qNGDMC[.]cpl | Triage

Sharing

Copy URL Twitter E-mail

General

Target

qNGDMC.cpl
Size

1.6MB
MD5

1c8b044a5ca5cc559f4ae2eccc7b0807
SHA1

cdb1bc3fed496d8c06fecfe5904ddeaaa8a7e2cc
SHA256

90b9ebde40aab81f665d572d995780e7c496412404d4fecaeaf5d9fcb7b56524
SHA512

14fc082dfb78510d3172d19d3aab243b8923415ef84f733df61642f222b32dad67cca9be987787fcb1dfa7317e609a0bcb0746c3b52989ac0628ea438bef64b5
SSDEEP

24576:Yf9gr6c4Htz6T/PpQMlF3PDx2nCWrmm4Tcpgvgoig:YfBc6+/PpQMlF72C0mnbvH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
qNGDMC.cpl

Files

qNGDMC.cpl
.dll windows x86

29a039457e3bf56aadc97fa1a833aba1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

IsPwrHibernateAllowed

user32

GetWindowDC
UpdateWindow
CopyAcceleratorTableA
OpenIcon
SetClassLongW
IsDialogMessageA
CreateWindowStationA
GetClassInfoA
SetWinEventHook
PostThreadMessageA

secur32

ImpersonateSecurityContext

gdi32

GetSystemPaletteUse
CombineRgn
GetPaletteEntries
GetSystemPaletteEntries
CreateCompatibleDC
GetBkColor
EndPath
GdiSetBatchLimit
SetViewportOrgEx
CreateFontIndirectW

lz32

LZInit
LZCopy
LZOpenFileW
LZSeek
LZClose

advapi32

ClearEventLogW
RegEnumValueA
AddUsersToEncryptedFile

ole32

CoTaskMemAlloc

clusapi

ClusterCloseEnum

oleaut32

VarDateFromCy

kernel32

VirtualAlloc
GetSystemTimeAsFileTime
GetFileInformationByHandle
SetCurrentDirectoryA
GetModuleFileNameW
GetUserDefaultLangID
LoadLibraryW
GetBinaryTypeA
GetModuleFileNameA
VerLanguageNameW
LeaveCriticalSection
GetDiskFreeSpaceA
GetProcessHeap
GetThreadTimes
LockFileEx
SleepEx

version

GetFileVersionInfoSizeA

shell32

SHGetSpecialFolderPathW

msvcrt

isprint
putc

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29a039457e3bf56aadc97fa1a833aba1

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

user32

secur32

gdi32

lz32

advapi32

ole32

clusapi

oleaut32

kernel32

version

shell32

msvcrt

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 64KB - Virtual size: 64KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 64KB - Virtual size: 64KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 25KB