d95b5739ce120851910c402408ed638b34f76a648ae941bd364942426dfa9d2d

Sharing

Copy URL Twitter E-mail

General

Target

d95b5739ce120851910c402408ed638b34f76a648ae941bd364942426dfa9d2d
Size

319KB
MD5

97adda741ea9f5f4db85f4176140dbb5
SHA1

9e95c2902d349402a22d769742484b171bc963b5
SHA256

d95b5739ce120851910c402408ed638b34f76a648ae941bd364942426dfa9d2d
SHA512

4358e759a3d4d27dd4ce1faa06e3d26b9ee4eed3def2040b63fca14493c5b0cc381c168dfec06bbb02792554b90eac9d8d79373b5745b0e5d5193217adff0d06
SSDEEP

6144:SjVhcC4IefLXCRJ1A0LBsLqG8f1d/WhSzMUIHdsNW65Jj/l3u:WHc7IebA1zBsLBCXWMwU7W6HJe

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QAXProtect.dll
unpack001/svrQAXDocProtect_x64.exe

Files

d95b5739ce120851910c402408ed638b34f76a648ae941bd364942426dfa9d2d
.zip
QAXProtect.dll
.dll windows x86

935a0cab607d68d10acdd5552abc2029

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
Sleep
FreeLibrary
DisableThreadLibraryCalls
SetEndOfFile
WriteConsoleW
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
FindFirstFileExA
FindNextFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RtlUnwind
ReadFile
SetFilePointer
GetConsoleMode
ReadConsoleW
CloseHandle
SetLastError
InterlockedIncrement
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
CompareStringEx
LCMapStringEx
GetStringTypeW
CreateFileW
SetEnvironmentVariableA

user32

MessageBoxA

Exports

Exports

Afewjfiasdhfisfivjehafiuheuhfjaefeafgwe
DFFsdfjefhuhfsjkdahfkawherfewge
SDFDSfdsfjweufalkdfjaoiefhiosjdf
StartHook

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svrQAXDocProtect_x64.exe
.exe windows x86

ac38e5925ca0b10384e0ec926685b964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
HeapSize
GetLastError
HeapReAlloc
CloseHandle
RaiseException
LoadLibraryW
HeapAlloc
DecodePointer
GetProcAddress
DeleteCriticalSection
GetProcessHeap
FreeLibrary
SetLastError
FindNextFileW
GetCurrentProcess
WriteFile
FindClose
CreateFileW
GetModuleFileNameW
GetVersionExW
GetVersion
GetModuleHandleW
GetConsoleMode
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
EnterCriticalSection
HeapFree
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
SetStdHandle
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
WriteConsoleW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shlwapi

SHGetValueW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

935a0cab607d68d10acdd5552abc2029

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

ac38e5925ca0b10384e0ec926685b964

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB