersionNumber
1.91.1213.0

EntryPoint
0xa9026

ObjectFileType
Executable application

File identification
MD5 c579a4195da74068fb763c9c5b9f7e40
SHA1 e9a335b265544a77ae470d6f3a3fca0de25a6cb5
SHA256 e6ea06f11f7eee56a67f7471ea1a5925209550dc3beb0959228e98b94c5b5f8d
ssdeep
1572864:EglLmBlkL9kQA4x9feyPVGjbIbKjHtAD30HLhU:EgsBiE4veYwjbI+8q

File size 52.9 MB ( 55447224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-08-29 17:21:02 UTC ( 7 months, 3 weeks ago )
Last submission 2014-01-02 13:21:24 UTC ( 3 months, 2 weeks ago )
File names QQIntl_1.91.1213.0.exe
qqintl2.0.exe
QQIntl2.0.exe
QQIntl2.0_2.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!