ad5d286f85aeec0f84af12aeef793345647a1e02185b6858526505a7168534da

Sharing

Copy URL Twitter E-mail

General

Target

ad5d286f85aeec0f84af12aeef793345647a1e02185b6858526505a7168534da
Size

1.1MB
MD5

69b1eb32152b12347ca28af34959dfc1
SHA1

60e030da06e3fd1339f361b6894f963dc74e7fc0
SHA256

ad5d286f85aeec0f84af12aeef793345647a1e02185b6858526505a7168534da
SHA512

5fc38b1ec69d293f41d344e6207ebf923252edf14b3bd1269eb807fb0435704e9e91e452d9e0d034082efff1b5e1d56cbd80b7c248b8cc3e1353701d1522c2a8
SSDEEP

24576:VHRiq0vBQMvGsMn45cmJc2VtN+T/L6fZ5zPZRR76P:VHRiq0vBLvGsMnt2VbWOfZ5zPZR9e

Score

N/A

Malware Config

Signatures

Files

ad5d286f85aeec0f84af12aeef793345647a1e02185b6858526505a7168534da
.exe windows x86

79575ff414a41bd25a6f0a86c676a158

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

basicctrldll

??0CAsyncGetHostByName@@QAE@PAUHWND__@@IVCString@@HH@Z
?LoadResponseStr@@YAXAAVCString@@I@Z
?GetFaceIndex@@YAGPAUIQQCore@@@Z
?GetLastChangeTime@@YAKPAUIQQCore@@@Z
?GetLocalIP@@YA?AVCString@@PAK@Z
?GetQQExeHash@@YAHPAE@Z
?GetOIcqProcessCount@@YAEXZ
?GetLocalComputerGUID@@YAXPAEH@Z
??0CCsRegisterSinkHelper@@QAE@XZ
??1CCsRegisterSinkHelper@@UAE@XZ
??_7CQQDataArrayHelper@@6B@
?FreeQQPtrArray@@YAJAAVCPtrArray@@@Z
?QQArrayToPtrArray@@YAJPAUIQQDataArray@@AAVCPtrArray@@@Z
?PtrArrayToQQArray@@YAJABVCPtrArray@@PAPAUIQQDataArray@@@Z
??1CQQDataArrayHelper@@UAE@XZ
?DoModal_InputLocalPwdDlg@@YAHHHVCString@@AAV1@K@Z
?Base64Decode2@@YAHPBDHPAEPAH@Z
?CheckForUinNeedUpdate@@YAHPAUIQQCore@@VCString@@@Z
?BasicLoadStr@@YAXAAVCString@@I@Z
?GetExceptionString@@YAXPAU_EXCEPTION_POINTERS@@AAVCString@@111@Z
?GetOSVersion@@YAHAAK000@Z
?CheckFileExist1@@YAHVCString@@@Z
?RemoveTempDir1@@YAHVCString@@@Z
?CrackStr@@YAXAAVCStringArray@@VCString@@DH@Z
?BUFFER2String@@YA?AVCString@@PBDH@Z
?GetFriendQQData@@YAHPAUIQQCore@@KPAPAUIQQData@@@Z
?GetCurrentUserData@@YAXPAUIQQCore@@PAPAUIQQData@@@Z
?IsMySelfInLan@@YAHK@Z
?SetInterval@CTimerEvent@@QAEXI@Z
??0CTimerEvent@@QAE@XZ
?SetEnabled@CTimerEvent@@QAEXH@Z
??1CTimerEvent@@UAE@XZ
?CreateObjectFromFile@@YAJPBDPAUIUnknown@@ABU_GUID@@2PAPAX@Z
?CheckCameraStatus@@YAHXZ
??0CCsSendSinkHelper@@QAE@XZ
??1CCsSendSinkHelper@@UAE@XZ
?GetInstallFolder@@YA?AVCString@@XZ
?GetCurrentSysTempData@@YAXPAUIQQCore@@PAPAUIQQData@@@Z
?InitCQQUserData@@YAXJPAUIQQData@@@Z
?GetCurrentUin@@YAKPAUIQQCore@@@Z
?NextQQDataArrayStr@@YAJPAUIQQDataArray@@AAVCString@@@Z
?GetCurrentUin@@YAHPAUIQQCore@@PAK@Z
?GetQQDataBuf@@YAJPAUIQQData@@PBDAAVCString@@@Z
?CreateQQDataArray@@YAXPAPAUIQQDataArray@@@Z
?CopyAFieldQQData@@YAJPAUIQQData@@0VCString@@1E@Z
?GetQQDataStr@@YAJPAUIQQData@@PBDAAVCString@@@Z
?BIG_GB@@YAHPAEH@Z
?GB2BIG@@YAXAAVCString@@@Z
?BIG2GB@@YAXAAVCString@@@Z
?NextQQDataArrayBuf@@YAJPAUIQQDataArray@@AAVCString@@@Z
?CreateQQData@@YAXPAPAUIQQData@@@Z
?GetExeFolder@@YA?AVCString@@XZ
?ConvertAddress2@@YGXKAAVCString@@@Z
?GetCurrentStatus@@YAHPAUIQQCore@@PAH@Z
?Base64Encode@@YA?AVCString@@PBDH@Z

