qqo0sk[.]tar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

qqo0sk.tar
Size

373KB
MD5

f87302b39fcf6c96995e1ceba8ae45c7
SHA1

8035dbe38ab7cba944ec9435dcf5e6089fa80440
SHA256

5318e37342a182a4e56633079a85c630ac8a0ce43b3567d2b00d3b6d2355d91d
SHA512

25d09ce2215c55f41c57e28c63f219f2081a712d20e4aec1985e42eb001dfb61556c8013c1e8173129602e26273c08d814cb59052b424bc4e860c22e3d427488
SSDEEP

6144:iazDDMR7/G47LrVk7gGKLtfV55dgbjPdU1eSWbj8:iiAR7/GkOnkttGdU1el8

Score

N/A

Malware Config

Signatures

Files

qqo0sk.tar
.dll windows x86

5383492b5e907d0dc6a11002282063a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
CreateFileW
GetVolumeInformationW
GetSystemTime
OpenProcess
GetVersionExW
GetModuleHandleW
GetDateFormatW
LockResource
VirtualProtect
Sleep
GetCurrentDirectoryW
FindFirstChangeNotificationW
VirtualProtectEx
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
HeapSize
LoadLibraryA
CreateFileA
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
HeapFree
WideCharToMultiByte
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
RtlUnwind
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

tapi32

lineAccept
lineClose
lineOpenW
lineTranslateAddressW
lineShutdown
lineInitializeExW
lineTranslateDialogW

Exports

Exports

Cutmass
Middlewall

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5383492b5e907d0dc6a11002282063a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

version

tapi32

Exports

Exports

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 372KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 372KB

.reloc
Size: 8KB - Virtual size: 7KB