11583831838[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

11583831838.zip
Size

309KB
MD5

b8588f24aeca81550c4d2922b1935b47
SHA1

ca223985a70e7dce4604bcdf479f24d22286a2cd
SHA256

a2fa3ce6330bd8845d7deb7cb173766032de9d93b21508926ece322a15667997
SHA512

4a19cfbdd9323b90227366b16cb52d2be3e9db1aa59b84d89e8c6530bcfcfae00c70ce2e57e28850fc3e075295e1f682a24b7771b3e818af9d59f799254b092f
SSDEEP

6144:LzN6FR4d4P/Tw0BmogWyH9Mpo75mYH4gJS90QiXW4B0ByNJUfS0v:3N6FR4AbwQmotE9uqflJS0pJuBy3Uf3

Score

1^/10

Malware Config

Signatures

Files

11583831838.zip
.zip

Password: infected
95c813261813bbfe02b103dbfb2a40cd04a607c79ff18da139bb5f7fc9f792fe
.exe windows x64

d8aa3d3909f7b1862a7b8afe8bfe584a

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:d8:c4:52:3d:6f:04:4f:d0:93:fc:b5:15:47:ad:5e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/04/2021, 00:00

Not After

30/04/2024, 23:59

Subject

CN=Zhenjiang Super Network Control Network Technology Co.\, Ltd.,O=Zhenjiang Super Network Control Network Technology Co.\, Ltd.,L=Zhenjiang,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:95:60:e7:7e:a9:7e:f0:8a:15:f3:f0:4c:6d:4b:67:95:87:1b:16:c1:69:f5:db:13:97:0c:d8:24:a6:3d:31
Signer

Actual PE Digest

47:95:60:e7:7e:a9:7e:f0:8a:15:f3:f0:4c:6d:4b:67:95:87:1b:16:c1:69:f5:db:13:97:0c:d8:24:a6:3d:31

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

userenv

CreateEnvironmentBlock

advapi32

GetUserNameW
CryptGenRandom
CryptReleaseContext
LookupAccountSidW
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatus
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
CryptAcquireContextA

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertOpenStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CryptDecodeObjectEx

ws2_32

socket
WSAGetLastError
getsockopt
closesocket
htons
WSASetLastError
send
recv
inet_pton
__WSAFDIsSet
WSAStartup
select

qt5widgets

??0QApplication@@QEAA@AEAHPEAPEADH@Z
??1QApplication@@UEAA@XZ
?exec@QApplication@@SAHXZ

qt5network

?localHostName@QHostInfo@@SA?AVQString@@XZ
?state@QAbstractSocket@@QEBA?AW4SocketState@1@XZ

qt5sql

??0QSqlDatabase@@QEAA@AEBV0@@Z
??0QSqlQuery@@QEAA@VQSqlDatabase@@@Z
??1QSqlQuery@@QEAA@XZ
?exec@QSqlQuery@@QEAA_NAEBVQString@@@Z
?next@QSqlQuery@@QEAA_NXZ
?exec@QSqlQuery@@QEAA_NXZ
?prepare@QSqlQuery@@QEAA_NAEBVQString@@@Z
??0QSqlDatabase@@QEAA@XZ
??1QSqlDatabase@@QEAA@XZ
??4QSqlDatabase@@QEAAAEAV0@AEBV0@@Z
?open@QSqlDatabase@@QEAA_NXZ
?close@QSqlDatabase@@QEAAXXZ
?exec@QSqlDatabase@@QEBA?AVQSqlQuery@@AEBVQString@@@Z
?isValid@QSqlDatabase@@QEBA_NXZ
?transaction@QSqlDatabase@@QEAA_NXZ
?commit@QSqlDatabase@@QEAA_NXZ
?bindValue@QSqlQuery@@QEAAXAEBVQString@@AEBVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z
?value@QSqlQuery@@QEBA?AVQVariant@@H@Z
??4QSqlQuery@@QEAAAEAV0@AEBV0@@Z
??0QSqlQuery@@QEAA@AEBVQString@@VQSqlDatabase@@@Z
?drivers@QSqlDatabase@@SA?AVQStringList@@XZ
?database@QSqlDatabase@@SA?AV1@AEBVQString@@_N@Z
?addDatabase@QSqlDatabase@@SA?AV1@AEBVQString@@0@Z
?setConnectOptions@QSqlDatabase@@QEAAXAEBVQString@@@Z
?setDatabaseName@QSqlDatabase@@QEAAXAEBVQString@@@Z

