QHSafeMain[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

QHSafeMain.exe
Size

5.0MB
MD5

cc73dd40fa4b436126ab001b204d93a0
SHA1

1bceb1b7268718ead2401793fc65cb7afd67d0ad
SHA256

f6692f2fdfcff2dd3f039cb71eb0808166d6f98d4cd928808ccf4757b4fc3ed4
SHA512

ea9bd44967b8314e833e62622960433f2fd437843fadea668a0d52eacbcfb7ed23de1189b39563227b544641a6cc3d13cc5b564cb4de15702a989003a682665e
SSDEEP

98304:rbgpw181AZnsM6nJPtKNWM4QnAL95JdXy/+STwHLqHtK3aB3:vgUZnQJ1MGLXy/+SkGsy3

Score

1^/10

Malware Config

Signatures

Files

QHSafeMain.exe
.exe windows x86

d8f48642b9fd148c66c576ad2938972d

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05-01-2022 09:58

Not After

06-01-2024 09:58

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:44

Not After

08-05-2033 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:8d:4d:42:0e:98:ad:a4:3e:3e:fa:20:e7:3e:74:43:28:e2:7d:b8:e9:66:8a:62:fc:66:8e:83:7b:d6:df:66
Signer

Actual PE Digest

84:8d:4d:42:0e:98:ad:a4:3e:3e:fa:20:e7:3e:74:43:28:e2:7d:b8:e9:66:8a:62:fc:66:8e:83:7b:d6:df:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa
ntohs
htons
htonl
select
ntohl

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetSetOptionW
InternetOpenW
DeleteUrlCacheEntryW
InternetOpenUrlW
FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetQueryOptionW
InternetCrackUrlA
InternetGetConnectedState

kernel32

LocalAlloc
CreateProcessW
GetExitCodeThread
GetModuleHandleA
FlushInstructionCache
MulDiv
InterlockedIncrement
RaiseException
CreateEventA
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTempPathW
GetTempFileNameW
CreateDirectoryW
CompareFileTime
ReleaseSemaphore
CreateSemaphoreW
lstrlenA
lstrcmpiA
MapViewOfFile
lstrcpyW
InitializeCriticalSectionAndSpinCount
GetLocalTime
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
VerSetConditionMask
VerifyVersionInfoW
FlushViewOfFile
OpenFileMappingW
GetFileSizeEx
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLongPathNameW
GetFileAttributesExA
SetFileAttributesA
DeleteFileA
FreeConsole
GlobalFree
GetTimeZoneInformation
GlobalAlloc
GlobalLock
GlobalUnlock
GetCommandLineW
OpenEventW
GetComputerNameExW
CreateFileA
GetStartupInfoW
QueryPerformanceFrequency
QueryPerformanceCounter
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
lstrcmpW
GlobalHandle
TerminateProcess
SetErrorMode
ExitProcess
LocalFileTimeToFileTime
IsBadReadPtr
GetFileTime
InterlockedExchangeAdd
CreateMutexA
GetCurrentThread
SleepEx
ReadProcessMemory
GetModuleFileNameA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
HeapCreate
GetDateFormatA
GetTimeFormatA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
CompareStringW
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenMutexW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
SetEndOfFile
FlushFileBuffers
GetCurrentThreadId
FreeResource
GetFileAttributesExW
lstrcmpiW
GetSystemInfo
GetSystemPowerStatus
GlobalMemoryStatus
GlobalMemoryStatusEx
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
GetCurrentProcess
lstrlenW
SetLastError
ProcessIdToSessionId
LoadLibraryA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LoadLibraryExW
MultiByteToWideChar
ReleaseMutex
CreateMutexW
GetCurrentProcessId
GetLogicalDriveStringsW
DeviceIoControl
MoveFileExW
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetFileSize
GetPrivateProfileIntW
WritePrivateProfileStringW
GetDriveTypeW
GetWindowsDirectoryW
CreateThread
ResetEvent
GetShortPathNameW
OpenProcess
InterlockedDecrement
InterlockedExchange
FindClose
FindNextFileW
FindFirstFileW
ResumeThread
SetEvent
CreateEventW
InterlockedCompareExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
LocalFree
GetLastError
WaitForMultipleObjects
WaitForSingleObject
GetVersionExW
GetModuleHandleW
GetModuleFileNameW
ReadFile
SetFilePointer
GetPrivateProfileStringW
EnterCriticalSection
FreeLibrary
LeaveCriticalSection
GetProcAddress
LoadLibraryW
WriteFile
DeleteFileW
GetVersion
CreateFileW
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetEnvironmentVariableA
SetFilePointerEx
OutputDebugStringW
HeapUnlock
OpenThread
HeapLock
HeapWalk
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
lstrcmpA
SetEnvironmentVariableW

