qemu-img[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

qemu-img.exe
Size

5.4MB
MD5

152470a4aba6265c0eba856df55c6a0b
SHA1

bd60a66a87da1379e10c99a949b16c305333760f
SHA256

0021c72676a1b5b45713fdef612ae5cc82ee7281ee6bfb9f362403b0d6a042e0
SHA512

db9b585c0b8a832767adbbecffbfa4daa7f43246e6226d688242966c922cd9f1d5010762f67b07072c67d608deb7bfd92b3ff37023bb8f56e1771d20fd901504
SSDEEP

49152:jUuh2JZighTgkyJGnplC3hno8waWJJbMyAed4Ngvoby7BDYbOWL24qIw:jnh2nDZCqu9eugvxDYbOWL24qIw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
qemu-img.exe

Files

qemu-img.exe
.exe windows x64

574d75163545f704367f8f6c6d63ff06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libgcc_s_sjlj-1

__divti3
__emutls_get_address
__popcountdi2

kernel32

CloseHandle
ConvertThreadToFiber
CreateEventA
CreateFiber
CreateFileA
CreateIoCompletionPort
CreateSemaphoreA
DeleteCriticalSection
DeleteFiber
DeviceIoControl
EnterCriticalSection
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDriveTypeA
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetQueuedCompletionStatus
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MultiByteToWideChar
OpenThread
QueryPerformanceCounter
QueryPerformanceFrequency
ReOpenFile
ReadFile
ReleaseSemaphore
ResetEvent
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleMode
SetEndOfFile
SetEvent
SetFilePointer
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SleepEx
SwitchToFiber
TerminateProcess
TlsGetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

msvcrt

__C_specific_handler
___lc_codepage_func
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_acmdln
_access
_amsg_exit
_beginthreadex
_cexit
_chsize
_commit
_close
_endthreadex
_errno
_exit
_fdopen
_findclose
_findfirst64
_findnext64
_fmode
_fullpath
_get_osfhandle
_getpid
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_mkdir
_onexit
_open
_read
_rmdir
_snwprintf
_stat64
_telli64
_time64
_umask
_unlink
_unlock
_write
abort
calloc
exit
fclose
ferror
fflush
fgets
fopen
fprintf
fputc
free
fwprintf
fwrite
getc
getchar
getenv
isalnum
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
memcmp
memcpy
memmove
memset
perror
putchar
puts
qsort
raise
rand
realloc
rename
rewind
signal
srand
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
toupper
ungetc
vfprintf
wcscpy
wcslen

shell32

SHGetFolderPathA

user32

MessageBoxW
MsgWaitForMultipleObjectsEx

ws2_32

WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getsockopt
htons
inet_addr
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

libssp-0

__stack_chk_fail
__stack_chk_guard

libglib-2.0-0

g_array_append_vals
g_array_free
g_array_new
g_array_set_size
g_assertion_message
g_assertion_message_expr
g_base64_decode
g_free
g_get_current_time
g_hash_table_destroy
g_hash_table_insert
g_hash_table_lookup_extended
g_hash_table_new_full
g_log
g_main_context_check
g_main_context_default
g_main_context_dispatch
g_main_context_prepare
g_main_context_query
g_malloc
g_malloc0
g_malloc0_n
g_malloc_n
g_random_int
g_realloc
g_realloc_n
g_slice_alloc
g_slice_alloc0
g_slice_free1
g_source_add_poll
g_source_attach
g_source_destroy
g_source_new
g_source_ref
g_source_remove_poll
g_source_set_can_recurse
g_source_unref
g_str_has_prefix
g_str_hash
g_strdup
g_strdup_printf
g_strdup_vprintf
g_string_append
g_string_free
g_string_new
g_strndup
g_threads_got_initialized
g_time_val_to_iso8601
g_try_malloc
g_try_malloc0
g_try_malloc0_n
g_try_malloc_n
g_try_realloc
g_utf8_to_utf16
g_win32_error_message

libgthread-2.0-0

g_thread_init

Sections

.text
Size: 702KB - Virtual size: 702KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

574d75163545f704367f8f6c6d63ff06

Headers

DLL Characteristics

File Characteristics

Imports

libgcc_s_sjlj-1

kernel32

msvcrt

shell32

user32

ws2_32

libssp-0

libglib-2.0-0

libgthread-2.0-0

Sections

.text Size: 702KB - Virtual size: 702KB

.data Size: 26KB - Virtual size: 26KB

.rdata Size: 187KB - Virtual size: 187KB

.pdata Size: 32KB - Virtual size: 31KB

.xdata Size: 32KB - Virtual size: 32KB

.bss Size: - Virtual size: 4.0MB

.idata Size: 10KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 80B

.rsrc Size: 6KB - Virtual size: 5KB

/4 Size: 6KB - Virtual size: 6KB

/19 Size: 2.0MB - Virtual size: 2.0MB

/31 Size: 111KB - Virtual size: 111KB

/45 Size: 174KB - Virtual size: 173KB

/57 Size: 152KB - Virtual size: 152KB

/70 Size: 67KB - Virtual size: 66KB

/81 Size: 1.2MB - Virtual size: 1.2MB

/92 Size: 94KB - Virtual size: 93KB

.text
Size: 702KB - Virtual size: 702KB

.data
Size: 26KB - Virtual size: 26KB

.rdata
Size: 187KB - Virtual size: 187KB

.pdata
Size: 32KB - Virtual size: 31KB

.xdata
Size: 32KB - Virtual size: 32KB

.bss
Size: - Virtual size: 4.0MB

.idata
Size: 10KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 80B

.rsrc
Size: 6KB - Virtual size: 5KB

/4
Size: 6KB - Virtual size: 6KB

/19
Size: 2.0MB - Virtual size: 2.0MB

/31
Size: 111KB - Virtual size: 111KB

/45
Size: 174KB - Virtual size: 173KB

/57
Size: 152KB - Virtual size: 152KB

/70
Size: 67KB - Virtual size: 66KB

/81
Size: 1.2MB - Virtual size: 1.2MB

/92
Size: 94KB - Virtual size: 93KB