qqhelperdll

?GetCurrentMobileNum@@YAHPAUIQQCore@@AAVCString@@@Z
?GetGender@@YAEVCString@@@Z
?SaveMsgToMsgArray@@YAHPAUIQQCore@@VCString@@1PAUIQQData@@PAH@Z
?PreSaveRichMsg@@YA?AVCString@@V1@0@Z
?LoadStr@@YAXAAVCString@@I@Z
?GetCurrentEmailAddr@@YAHPAUIQQCore@@AAVCString@@@Z
?OpenUrlWithTe@@YAXPAUHWND__@@VCString@@H@Z
?StopTrayAnimate@@YAXPAUIQQCore@@@Z
?Paint@CDib@@QAEHPAUHDC__@@PAUtagRECT@@1@Z
?IsLogin@@YAHPAUIQQCore@@@Z
?GetCurrentGender@@YAHPAUIQQCore@@AAW4GENDER_TYPE@@@Z
?InitQQShow@@YAHPAUIQQCore@@@Z
?StartTrayAnimate@@YAXPAUIQQCore@@@Z
?ReadFromResource@CDib@@QAEHIPBD@Z
??0CDib@@QAE@XZ
?GetDisDataFromDisUin@@YAHPAUIQQUserManager@@KKPAPAUIQQData@@@Z
??1CDib@@UAE@XZ

mfc42

ord5450
ord6383
ord2107
ord446
ord743
ord801
ord541
ord2614
ord939
ord6143
ord5861
ord940
ord6648
ord538
ord922
ord5710
ord6662
ord2763
ord6311
ord4171
ord1949
ord4275
ord2033
ord6055
ord1776
ord5290
ord5431
ord3348
ord4351
ord2989
ord3579
ord619
ord1233
ord297
ord1114
ord1113
ord772
ord4021
ord5860
ord500
ord2988
ord341
ord654
ord5858
ord6140
ord2827
ord2820
ord3811
ord535
ord536
ord5603
ord2864
ord2919
ord6453
ord1980
ord686
ord384
ord2408
ord3571
ord3626
ord1146
ord6394
ord5440
ord2096
ord1641
ord2623
ord2486
ord2086
ord326
ord6442
ord3324
ord3181
ord3178
ord4058
ord2781
ord1768
ord6334
ord5981
ord6781
ord6883
ord4224
ord3573
ord810
ord4020
ord1601
ord4278
ord2370
ord3398
ord3733
ord2302
ord3693
ord755
ord5788
ord6880
ord3092
ord470
ord4000
ord2862
ord3089
ord4476
ord6197
ord6380
ord3742
ord3619
ord613
ord640
ord5785
ord1640
ord323
ord289
ord6282
ord5937
ord2859
ord5875
ord6172
ord5789
ord2452
ord2753
ord3706
ord4299
ord4480
ord3402
ord3708
ord781
ord2841
ord3663
ord3353
ord2233
ord1265
ord2729
ord2730
ord6467
ord2727
ord4003
ord4226
ord290
ord614
ord1799
ord823
ord1154
ord2379
ord4710
ord6215
ord6199
ord4234
ord324
ord3597
ord4425
ord4627
ord2985
ord3262
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord2860
ord2414
ord3326
ord950
ord3028
ord1889
ord3318
ord6364
ord1238
ord2241
ord5241
ord6929
ord641
ord462
ord850
ord2458
ord1669
ord2652
ord6283
ord3986
ord2393
ord5606
ord464
ord1572
ord465
ord5500
ord6354
ord2764
ord4078
ord3790
ord861
ord4202
ord5596
ord3441
ord5607
ord5634
ord501
ord2762
ord1083
ord915
ord4191
ord400
ord702
ord2801
ord403
ord273
ord1969
ord5445
ord1989
ord4407
ord1775
ord603
ord703
ord3500
ord4204
ord2784
ord923
ord926
ord2449
ord349
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord593
ord824
ord260
ord826
ord589
ord356
ord2770
ord941
ord668
ord6876
ord860
ord2818
ord1247
ord1199
ord3258
ord1670
ord1971
ord4975
ord1134
ord2621
ord1168
ord1232
ord1270
ord2152
ord1200
ord1576
ord4919
ord4447
ord4411
ord4335
ord4160
ord4277
ord924
ord540
ord278
ord605
ord2915
ord5572
ord857
ord561
ord1216
ord5289
ord4698
ord815
ord3953
ord354
ord3401
ord6385
ord1979
ord5186
ord6365
ord5715
ord6438
ord665
ord5683
ord5498
ord825
ord567
ord2625
ord818
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5307
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord5480
ord2029
ord4472
ord4013
ord6350
ord4129
ord858
ord800
ord537
ord4274
ord3570
ord966
ord5478
ord5796
ord4863
ord2031
ord5481
ord5810
ord1638
ord1639
ord5651
ord1262
ord5809
ord2077
ord3780
ord6142
ord6139
ord5857
ord5602
ord5608
ord287
ord610
ord6241
ord3613
ord3126
ord350
ord3616
ord3127

