73039c03f80251b286025a0fc2d6442d527ac97d905ebbc2b13bcbc69c91deda

Sharing

Copy URL Twitter E-mail

General

Target

73039c03f80251b286025a0fc2d6442d527ac97d905ebbc2b13bcbc69c91deda
Size

5.3MB
MD5

26f69f328648f84cabeba6825da8565f
SHA1

6e5c7f43cc3391cbbe37bfa17092692fd61de213
SHA256

73039c03f80251b286025a0fc2d6442d527ac97d905ebbc2b13bcbc69c91deda
SHA512

c695f0b74ec064388b931803e7b008215f1cba54fae60fd021a42bf62c658a4ba70811c503b1ba98ba621625fca36554440020acff056c0d5929096f53c18286
SSDEEP

98304:MIn8uq5/rtA7RwMyZ6Bim2cLDMpYOZA3yJ2awt6ABBKv5eciQl:7aORw/l4DTmf25t6AkeciI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73039c03f80251b286025a0fc2d6442d527ac97d905ebbc2b13bcbc69c91deda

Files

73039c03f80251b286025a0fc2d6442d527ac97d905ebbc2b13bcbc69c91deda
.exe windows:5 windows x86

c85aafa2931d109d4389522e5e21b4f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qd_utility

?doH2B@CEndecryptTest@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?downloadFile@CHttpTest@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00JPAX@Z
uninitHttp
initHttp
?doMd5@CEndecryptTest@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?sendHttpRequest@kutil@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@000AAJJ@Z
??1CHttpTest@@QAE@XZ
??0CHttpTest@@QAE@XZ
?doB2H@CEndecryptTest@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?doAesDecrypt@CEndecryptTest@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?doAesEncrypt@CEndecryptTest@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??1CEndecryptTest@@QAE@XZ
??0CEndecryptTest@@QAE@XZ
?doBase64Encode@CEndecryptTest@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?doHttpRequst@CHttpTest@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@000JPBD@Z

msvcp120

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??_7facet@locale@std@@6B@
??_7_Facet_base@std@@6B@
?_Winerror_map@std@@YAPBDH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Syserror_map@std@@YAPBDH@Z
?_BADOFF@std@@3_JB
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
??_7?$codecvt@_WDH@std@@6B@
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??_7codecvt_base@std@@6B@
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

msvcr120

memset
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
isspace
fputs
fflush
tolower
fopen
isupper
fwrite
fseek
_vscprintf
fclose
isxdigit
wcsstr
isdigit
memcpy
realloc
_vsnprintf
raise
strncmp
strcmp
qsort
getenv
ferror
fread
_setmode
_fileno
ftell
feof
fgets
_errno
_wfopen
_strnicmp
_gmtime64
strtoul
_getch
atoi
sprintf
strstr
_except1
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
sprintf_s
sscanf
memmove
modf
free
malloc
__iob_func
strchr
memchr
??_V@YAXPAX@Z
fprintf
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
__pxcptinfoptrs
_set_purecall_handler
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_set_invalid_parameter_handler
_set_abort_behavior
signal
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
vsprintf_s
wcscat_s
strcat_s
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
strncpy
strerror
?what@exception@std@@UBEPBDXZ
_time64
_snprintf
_CxxThrowException
__CxxFrameHandler3
_wcsicmp
_wtoi
strcpy_s
rename
wcscpy_s
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
_except_handler4_common
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
??1type_info@@UAE@XZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type

