66993eaefcda140138711820898e22065ac06c57911eae5b82e6f4a611e53fb7

Sharing

Copy URL Twitter E-mail

General

Target

66993eaefcda140138711820898e22065ac06c57911eae5b82e6f4a611e53fb7
Size

437KB
MD5

74663498ff80dd120e6578d3d30be910
SHA1

b74fd7c48f53e291782814ca894a26b428fd5ccc
SHA256

66993eaefcda140138711820898e22065ac06c57911eae5b82e6f4a611e53fb7
SHA512

5f551c0ecd5e5caa350bcbd37d602f38ff0031fc7e87cd98e2b08a926c44768125c6908f1db6285fcbc504ce26c2efa6ec6e23ce4aa10ce97c2c6879c64f1c3d
SSDEEP

12288:Lcwk12+ok1mVM10UYc67iQ4g1xmOxgiU0Lu:Lcx12+ok1mG10/h34+keu

Score

N/A

Malware Config

Signatures

Files

66993eaefcda140138711820898e22065ac06c57911eae5b82e6f4a611e53fb7
.exe windows x86

bc524647693a8716bab4c3b76e85e82d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qqmusiccommon

??1CMarkup@@QAE@XZ
??0CMarkup@@QAE@XZ
?GetElemContent@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetData@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?Gbk2W@CQMStrCvt@@SAPA_WPBD@Z
?GetParentFolder@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z
?GetNormalFont@CQQMusicFont@@SAPAVCFont@@XZ
?LoadImageW@qqmusic@@YAHIIHHAAPAX@Z
?IntoElem@CMarkup@@QAE_NXZ
?FindElem@CMarkup@@QAE_NUMCD_CSTR@1@@Z
?OutOfElem@CMarkup@@QAE_NXZ
?GetAppDataFolder@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetExeFolder@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetSkinFolder@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV23@@Z
?IsWindowsVista@qqmusic@@YAHXZ
?DeleteLogFile@qqmusic@@YAXPB_W@Z
?GetFileMainSubVersion@qqmusic@@YAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAI1@Z
?OpenIE@qqmusic@@YAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?Log@qqmusic@@YAXPB_W0ZZ
?InitVersionInfo@qqmusic@@YAHXZ
?SetDoc@CMarkup@@QAE_NABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetFileNameWithoutExtension@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z
?GetTempFolder@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?DeleteFilesWithExtName@qqmusic@@YAXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV?$vector@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V?$allocator@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@std@@@std@@@Z
?LogMemory@qqmusic@@YAXPB_WZZ
?CreateTempFilePath@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@H@Z
?LoadStringW@qqmusic@@YAHIAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetAppVersion@qqmusic@@YAIXZ
?SendBeginDragMessage@qqmusic@@YAXPAUHWND__@@K@Z
?GetFileNameFormPath@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z

qqmusicwidget_mfc

??1CQMDragSupport@@UAE@XZ
?PreTranslateMessage@CQMMouseWheelWithoutFocus@@SAHPAUtagMSG@@@Z
??0CQMDragSupport@@QAE@XZ
?BeginDrag@CQMDragSupport@@IAEXABUQMDragSrcDataList@@K@Z
?GetWebPageItemsClipFormat@qqmusic@@YAGXZ
?PushBackSrcData@CQMDragSupport@@SAXAAUQMDragSrcDataList@@GPAEK@Z
?GiveFeedback@CQMDragSupport@@UAEJK@Z