qt5core

?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z
?rehash@QHashData@@QEAAXH@Z
?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z
??0QTextStream@@QEAA@PEAVQString@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QTextStream@@UEAA@XZ
??6QTextStream@@QEAAAEAV0@AEBVQString@@@Z
??6QTextStream@@QEAAAEAV0@PEBD@Z
?shared_null@QHashData@@2U1@B
??0QMessageLogger@@QEAA@PEBDH0@Z
?debug@QMessageLogger@@QEBAXPEBDZZ
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
?qInstallMessageHandler@@YAP6AXW4QtMsgType@@AEBVQMessageLogContext@@AEBVQString@@@ZP6AX012@Z@Z
?qSetMessagePattern@@YAXAEBVQString@@@Z
?qFormatLogMessage@@YA?AVQString@@W4QtMsgType@@AEBVQMessageLogContext@@AEBV1@@Z
?append@QByteArray@@QEAAAEAV1@PEBD@Z
??0QString@@QEAA@$$QEAV0@@Z
?append@QString@@QEAAAEAV1@AEBV1@@Z
?write@QIODevice@@QEAA_JAEBVQByteArray@@@Z
?close@QFileDevice@@UEAAXXZ
?flush@QFileDevice@@QEAA_NXZ
??0QFile@@QEAA@AEBVQString@@@Z
??1QFile@@UEAA@XZ
?setFileName@QFile@@QEAAXAEBVQString@@@Z
?exists@QFile@@SA_NAEBVQString@@@Z
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?instance@QCoreApplication@@SAPEAV1@XZ
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
?applicationFilePath@QCoreApplication@@SA?AVQString@@XZ
?applicationPid@QCoreApplication@@SA_JXZ
??0QFileInfo@@QEAA@AEBVQString@@@Z
??1QFileInfo@@QEAA@XZ
?completeBaseName@QFileInfo@@QEBA?AVQString@@XZ
??6QTextStream@@QEAAAEAV0@K@Z
??1QDateTime@@QEAA@XZ
?toString@QDateTime@@QEBA?AVQString@@AEBV2@@Z
?currentDateTime@QDateTime@@SA?AV1@XZ
??0QDir@@QEAA@AEBVQString@@@Z
??1QDir@@QEAA@XZ
?mkdir@QDir@@QEBA_NAEBVQString@@@Z
??1QDebug@@QEAA@XZ
?noquote@QDebug@@QEAAAEAV1@XZ
??6QDebug@@QEAAAEAV0@_N@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
?toLocal8Bit@QString@@QEGBA?AVQByteArray@@XZ
??6QDebug@@QEAAAEAV0@PEBX@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
??4QString@@QEAAAEAV0@PEBD@Z
?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
?shared_null@QMapDataBase@@2U1@B
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
?arg@QString@@QEBA?AV1@IHHVQChar@@@Z
??0QLibrary@@QEAA@AEBVQString@@PEAVQObject@@@Z
??1QLibrary@@UEAA@XZ
?resolve@QLibrary@@QEAAP6AXXZPEBD@Z
??6QDebug@@QEAAAEAV0@H@Z
?append@QByteArray@@QEAAAEAV1@D@Z
??M@YA_NAEBVQString@@0@Z
??0QVariant@@QEAA@AEBV0@@Z
??0QVariant@@QEAA@AEBVQString@@@Z
?toString@QVariant@@QEBA?AVQString@@XZ
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
?resize@QByteArray@@QEAAXH@Z
?reserve@QByteArray@@QEAAXH@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
?data@QByteArray@@QEBAPEBDXZ
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z
?begin@QListData@@QEBAPEAPEAXXZ
?end@QListData@@QEBAPEAPEAXXZ
??0QByteArray@@QEAA@PEBDH@Z
?qBadAlloc@@YAXXZ
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPEAU1@_K1@Z
?sharedNull@QArrayData@@SAPEAU1@XZ
??8QString@@QEBA_NPEBD@Z
?toUtf8@QString@@QEGBA?AVQByteArray@@XZ
?indexOf@QByteArray@@QEBAHPEBDH@Z
??0QChar@@QEAA@H@Z
?indexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z
?mid@QString@@QEBA?AV1@HH@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?dispose@QListData@@QEAAXXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?append@QListData@@QEAAPEAPEAXXZ
??0QVariant@@QEAA@XZ
??1QVariant@@QEAA@XZ
??4QVariant@@QEAAAEAV0@AEBV0@@Z
?toBool@QVariant@@QEBA_NXZ
?shared_null@QListData@@2UData@1@B
?arg@QString@@QEBA?AV1@HHHVQChar@@@Z
?lastIndexOf@QString@@QEBAHAEBV1@HW4CaseSensitivity@Qt@@@Z
?left@QString@@QEBA?AV1@H@Z
?fromLocal8Bit@QString@@SA?AV1@PEBDH@Z