mfc120u

kernel32

GetModuleHandleW
GetModuleHandleA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
GetPrivateProfileStringA
OutputDebugStringW
DeleteFileA
GetPrivateProfileStringW
GetPrivateProfileIntW
RemoveDirectoryW
SetFileAttributesW
CreateMutexW
WideCharToMultiByte
CopyFileA
GetLastError
EnterCriticalSection
LoadLibraryW
GetModuleFileNameW
Sleep
TryEnterCriticalSection
GetTickCount
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
GetFileInformationByHandle
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
DeleteFileW
CloseHandle
OpenEventW
CreateEventW
CreateFileMappingW
LoadLibraryA
GetProcAddress
TerminateProcess
WaitForSingleObject
FreeLibrary
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
GetModuleFileNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
OpenProcess
CreateProcessA
GetEnvironmentVariableA
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LocalFree
GetVersion
WriteFile
GetFileType
GetStdHandle
GlobalMemoryStatus
FlushConsoleInputBuffer
DeviceIoControl
CreateDirectoryExW
AreFileApisANSI
GetCurrentProcess
FormatMessageA
FormatMessageW
CreateDirectoryW
CreateFileW
GetFileAttributesW
OutputDebugStringA
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnableWindow
KillTimer
TrackPopupMenu
AppendMenuW
CreatePopupMenu
GetCursorPos
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
FindWindowW
SetForegroundWindow
SetTimer
LoadIconW
PostQuitMessage
PostMessageW
FindWindowA
SendMessageW
IsWindow
GetDesktopWindow
GetWindowThreadProcessId
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
GetWindowTextW
EnumChildWindows
CharUpperBuffW

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconW
ShellExecuteA
ShellExecuteW

comctl32

InitCommonControlsEx

ole32

CoCreateGuid
OleUninitialize
OleInitialize

dbghelp

MiniDumpWriteDump

mc_talk

?createMcTalk@@YAPAVIMcTalk@@PAVIMcTalkCallback@@@Z
?releaseMcTalk@@YAXPAVIMcTalk@@@Z

sqlit3wrapper

?fetchRow@Sqlite3dbPrepare@db@@QBE_NXZ
?sqlStatement@Sqlite3dbPrepare@db@@QAEXPBD@Z
?executeAndFree@Sqlite3dbPrepare@db@@QAE_NXZ
?free@Sqlite3dbPrepare@db@@QAEXXZ
?getColumnInt@Sqlite3dbPrepare@db@@QBEHH@Z
?getColumnCString@Sqlite3dbPrepare@db@@QBEPBDH@Z
?bindInt@Sqlite3dbPrepare@db@@QAEXHH@Z
?bindString@Sqlite3dbPrepare@db@@QAEXHPBD@Z
?sql@Sqlite3dbPrepare@db@@QAE_NPBD@Z
??1Sqlite3dbPrepare@db@@QAE@XZ
??0Sqlite3dbPrepare@db@@QAE@PAVSqlit3dbHandle@1@@Z
??1Sqlit3dbHandle@db@@QAE@XZ
??0Sqlit3dbHandle@db@@QAE@PB_WHPBD@Z

elin_resource

?init@Cresoure@@SA_NXZ

qdinvoice_ui

?termPaintManager@@YAXXZ
?createQdMainframeUI@@YAPAVIQdMainframeUi@@PAVIQdInvoiceUiCallback@@@Z

ws2_32

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2]d
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sot
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ox
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c85aafa2931d109d4389522e5e21b4f1

Headers

DLL Characteristics

File Characteristics

Imports

qd_utility

msvcp120

msvcr120

mfc120u

kernel32

user32

shell32

comctl32

ole32

dbghelp

mc_talk

sqlit3wrapper

elin_resource

qdinvoice_ui

ws2_32

advapi32

Sections

.text Size: 584KB - Virtual size: 584KB

.rdata Size: 204KB - Virtual size: 204KB

.data Size: 20KB - Virtual size: 20KB

.2]d Size: 2.2MB - Virtual size: 2.2MB

.sot Size: 4KB - Virtual size: 4KB

.ox Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 44KB - Virtual size: 44KB

.rsrc Size: 68KB - Virtual size: 68KB

.l1 Size: 25KB - Virtual size: 25KB

.text
Size: 584KB - Virtual size: 584KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 20KB - Virtual size: 20KB

.2]d
Size: 2.2MB - Virtual size: 2.2MB

.sot
Size: 4KB - Virtual size: 4KB

.ox
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 68KB - Virtual size: 68KB

.l1
Size: 25KB - Virtual size: 25KB