exceptcatch

?SetExceptionCatcher@@YAXPB_WH@Z

mfc80u

ord282
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord1121
ord2531
ord5562
ord5226
ord558
ord4562
ord746
ord3942
ord1003
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord4535
ord5096
ord2239
ord1007
ord3677
ord3800
ord5579
ord2009
ord2054
ord4320
ord566
ord3824
ord6274
ord757
ord1049
ord1123
ord3795
ord6272
ord5209
ord4008
ord1139
ord4032
ord1079
ord5113
ord5971
ord899
ord6061
ord1118
ord4109
ord6086
ord1908
ord6165
ord1117
ord3327
ord6171
ord2121
ord5118
ord3249
ord5119
ord6159
ord6161
ord557
ord3990
ord745
ord5712
ord1472
ord334
ord860
ord593
ord2260
ord284
ord4101
ord5558
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2640
ord1156
ord2397
ord1030
ord2409
ord2827
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord1031
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord3590
ord572
ord760
ord5210
ord4179
ord6271
ord2132
ord5067
ord1899
ord3678
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord3627
ord6721
ord4480
ord5196
ord1590
ord1646
ord3596
ord1647
ord1955
ord5171
ord1353
ord4961
ord314
ord6751
ord1067
ord567
ord758
ord4743
ord1271
ord347
ord602
ord1270
ord4026
ord354
ord2366
ord605
ord5633
ord3635
ord2255
ord3155
ord2066
ord5727
ord5638
ord3176
ord6033
ord1894
ord4347
ord4256
ord5199
ord766
ord1392
ord5908
ord6720
ord267
ord1542
ord1661
ord1662
ord2011
ord432
ord4884
ord667
ord1925
ord5178
ord6288
ord2901
ord709
ord5623
ord4574
ord1086
ord5322
ord3204
ord2365
ord6063
ord3756
ord2527
ord3712
ord266
ord6700
ord3713
ord3703
ord2638
ord3943
ord4475
ord265
ord4255
ord1479
ord2462
ord5399
ord310
ord297
ord304
ord578
ord781
ord784
ord2262
ord283
ord2263
ord6163
ord3991
ord2261
ord4074
ord2311
ord861
ord1476
ord1178
ord1182
ord762
ord577
ord293
ord774
ord1176
ord280
ord776
ord764
ord581
ord1200
ord1162
ord1087
ord315
ord765
ord1198
ord2379
ord501

msvcr80

fwrite
fread
fseek
ftell
fputs
feof
fgets
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
_wfopen_s
??0exception@std@@QAE@ABQBD@Z
free
_recalloc
calloc
??0exception@std@@QAE@XZ
memmove_s
?what@exception@std@@UBEPBDXZ
tmpfile_s
_rmtmp
fclose
malloc
_purecall
wcsncpy_s
_waccess
_wtoi
__argc
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
??1exception@std@@UAE@XZ
memcpy
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
memcpy_s
memset
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

lstrlenW
CreateMutexW
GetLastError
CloseHandle
ReleaseMutex
lstrlenA
GetProcAddress
GetModuleFileNameW
SizeofResource
GetLocaleInfoA
LoadLibraryExW
FindResourceW
RaiseException
GetThreadLocale
GetVersion
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
LoadResource
GetACP
GetVersionExW
GetModuleHandleW
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
Process32NextW
SetEvent
CreateEventA
CreateFileW
GetFileSize
OpenFileMappingA
ReadFile
UnmapViewOfFile
MapViewOfFile
CreateToolhelp32Snapshot
GetCurrentProcessId
GetPrivateProfileStringW
Process32FirstW
OpenProcess
GetCurrentProcess
SetProcessWorkingSetSize
DeleteFileW
LocalFree
LocalAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemDirectoryW
lstrcmpiW
GetWindowsDirectoryW

user32

GetParent
IsDialogMessageW
GetClassNameW
CharNextW
IsWindow
DrawIcon
RegisterWindowMessageW
GetFocus
GetMenuItemCount
GetWindow
GetWindowTextW
DeleteMenu
InflateRect
GetWindowLongW
IsIconic
SendMessageW
GetSystemMenu
GetSystemMetrics
UnregisterClassA
DestroyIcon
GetDesktopWindow
KillTimer
GetClientRect
SendMessageTimeoutW
MessageBoxW
FindWindowW
SetForegroundWindow
PostMessageW
InsertMenuW
InvalidateRect
SetTimer
EnumWindows
PostQuitMessage
GetWindowThreadProcessId
ShowWindow
EnableWindow

gdi32

CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW

shell32

ShellExecuteExW
ord4
SHGetPathFromIDListW
SHChangeNotify

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW

ole32

CoCreateInstance
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoFreeLibrary
CoLoadLibrary
CoTaskMemFree

oleaut32

VarBstrCmp
SysAllocString
VarUI4FromStr
SysFreeString

msvcp80

?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

ws2_32

inet_addr

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc524647693a8716bab4c3b76e85e82d

Headers

File Characteristics

Imports

qqmusiccommon

qqmusicwidget_mfc

exceptcatch

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

ws2_32

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 256KB - Virtual size: 256KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 256KB - Virtual size: 256KB