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z
?at@QListData@@QEBAPEAPEAXH@Z
?start@QThread@@QEAAXW4Priority@1@@Z
??0QVariant@@QEAA@H@Z
??0QVariant@@QEAA@PEBD@Z
?toInt@QVariant@@QEBAHPEA_N@Z
?quit@QCoreApplication@@SAXXZ
?qgetenv@@YA?AVQByteArray@@PEBD@Z
?warning@QMessageLogger@@QEBA?AVQDebug@@XZ
?toHex@QByteArray@@QEBA?AV1@XZ
?arg@QString@@QEBA?AV1@KHHVQChar@@@Z
?indexOf@QString@@QEBAHAEBV1@HW4CaseSensitivity@Qt@@@Z
?midRef@QString@@QEBA?AVQStringRef@@HH@Z
?trimmed@QString@@QEGBA?AV1@XZ
?simplified@QString@@QEHAA?AV1@XZ
?replace@QString@@QEAAAEAV1@AEBV1@0W4CaseSensitivity@Qt@@@Z
?fromLocal8Bit@QString@@SA?AV1@AEBVQByteArray@@@Z
??4QString@@QEAAAEAV0@AEBVQByteArray@@@Z
??1QStringRef@@QEAA@XZ
?toLocal8Bit@QStringRef@@QEBA?AVQByteArray@@XZ
??8@YA_NAEBVQString@@AEBVQStringRef@@@Z
?remove@QListData@@QEAAXH@Z
?size@QListData@@QEBAHXZ
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
?cmp@QVariant@@QEBA_NAEBV1@@Z
?createUuid@QUuid@@SA?AV1@XZ
?arguments@QCoreApplication@@SA?AVQStringList@@XZ
?hash@QCryptographicHash@@SA?AVQByteArray@@AEBV2@W4Algorithm@1@@Z
??0QSettings@@QEAA@AEBVQString@@W4Format@0@PEAVQObject@@@Z
??1QSettings@@UEAA@XZ
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z
?setIniCodec@QSettings@@QEAAXPEBD@Z
?isEmpty@QListData@@QEBA_NXZ
??6@YA?AVQDebug@@V0@PEBVQObject@@@Z
??0QThread@@QEAA@PEAVQObject@@@Z
??1QThread@@UEAA@XZ
??6QTextStream@@QEAAAEAV0@D@Z
??6QDebug@@QEAAAEAV0@D@Z
?event@QThread@@UEAA_NPEAVQEvent@@@Z
?windowsVersion@QSysInfo@@SA?AW4WinVersion@1@XZ
?endsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?trimmed@QString@@QEHAA?AV1@XZ
?toStdWString@QString@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?qHash@@YAIAEBVQString@@I@Z
??6QDebug@@QEAAAEAV0@K@Z
?exists@QFile@@QEBA_NXZ
?className@QMetaObject@@QEBAPEBDXZ
?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z
?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z
??1QMutex@@QEAA@XZ
?lock@QMutex@@QEAAXXZ
?unlock@QMutex@@QEAAXXZ
?staticMetaObject@QObject@@2UQMetaObject@@B
?toLower@QString@@QEHAA?AV1@XZ
?metaObject@QThread@@UEBAPEBUQMetaObject@@XZ
?qt_metacall@QThread@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QThread@@UEAAPEAXPEBD@Z
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?remove@QFile@@QEAA_NXZ
??0QMutex@@QEAA@W4RecursionMode@0@@Z
??1QMutexLocker@@QEAA@XZ
?toRfc4122@QUuid@@QEBA?AVQByteArray@@XZ
?toLower@QString@@QEGBA?AV1@XZ
?fileName@QFileInfo@@QEBA?AVQString@@XZ
?qsrand@@YAXI@Z
?currentMSecsSinceEpoch@QDateTime@@SA_JXZ
?compare@QString@@QEBAHAEBV1@W4CaseSensitivity@Qt@@@Z
?compare@QString@@QEBAHVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?secsTo@QTime@@QEBAHAEBV1@@Z
?currentTime@QTime@@SA?AV1@XZ
?start@QTime@@QEAAXXZ
?elapsed@QTime@@QEBAHXZ
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z
?staticMetaObject@QThread@@2UQMetaObject@@B
?sprintf@QString@@QEAAAEAV1@PEBDZZ
??4QString@@QEAAAEAV0@AEBV0@@Z
??0QString@@QEAA@AEBV0@@Z
?append@QByteArray@@QEAAAEAV1@AEBV1@@Z
?constData@QByteArray@@QEBAPEBDXZ
??0QByteArray@@QEAA@XZ
??1QString@@QEAA@XZ
?fromUtf8@QString@@SA?AV1@PEBDH@Z
??0QString@@QEAA@XZ
?data@QByteArray@@QEAAPEADXZ
??1QByteArray@@QEAA@XZ
??0QByteArray@@QEAA@AEBV0@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
??1QObject@@UEAA@XZ
??0QObject@@QEAA@PEAV0@@Z
?utf16@QString@@QEBAPEBGXZ
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
?allocateNode@QHashData@@QEAAPEAXH@Z
??0QString@@QEAA@AEBVQByteArray@@@Z
??8@YA_NAEBVQString@@0@Z

