quid[.]dll[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

quid.dll.exe
Size

1.4MB
MD5

2c4ee53a9dc80c07bac9bf2c28b26d4b
SHA1

4fc2c4c83b6e1def3d9c5605c08f07c3a1b44745
SHA256

5f62c77b5e517ee8b13bb05826b1410c1ceb87456c9180c8378f45c92715d822
SHA512

258f3de245793fae675e2a9fb989286d59495944da222fdcf318460d5edd867e6f3747e0f8909e426f60c3e259cf17a864d6ffe104306ebc445cc80498349a46
SSDEEP

24576:H5Om+AUPoq2SbJSz8neanZniaXU4a26Jg:H5z3q2QSQnlZni

Score

N/A

Malware Config

Signatures

Files

quid.dll.exe
.dll windows x64

35262cba987655c01edf2add583adaa9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetStdHandle
AllocConsole
FreeConsole
AttachConsole
SetConsoleCP
SetConsoleOutputCP
SetConsoleTextAttribute
SetConsoleTitleW
Sleep
CreateThread
FreeLibraryAndExitThread
GetConsoleWindow
GetTickCount64
GetSystemInfo
VirtualAlloc
VirtualFree
OpenThread
SetThreadContext
FlushInstructionCache
GetThreadContext
HeapDestroy
HeapAlloc
HeapReAlloc
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
Thread32First
Thread32Next
HeapFree
VirtualProtect
HeapCreate
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
MultiByteToWideChar
lstrlenW
GetModuleFileNameW
GetCurrentProcessId
WaitNamedPipeW
PeekNamedPipe
GetLastError
CloseHandle
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetFileInformationByHandleEx
AreFileApisANSI
GetFileAttributesExW
CreateDirectoryW
FormatMessageA
LocalFree
VirtualQuery
GetModuleHandleA
WriteFile
ReadFile
CreateFileW

user32

ShowCursor
GetWindowRect
GetForegroundWindow
GetAsyncKeyState
MoveWindow
LoadCursorA
GetCursorPos
SetCursor
EmptyClipboard
GetClipboardData
CloseClipboard
FindWindowA
SetWindowLongPtrW
OpenClipboard
SetClipboardData

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
_Thrd_yield
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Random_device@std@@YAIXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_broadcast
_Cnd_timedwait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_current_owns
_Mtx_init_in_situ
_Thrd_id
_Thrd_join
_Xtime_get_ticks
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

vcruntime140

strstr
memcmp
__std_terminate
memset
memmove
memchr
__std_exception_destroy
__std_exception_copy
memcpy
__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_execute_onexit_table
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_initterm
_beginthreadex
_initterm_e
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

sin
sqrtf
sinf
fmodf
ceil
cos
cosf
ceilf
log2

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-stdio-l1-1-0

fread
fflush
fclose
_wfopen
ungetc
setvbuf
__stdio_common_vsprintf_s
fwrite
_fseeki64
__stdio_common_vsprintf
__stdio_common_vsscanf
fsetpos
_get_stream_buffer_pointers
fgetc
fputc
__stdio_common_vfprintf
__stdio_common_vswprintf
__acrt_iob_func
fgetpos

api-ms-win-crt-string-l1-1-0

toupper
strncpy
strcmp

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

remove
_unlock_file
_lock_file
_stat64i32

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 689KB - Virtual size: 689KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 371KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35262cba987655c01edf2add583adaa9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

imm32

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 689KB - Virtual size: 689KB

.rdata Size: 357KB - Virtual size: 356KB

.data Size: 371KB - Virtual size: 588KB

.pdata Size: 24KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 689KB - Virtual size: 689KB

.rdata
Size: 357KB - Virtual size: 356KB

.data
Size: 371KB - Virtual size: 588KB

.pdata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 25KB - Virtual size: 25KB