Q-Dir_Installer[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Q-Dir_Installer.zip
Size

775KB
MD5

0c2da8ab8a2d955fa9787d968569fd5b
SHA1

6c324552ac74bb8f98113ed731daae16e614e249
SHA256

327d558ea96287e347d8e72a0c5f10d3395ec325bddc1cf1bf14a406d54c348d
SHA512

d0ec24b8822e13f949bd1433e8ec524779fafe86bd14daf3f9898dc6b61e3a0fd7da175505c9a2e8d9fe6244b122f6242b935ac71527ec113784809960f5fa9a
SSDEEP

24576:OPULcf/tvqjomTD9K+QXbccniQj2FSsXQUy:OPH/tvqjomTxK+4bxTj2LgX

Score

N/A

Malware Config

Signatures

Files

Q-Dir_Installer.zip
.zip
Q-Dir_Installer_UC.exe
.exe windows x86

2c25e10e9670aa114561ead67f6e6771

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:60:89:6b:93:1c:3c:5a:e1:ad:84:cf:da:71:06:b0
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/06/2021, 00:00

Not After

14/06/2023, 23:59

Subject

CN=Nenad Hrg,O=Nenad Hrg,L=Srima,C=HR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:00:94:1c:02:4a:e1:3a:a4:d2:30:f1:49:bb:43:1e:11:6b:fe:d0:43:98:d8:be:2d:62:10:33:69:5d:9d:9b
Signer

Actual PE Digest

e4:00:94:1c:02:4a:e1:3a:a4:d2:30:f1:49:bb:43:1e:11:6b:fe:d0:43:98:d8:be:2d:62:10:33:69:5d:9d:9b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nenad Hrg,O=Nenad Hrg,L=Srima,C=HR

15/12/2022, 13:51
Valid: true

Chain 1

CN=Nenad Hrg,O=Nenad Hrg,L=Srima,C=HR

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetDriveTypeA
GetCPInfo
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
RaiseException
CompareStringA
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
IsBadCodePtr
TlsAlloc
TlsSetValue
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetSystemTime
RtlUnwind
GetSystemTimeAsFileTime
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
HeapFree
HeapAlloc
HeapReAlloc
GetVersion
GetStartupInfoW
GetModuleHandleA
SetEndOfFile
GetACP
GetOEMCP
SetEnvironmentVariableA
GetTempFileNameW
SetVolumeLabelW
HeapDestroy
CreateMutexW
GetProfileStringW
GetLocaleInfoW
GetNumberFormatW
GetEnvironmentVariableW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFullPathNameW
GetDiskFreeSpaceW
GetUserDefaultLangID
GetSystemDirectoryW
TerminateProcess
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetShortPathNameW
GetPrivateProfileStringW
SizeofResource
GetLocalTime
GetFileSize
SetFilePointer
SetFileTime
ReadFile
TerminateThread
GetLastError
GetCurrentProcessId
MoveFileW
MulDiv
GetTimeZoneInformation
lstrcpynA
GetLogicalDrives
InitializeCriticalSection
DeleteCriticalSection
GlobalHandle
FreeResource
Sleep
CreateThread
ExitProcess
OutputDebugStringA
GetCurrentProcess
FlushInstructionCache
CompareStringW
SetLastError
lstrcpyW
FindResourceW
LoadResource
LockResource
GetLogicalDriveStringsW
GetDriveTypeW
GetFileAttributesW
lstrcmpiW
lstrcmpW
lstrcatW
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
CreateDirectoryW
GetModuleFileNameW
CreateFileW
WideCharToMultiByte
WriteFile
CloseHandle
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
GetTempPathW
FreeLibrary
GetVersionExW
MultiByteToWideChar
lstrlenA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetProcAddress
GetWindowsDirectoryW
GetModuleHandleW
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
lstrcpynW
lstrlenW
LoadLibraryW
TlsGetValue
InterlockedExchange