shell32

CommandLineToArgvW

msvcp140

?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSEnumerateProcessesW

kernel32

WaitForSingleObjectEx
RtlVirtualUnwind
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
FormatMessageA
InitOnceExecuteOnce
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
IsDebuggerPresent
GetCurrentThreadId
GetFileSizeEx
VerifyVersionInfoA
GetEnvironmentVariableA
GetSystemDirectoryA
GetStartupInfoW
LoadLibraryA
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
SetConsoleCtrlHandler
WideCharToMultiByte
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
CreateSemaphoreW
WaitForMultipleObjects
ReleaseSemaphore
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetErrorMode
MultiByteToWideChar
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseMutex
GetCommandLineW
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
WaitNamedPipeW
CreatePipe
SetLastError
SetHandleInformation
WriteFile
ReadFile
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
OpenProcess
CreateFileW
WTSGetActiveConsoleSessionId
FormatMessageW
LocalFree
CreateProcessW
CreateMutexW
GetShortPathNameW
GetLongPathNameW
GetModuleFileNameW
CreateThread
Sleep
CreateEventW
WaitForSingleObject
SetEvent
GetLastError
GetLocalTime
PostQueuedCompletionStatus
CloseHandle
CreateFileA

vcruntime140

__std_terminate
memset
memmove
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcpy
memcmp
strchr
strrchr
strstr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

abort
_set_invalid_parameter_handler
_beginthreadex
_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_exe
exit
_register_thread_local_exe_atexit_callback
_c_exit
_initialize_onexit_table
_register_onexit_function
_exit
__sys_nerr
_initterm_e
terminate
_invalid_parameter_noinfo_noreturn
_initterm
_crt_atexit
_cexit
_get_narrow_winmain_command_line
strerror
_errno
_set_app_type

api-ms-win-crt-stdio-l1-1-0

fread
fopen
fclose
fflush
fwrite
__acrt_iob_func
__p__fmode
fputc
_set_fmode
__stdio_common_vsscanf
__stdio_common_vsprintf
__p__commode
__stdio_common_vfprintf
feof
fseek
ftell
__stdio_common_vfwprintf

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
_strdup
_wcsicmp
strncmp
wcscat_s
isupper
strspn
strcspn
wcscpy_s
tolower

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
wcstombs
atoi
strtoul

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
strftime

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
calloc
free
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-filesystem-l1-1-0

_stat64
_access

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_mbsnbcmp
_mbschr
_mbsnbcpy

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d8aa3d3909f7b1862a7b8afe8bfe584a

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

08:d8:c4:52:3d:6f:04:4f:d0:93:fc:b5:15:47:ad:5eCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

47:95:60:e7:7e:a9:7e:f0:8a:15:f3:f0:4c:6d:4b:67:95:87:1b:16:c1:69:f5:db:13:97:0c:d8:24:a6:3d:31Signer

Headers

DLL Characteristics

File Characteristics

Imports

userenv

advapi32

crypt32

ws2_32

qt5widgets

qt5network

qt5sql

qt5core

shell32

msvcp140

wtsapi32

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rodata Size: 2KB - Virtual size: 2KB

.rdata Size: 348KB - Virtual size: 348KB

.data Size: 11KB - Virtual size: 351KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

08:d8:c4:52:3d:6f:04:4f:d0:93:fc:b5:15:47:ad:5e
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

47:95:60:e7:7e:a9:7e:f0:8a:15:f3:f0:4c:6d:4b:67:95:87:1b:16:c1:69:f5:db:13:97:0c:d8:24:a6:3d:31
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rodata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 348KB - Virtual size: 348KB

.data
Size: 11KB - Virtual size: 351KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB