a79f1f1b3505f6c630b83b86e60bee9b4e8a6efbf3271c9742d7daff536d7c57

Sharing

Copy URL

Twitter E-mail

General

Target

a79f1f1b3505f6c630b83b86e60bee9b4e8a6efbf3271c9742d7daff536d7c57
Size

324KB
MD5

921923b20d09ec38a7cdc06b2f4e77a1
SHA1

53d813f4838b7a834400223bdfa5caaeb3612701
SHA256

a79f1f1b3505f6c630b83b86e60bee9b4e8a6efbf3271c9742d7daff536d7c57
SHA512

facde8af541917cd7873dc4fee0479098d1ae646a2b75f3fb2a0cf57abf437868cb9a6a2832357c03734dbe801f85e5fcfb915fc89eb02654b73f43eba68dce5
SSDEEP

6144:LeCH6t8EEsdXcJl6bnzHPiYdOlP6V+RjbwJENpEea:dlO3ujbIEEz

Score

N/A

Malware Config

Signatures

Files

a79f1f1b3505f6c630b83b86e60bee9b4e8a6efbf3271c9742d7daff536d7c57
.dll windows x86

99e4d1fb815a4f1f069b605f8f98f85e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qtcore4

?convertSeparators@QDir@@SA?AVQString@@ABV2@@Z
?toStdWString@QString@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?event@QObject@@UAE_NPAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?fromUtf16@QString@@SA?AV1@PBGH@Z
??0QFile@@QAE@ABVQString@@@Z
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??0QTextStream@@QAE@PAVQIODevice@@@Z
?setCodec@QTextStream@@QAEXPBD@Z
?setGenerateByteOrderMark@QTextStream@@QAEX_N@Z
??6QTextStream@@QAEAAV0@ABVQString@@@Z
??6QTextStream@@QAEAAV0@PBD@Z
?section@QString@@QBE?AV1@ABV1@HHV?$QFlags@W4SectionFlag@QString@@@@@Z
?mid@QString@@QBE?AV1@HH@Z
?replace@QString@@QAEAAV1@ABV1@0W4CaseSensitivity@Qt@@@Z
?close@QFile@@UAEXXZ
??1QTextStream@@UAE@XZ
??1QFile@@UAE@XZ
?append@QListData@@QAEPAPAXXZ
?detach@QListData@@QAEPAUData@1@XZ
?qFree@@YAXPAX@Z
?continueFreeData@QMapData@@QAEXH@Z
?disconnectNotify@QObject@@MAEXPBD@Z
?connectNotify@QObject@@MAEXPBD@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?translate@QCoreApplication@@SA?AVQString@@PBD00W4Encoding@1@@Z
?append@QString@@QAEAAV1@ABV1@@Z
?fromAscii@QString@@SA?AV1@PBDH@Z
?fromStdWString@QString@@SA?AV1@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??4QString@@QAEAAV0@ABV0@@Z
??8QString@@QBE_NPBD@Z
?exists@QFile@@SA_NABVQString@@@Z
??9QString@@QBE_NPBD@Z
?node_create@QMapData@@QAEPAUNode@1@QAPAU21@H@Z
??MQString@@QBE_NABV0@@Z
?createData@QMapData@@SAPAU1@XZ
?toLower@QString@@QBE?AV1@XZ
?toUInt@QString@@QBEIPA_NH@Z
?fromLatin1@QString@@SA?AV1@PBDH@Z
??8QString@@QBE_NABV0@@Z
??0QString@@QAE@PBD@Z
??0QString@@QAE@ABV0@@Z
?shared_null@QMapData@@2U1@A
?shared_null@QListData@@2UData@1@A
??0QString@@QAE@XZ
??4QString@@QAEAAV0@PBD@Z
??0QLibrary@@QAE@ABVQString@@PAVQObject@@@Z
?load@QLibrary@@QAE_NXZ
?resolve@QLibrary@@QAEPAXPBD@Z
??1QLibrary@@UAE@XZ
??1QString@@QAE@XZ
?QStringList_contains@QtPrivate@@YA?AVQBool@@PBVQStringList@@ABVQString@@W4CaseSensitivity@Qt@@@Z

hpqsil01

?GetInstance@CHPShareAPI@@SAPAV1@PAG00@Z

kernel32

LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
InterlockedCompareExchange
TerminateProcess
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetCurrentProcess
Sleep
MultiByteToWideChar
HeapAlloc
LocalFree
GetProcessHeap
HeapFree
GetFileAttributesW
WideCharToMultiByte
lstrlenW

gdi32

AddFontResourceExW
RemoveFontResourceW

advapi32

RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

msvcp80

?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z

gdiplus

GdiplusStartup

msvcr80

??2@YAPAXI@Z
_wtoi
_wcsicmp
wcschr
free
wcscmp
?terminate@@YAXXZ
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
wcscat_s
__clean_type_info_names_internal
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
??_V@YAXPAX@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset
??3@YAXPAX@Z
__CxxFrameHandler3
_CxxThrowException
_decode_pointer
memcpy_s
wcscpy_s

Exports

Exports

createCreateComponent
createPlugin
createPrintComponent

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99e4d1fb815a4f1f069b605f8f98f85e

Headers

File Characteristics

Imports

qtcore4

hpqsil01

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp80

gdiplus

msvcr80

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 68KB - Virtual size: 180KB

.rsrc Size: 60KB - Virtual size: 169KB

.reloc Size: 72KB - Virtual size: 68KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 68KB - Virtual size: 180KB

.rsrc
Size: 60KB - Virtual size: 169KB

.reloc
Size: 72KB - Virtual size: 68KB