user32

GetScrollPos
MoveWindow
SetScrollInfo
IsRectEmpty
IntersectRect
SetScrollPos
GetMenuDefaultItem
GetSystemMenu
SetRect
LoadBitmapW
TrackPopupMenuEx
DrawEdge
GetSysColorBrush
PeekMessageW
CallNextHookEx
IsMenu
WindowFromPoint
GetWindowThreadProcessId
SetMenuItemInfoW
SetWindowLongW
SendMessageW
CallWindowProcW
GetWindowLongW
wsprintfW
SetWindowTextW
SetTimer
ShowWindow
GetDlgItem
GetParent
LoadImageW
MessageBeep
UnhookWindowsHookEx
SetWindowsHookExW
InsertMenuW
CheckMenuItem
EnableMenuItem
GetWindowDC
TranslateAcceleratorW
IsDialogMessageW
GetDoubleClickTime
GetMessagePos
CreatePopupMenu
TrackPopupMenu
EqualRect
CreateDialogParamW
FrameRect
InflateRect
PostMessageW
CopyRect
IsWindowVisible
GetKeyState
SetClassLongW
ClientToScreen
SetMenu
LoadAcceleratorsW
DeleteMenu
LoadIconW
GetMenuStringW
LoadStringA
RemoveMenu
IsDlgButtonChecked
CheckDlgButton
CreateDialogIndirectParamW
GetClipboardData
SetPropW
GetWindowPlacement
EnumWindows
mouse_event
MenuItemFromPoint
GetMenu
SetWindowPlacement
SetActiveWindow
GetMenuState
InsertMenuItemW
DispatchMessageW
GetSystemMetrics
GetFocus
FindWindowExW
KillTimer
PostQuitMessage
EndDialog
GetClientRect
SetWindowPos
GetAsyncKeyState
EnumChildWindows
MessageBoxW
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
CharNextW
CloseClipboard
DestroyIcon
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
ScreenToClient
SetDlgItemTextW
TranslateMessage
SetMenuItemBitmaps
SendMessageA
keybd_event
MapVirtualKeyW
GetScrollInfo
DrawIcon
ScrollWindowEx
IsZoomed
SendMessageTimeoutW
GetMessageW
GetMenuItemID
GetPropW
RemovePropW
ShowCaret
AppendMenuW
SetParent
InvalidateRgn
CreateAcceleratorTableW
GetDesktopWindow
RedrawWindow
IsChild
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
DialogBoxIndirectParamW
MessageBoxA
LoadStringW
IsWindowEnabled
GetSysColor
DrawFocusRect
FillRect
DrawTextW
OffsetRect
GetClassNameW
CreateCursor
GetWindowTextLengthW
GetCursorPos
DrawAnimatedRects
GetWindowTextW
GetDlgCtrlID
DialogBoxParamW
GetActiveWindow
CharLowerW
ReleaseDC
GetDC
DestroyMenu
GetMenuItemInfoW
GetMenuItemCount
GetSubMenu
CreateWindowExW
SetRectEmpty
DefWindowProcW
DestroyCursor
UpdateWindow
ReleaseCapture
GetCapture
SetCapture
SetFocus
PtInRect
InvalidateRect
DestroyWindow
IsWindow
LoadMenuW
BeginPaint
EndPaint
SetCursor
SetMenuDefaultItem
CharUpperW
GetIconInfo
RegisterClipboardFormatW
SetForegroundWindow

