QQEIMUninst[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

QQEIMUninst.exe
Size

582KB
MD5

832ddffbb4d6bbf67b77882d30477252
SHA1

077fa37e6219c7b887e1fc2a3ed7f1797f3b7a5d
SHA256

4cef53c7d7414a3a2f8d356d47c3986053993de5534ee0e795008896db3904df
SHA512

f6adcf552034a3e2f222a7714741f4221ab6fb3f3cd0b6a64f12d7ca73be5eeb9d89a297077513105cfa9618ff96bd3797c54669ef0d84f5704bd88a68cff037
SSDEEP

12288:zfBqV2vAzLvQuWNlZ42Iv0ZBBQSjmagmQXGq02clv7MqJnTvWw2Y2uZR+hSDrdr:zfBqVKGqEZG5j55ZRASDrdr

Score

1^/10

Malware Config

Signatures

Files

QQEIMUninst.exe
.exe windows x86

a60ce001323feb8091781ac43bfdffdd

Code Sign

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:4f:16:08:c8:1c:31:6b:84:a9:25:b8:72:f7:d6:0c:e6:8d:b6:5c:d6:d7:bd:30:93:3b:ec:3c:88:61:16:4a
Signer

Actual PE Digest

a0:4f:16:08:c8:1c:31:6b:84:a9:25:b8:72:f7:d6:0c:e6:8d:b6:5c:d6:d7:bd:30:93:3b:ec:3c:88:61:16:4a

Digest Algorithm

sha256

PE Digest Matches

true

d1:8d:4d:16:24:27:e6:cc:0a:da:ee:bb:09:b7:63:59:a1:81:e0:d5
Signer

Actual PE Digest

d1:8d:4d:16:24:27:e6:cc:0a:da:ee:bb:09:b7:63:59:a1:81:e0:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord70
ord195

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

htons
WSACleanup
recv
inet_addr
closesocket
gethostbyname
send
WSAStartup
inet_ntoa
socket
connect

kernel32

IsValidCodePage
GetOEMCP
GetACP
HeapCreate
IsProcessorFeaturePresent
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetLongPathNameW
DeleteFileW
WaitForSingleObject
GetModuleHandleW
Sleep
GetVersionExW
GetLastError
GetProcAddress
MoveFileExW
GetTickCount
MoveFileW
RemoveDirectoryW
CreateMutexW
LoadLibraryW
WideCharToMultiByte
CreateProcessW
OpenProcess
GetExitCodeProcess
Process32FirstW
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
TerminateProcess
MultiByteToWideChar
FindFirstFileW
FindResourceW
LoadResource
WriteFile
SizeofResource
CreateFileW
FindClose
SetUnhandledExceptionFilter
InterlockedExchangeAdd
GetStdHandle
GetCurrentProcess
ResumeThread
AssignProcessToJobObject
ReadFile
GetSystemTimeAsFileTime
InterlockedCompareExchange
GetNativeSystemInfo
CreateEventW
ExpandEnvironmentStringsW
GetLocaleInfoW
CopyFileW
GetFileAttributesExW
FindNextFileW
GetCurrentDirectoryW
SetLastError
LocalFree
GetCommandLineW
ReleaseMutex
GetModuleFileNameW
SetFilePointer
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
FreeEnvironmentStringsW
FlushFileBuffers
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThreadId
GetSystemDirectoryW
GetWindowsDirectoryW
InterlockedIncrement
SetEvent
ExitProcess
FreeResource
LockResource
LCMapStringW
RtlUnwind
GetCPInfo
HeapReAlloc
GetProcessHeap
HeapAlloc
GetConsoleMode
GetConsoleCP
GetFullPathNameW
GetFileType
SetStdHandle
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
HeapFree
InitializeCriticalSection
DecodePointer
EncodePointer
InterlockedDecrement
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
WriteConsoleW
GetStringTypeW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA

user32

MessageBoxW
SendMessageW
FindWindowW
PostMessageW
KillTimer
DispatchMessageW
TranslateMessage
CallMsgFilterW
DestroyWindow
UnregisterClassW
MsgWaitForMultipleObjectsEx
WaitMessage
RegisterClassExW
CreateWindowExW
SetTimer
DefWindowProcW
GetQueueStatus
PeekMessageW
PostQuitMessage

advapi32

RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegOpenKeyW
ControlService
DeleteService
RegDeleteKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CreateProcessAsUserW
RegSetValueExW

shell32

SHGetSpecialFolderLocation
CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetFolderPathW
SHGetPathFromIDListW

ole32

CoTaskMemFree
StringFromCLSID
CLSIDFromProgID
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathStripToRootW
wnsprintfW
SHDeleteKeyW
PathCanonicalizeW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a60ce001323feb8091781ac43bfdffdd

Code Sign

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a0:4f:16:08:c8:1c:31:6b:84:a9:25:b8:72:f7:d6:0c:e6:8d:b6:5c:d6:d7:bd:30:93:3b:ec:3c:88:61:16:4aSigner

d1:8d:4d:16:24:27:e6:cc:0a:da:ee:bb:09:b7:63:59:a1:81:e0:d5Signer

Headers

DLL Characteristics

File Characteristics

Imports

msi

psapi

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

userenv

shlwapi

winmm

Sections

.text Size: 423KB - Virtual size: 422KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 10KB - Virtual size: 23KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 30KB - Virtual size: 29KB

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a0:4f:16:08:c8:1c:31:6b:84:a9:25:b8:72:f7:d6:0c:e6:8d:b6:5c:d6:d7:bd:30:93:3b:ec:3c:88:61:16:4a
Signer

d1:8d:4d:16:24:27:e6:cc:0a:da:ee:bb:09:b7:63:59:a1:81:e0:d5
Signer

.text
Size: 423KB - Virtual size: 422KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 10KB - Virtual size: 23KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 30KB - Virtual size: 29KB