user32

WaitForInputIdle
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
UnregisterClassA
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetDC
ReleaseDC
KillTimer
DestroyWindow
SendMessageW
SetTimer
RegisterClassExW
SetWindowPlacement
SetLayeredWindowAttributes
EnumChildWindows
SetScrollInfo
GetScrollInfo
SetScrollPos
GetDlgCtrlID
HideCaret
UpdateLayeredWindow
PostQuitMessage
PeekMessageW
MapDialogRect
SetWindowContextHelpId
CreateDialogIndirectParamW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
CreateAcceleratorTableW
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
DestroyAcceleratorTable
GetKeyState
SetClassLongW
GetClassLongW
SetCursor
MoveWindow
GetCursorPos
SwitchToThisWindow
BringWindowToTop
IsIconic
EqualRect
InflateRect
CloseClipboard
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetRectEmpty
SetClipboardData
EmptyClipboard
OpenClipboard
SystemParametersInfoW
GetWindowDC
IsRectEmpty
CopyRect
OffsetRect
FindWindowW
IsWindow
PostMessageW
LoadStringW
SendMessageTimeoutW
GetWindowPlacement
ShowWindow
GetSystemMetrics
SetRect
ScreenToClient
GetMessagePos
DrawTextW
SetWindowTextW
GetDlgItem
GetWindow
MonitorFromWindow
MapWindowPoints
IsDialogMessageW
DrawIconEx
EnableWindow
GetActiveWindow
MessageBoxW
UpdateWindow
InvalidateRect
SetWindowRgn
MonitorFromRect
LoadIconW
GetDesktopWindow
keybd_event
GetKeyboardState
SetActiveWindow
AttachThreadInput
GetParent
SetWindowPos
SetFocus
IsWindowEnabled
GetForegroundWindow
AllowSetForegroundWindow
GetMonitorInfoW
GetClientRect
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
FindWindowExW
LoadImageW
DestroyIcon
IntersectRect
PtInRect
GetWindowRect
SetForegroundWindow
ClientToScreen
RegisterWindowMessageW

gdi32

GetObjectA
SetBkColor
ExtTextOutW
GdiAlphaBlend
StretchBlt
SetViewportOrgEx
CombineRgn
CreateRectRgn
CreateDIBSection
GetStockObject
CreateSolidBrush
CreateRectRgnIndirect
SetStretchBltMode
GetPixel
SetTextColor
CreateBitmap
CreateFontW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
DeleteObject
GetTextMetricsW
SelectObject
GetObjectW
GetDeviceCaps
DeleteDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
CryptGenRandom
RevertToSelf
RegEnumKeyExA
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ImpersonateLoggedOnUser
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
RegDeleteKeyW
RegCreateKeyA
GetSidSubAuthority
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
DuplicateTokenEx
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
RegCreateKeyW
ConvertStringSidToSidW
LookupAccountSidW
FreeSid
GetTokenInformation
AllocateAndInitializeSid
EqualSid
ConvertSidToStringSidW
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
ShellExecuteW
ord680
CommandLineToArgvW
ExtractIconExW
ord165
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetFileInfoW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
CoLoadLibrary
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
OleInitialize
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnlock
SafeArrayLock
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
DispCallFunc
SysAllocString
SysFreeString
VariantClear
VariantInit
VariantTimeToSystemTime
SafeArrayPutElement
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SystemTimeToVariantTime
VarDateFromStr
VarUI4FromStr
VariantChangeType
VarBstrCmp

shlwapi

PathCompactPathW
ColorRGBToHLS
ColorHLSToRGB
UrlGetPartW
StrStrA
PathIsRelativeW
StrStrW
StrCmpNIA
PathFindExtensionA
PathRemoveFileSpecA
PathStripPathW
PathAppendW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW
SHGetValueW
ord437
PathStripToRootW
PathCombineA
PathFileExistsA
StrCmpW
PathRemoveBackslashW
SHSetValueA
SHDeleteValueA
ord12
SHGetValueA
SHDeleteKeyW
StrCmpNIW
StrStrIA
SHDeleteValueW
SHSetValueW
PathAddBackslashW
wnsprintfW
PathIsDirectoryW
StrChrW
StrCmpNW
StrStrIW
StrCmpIW
PathFindExtensionW
PathFindFileNameW

comctl32

_TrackMouseEvent
InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory
WTSQuerySessionInformationW

userenv

GetUserProfileDirectoryW
CreateEnvironmentBlock
DestroyEnvironmentBlock

dnsapi

DnsFree
DnsQuery_A

rpcrt4

RpcStringBindingComposeW
NdrAsyncClientCall
RpcBindingFree
RpcStringFreeW
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW

imm32

ImmDisableIME

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 671KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8f48642b9fd148c66c576ad2938972d

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

84:8d:4d:42:0e:98:ad:a4:3e:3e:fa:20:e7:3e:74:43:28:e2:7d:b8:e9:66:8a:62:fc:66:8e:83:7b:d6:df:66Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

psapi

wtsapi32

userenv

dnsapi

rpcrt4

imm32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 671KB - Virtual size: 671KB

.data Size: 84KB - Virtual size: 119KB

.tls Size: 512B - Virtual size: 25B

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 248KB - Virtual size: 248KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

84:8d:4d:42:0e:98:ad:a4:3e:3e:fa:20:e7:3e:74:43:28:e2:7d:b8:e9:66:8a:62:fc:66:8e:83:7b:d6:df:66
Signer

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 671KB - Virtual size: 671KB

.data
Size: 84KB - Virtual size: 119KB

.tls
Size: 512B - Virtual size: 25B

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 248KB - Virtual size: 248KB