gdi32

GetBkColor
DPtoLP
LPtoDP
SetPixel
Rectangle
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetViewportExtEx
GetWindowExtEx
OffsetViewportOrgEx
SelectClipRgn
GetEnhMetaFileHeader
EndDoc
AbortDoc
EndPage
StartPage
ResetDCW
StartDocW
SetStretchBltMode
StretchBlt
GetCurrentObject
GetPixel
SetDIBitsToDevice
CreateEnhMetaFileW
CloseEnhMetaFile
CreateDCW
GetDIBits
GetClipBox
SetViewportOrgEx
CreateBitmap
CreatePatternBrush
PatBlt
GetTextExtentPoint32W
SaveDC
ExtTextOutW
RestoreDC
ExcludeClipRect
OffsetWindowOrgEx
SetWindowOrgEx
CreatePen
MoveToEx
LineTo
IntersectClipRect
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
SetBkMode
DeleteDC
DeleteObject
GetObjectW
CreateDIBSection
CreateCompatibleDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
DeleteEnhMetaFile
CreateFontIndirectW
CreateSolidBrush

winspool.drv

GetPrinterW
ClosePrinter
OpenPrinterW

comdlg32

GetOpenFileNameW
ChooseColorW
PageSetupDlgW
GetSaveFileNameW
PrintDlgW

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
GetTokenInformation
RegCloseKey

shell32

SHAppBarMessage
Shell_NotifyIconW
ord21
DragFinish
SHBrowseForFolderW
ord88
ExtractIconExW
ord68
SHGetSettings
ord25
DragQueryFileW
ord17
ord16
SHGetFileInfoW
SHFileOperationW
DragAcceptFiles
ord155
ord18
SHGetDesktopFolder
ord4
ord2
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
ord190

ole32

DoDragDrop
RegisterDragDrop
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
ReleaseStgMedium
CoCreateInstance
OleDuplicateData
CoInitialize
CoUninitialize
OleGetClipboard
RevokeDragDrop
CoSetProxyBlanket
OleSetClipboard

oleaut32

VariantChangeType
OleCreatePictureIndirect
DispCallFunc
SafeArrayDestroy
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString

comctl32

ImageList_LoadImageW
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize
ImageList_GetIcon
ImageList_SetBkColor
InitCommonControlsEx
ImageList_Remove
ImageList_Destroy
ImageList_GetImageCount
ImageList_DrawEx
ImageList_Draw
ImageList_AddMasked
ImageList_GetImageInfo
CreateStatusWindowW
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

msimg32

AlphaBlend

gdiplus

GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipDisposeImageAttributes
GdipSetImageAttributesGamma
GdipCreateHICONFromBitmap
GdipCreateFromHDC
GdipGetImageThumbnail
GdipGetPropertyItemSize
GdipGetImagePixelFormat
GdipCreateBitmapFromHBITMAP
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipCreateImageAttributes
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdiplusStartup
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipImageSelectActiveFrame
GdipSetCompositingMode
GdipCreateBitmapFromFile
GdipSetInterpolationMode
GdipCreateBitmapFromStreamICM

winmm

PlaySoundW
timeGetTime

shlwapi

PathRelativePathToW
StrCpyW

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c25e10e9670aa114561ead67f6e6771

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

0a:60:89:6b:93:1c:3c:5a:e1:ad:84:cf:da:71:06:b0Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e4:00:94:1c:02:4a:e1:3a:a4:d2:30:f1:49:bb:43:1e:11:6b:fe:d0:43:98:d8:be:2d:62:10:33:69:5d:9d:9bSigner

Signature Validations

Verification

15/12/2022, 13:51 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

winmm

shlwapi

Sections

.text Size: 672KB - Virtual size: 671KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 56KB - Virtual size: 119KB

.tls Size: 4KB - Virtual size: 16B

.rsrc Size: 492KB - Virtual size: 489KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

0a:60:89:6b:93:1c:3c:5a:e1:ad:84:cf:da:71:06:b0
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e4:00:94:1c:02:4a:e1:3a:a4:d2:30:f1:49:bb:43:1e:11:6b:fe:d0:43:98:d8:be:2d:62:10:33:69:5d:9d:9b
Signer

15/12/2022, 13:51
Valid: true

.text
Size: 672KB - Virtual size: 671KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 56KB - Virtual size: 119KB

.tls
Size: 4KB - Virtual size: 16B

.rsrc
Size: 492KB - Virtual size: 489KB