msvcrt

__CxxFrameHandler
_EH_prolog
_except_handler3
atol
_adjust_fdiv
fclose
fscanf
__p___argc
strcpy
__p___argv
memcpy
atoi
_mbsicmp
strlen
_mbsrchr
memset
_mbscmp
memcmp
_purecall
time
rand
srand
sprintf
fopen
strcmp
abs
memmove
_atoi64
_exit
__dllonexit
_onexit
_acmdln
_XcptFilter
exit
__setusermatherr
__getmainargs
_initterm
__set_app_type
__p__commode
__p__fmode
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_CxxThrowException
_getpid
_stricmp
_setmbcp
strncpy
strstr
_ftol

kernel32

MultiByteToWideChar
WritePrivateProfileStringA
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
ReleaseMutex
CloseHandle
GetModuleFileNameA
CreateMutexA
SetEndOfFile
GetFileSize
CreateFileA
GetProcAddress
GetCurrentProcessId
lstrlenA
InterlockedDecrement
GetTickCount
WriteFile
SetFilePointer
CreateDirectoryA
GetFileAttributesA
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
GetVersion
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetStartupInfoA
GetPrivateProfileStringA
GetCurrentThreadId
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenW
WideCharToMultiByte
GetTempPathA
GetTempFileNameA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
FreeLibrary
CreateProcessA
WaitForSingleObject
CreateEventA
SetEvent
SetErrorMode
SetUnhandledExceptionFilter
FormatMessageA

user32

LoadImageA
ReleaseDC
SetWindowLongA
LoadCursorA
InvalidateRect
UpdateWindow
OffsetRect
GetWindowRect
DestroyIcon
FindWindowA
PostMessageA
IsWindowVisible
SystemParametersInfoA
RegisterWindowMessageA
LoadBitmapA
GetDC
LoadIconA
GetDesktopWindow
IsWindow
SendMessageA
KillTimer
SetTimer
EnableWindow
MessageBoxA
DrawIconEx
GetClientRect
SetWindowRgn
SetCursor
SetRect
GetParent
GetWindowLongA
PtInRect
DefWindowProcA
MessageBeep
PostQuitMessage
ScreenToClient
GetSysColor
UnregisterHotKey

gdi32

CreateDIBSection
SelectObject
ExtCreateRegion
CombineRgn
DeleteDC
CreateCompatibleBitmap
GetObjectA
CreateFontIndirectA
GetStockObject
CreateCompatibleDC
BitBlt
CreateSolidBrush
CreatePen
RoundRect
DeleteObject

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
StgCreateDocfile
StgOpenStorage
CoCreateGuid
StgIsStorageFile
CLSIDFromString
CoTaskMemFree
CoLoadLibrary
CoInitialize

wsock32

htonl
htons
ntohl
ntohs

qqzip

Unzip

ws2_32

gethostbyname
closesocket
ioctlsocket
recv
listen
setsockopt
getsockopt
WSAGetLastError
inet_addr
inet_ntoa
connect
socket
select
send

qqbaseclassindll

?GetMessageMap@CSmsDownLoad@@MBEPBUAFX_MSGMAP@@XZ
?GetRuntimeClass@CSmsDownLoad@@UBEPAUCRuntimeClass@@XZ
?GetInterfaceMap@CSmsDownLoad@@MBEPBUAFX_INTERFACEMAP@@XZ
?PostNcDestroy@CSmsDownLoad@@MAEXXZ
??0CSmsDownLoad@@QAE@XZ
?StartDown@CSmsDownLoad@@QAEXHHH@Z
?SetParentWnd@CSmsDownLoad@@QAEXPAVCWnd@@@Z
?PeekAndPump@CProgressWnd@@QAEXH@Z
??1CSmsDownLoad@@UAE@XZ
?SetPos@CProgressWnd@@QAEHH@Z
?OffsetPos@CProgressWnd@@QAEHH@Z
??0CBmpButton@@QAE@IIIII@Z
??1CUsrGrpProgressDlg@@UAE@XZ
??0CUsrGrpProgressDlg@@QAE@PAVCWnd@@@Z
??1CBmpButton@@UAE@XZ

wininet

InternetQueryOptionA

oleaut32

SysFreeString
SysAllocStringLen
VariantClear

Sections

.text
Size: 644KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

79575ff414a41bd25a6f0a86c676a158

Headers

File Characteristics

Imports

basicctrldll

qqhelperdll

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

wsock32

qqzip

ws2_32

qqbaseclassindll

wininet

oleaut32

Sections

.text Size: 644KB - Virtual size: 641KB

.rdata Size: 184KB - Virtual size: 181KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 36KB - Virtual size: 35KB

.tc Size: 204KB - Virtual size: 204KB

.text
Size: 644KB - Virtual size: 641KB

.rdata
Size: 184KB - Virtual size: 181KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 36KB - Virtual size: 35KB

.tc
Size: 204KB - Virtual size: 204KB