MeiqiawindscrApp_xf[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MeiqiawindscrApp_xf.exe
Size

4.7MB
MD5

a71071dd9704670aa495e8b4efd783a3
SHA1

0552de47909cea8968951b63c26eb0ea3b56501a
SHA256

55c6ed11ec2c2eb194c8443b5e96cbbc3a121b0d6f7a5b3a920964070a5fb3e4
SHA512

30ada6ea568461c6b74a918811700fb80a0196b4475df83cc3e885678465aaaa81d4592f1b4a41cc72242e886819fedf3c7307f6a530deead83675b4641fc557
SSDEEP

98304:d5RKy1kib0/7pIVXKqZ9ziwXgTz8dtJG4laxxKRo57TebzIfL:dKyGB/9qbX/KxKRo5vebzIfL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MeiqiawindscrApp_xf.exe

Files

MeiqiawindscrApp_xf.exe
.exe windows:6 windows x86

2af7d02f07ff1d0cfa90cb3d306251c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapQueryInformation
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
GetACP
GetFileType
GetStdHandle
CreateFiber
DeleteFiber
SwitchToFiber
GetEnvironmentVariableW
VirtualFree
VirtualAlloc
GetSystemInfo
GetSystemDirectoryA
GetModuleHandleExW
GetCPInfo
GetStringTypeW
LCMapStringEx
SetStdHandle
GetLocaleInfoEx
CreateSymbolicLinkW
GetFileInformationByHandleEx
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
GetFileInformationByHandle
FindNextFileW
FindFirstFileExW
CreateDirectoryW
QueryPerformanceFrequency
RaiseException
OutputDebugStringW
VirtualQuery
GetDriveTypeW
PeekNamedPipe
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleOutputCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetFilePointerEx
GetUserDefaultLCID
GetTempFileNameW
Sleep
GetProfileIntW
GetTickCount64
SearchPathW
GetWindowsDirectoryW
GetTempPathW
FindResourceExW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
SystemTimeToFileTime
FileTimeToSystemTime
VerifyVersionInfoW
lstrcpyW
VerSetConditionMask
VirtualProtect
GlobalGetAtomNameW
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
InitializeCriticalSection
GetCurrentProcessId
CopyFileW
MulDiv
GlobalFree
GlobalUnlock
GlobalSize
CompareStringW
GetModuleHandleW
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
SetErrorMode
MultiByteToWideChar
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
OutputDebugStringA
GetProcessHeap
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
TlsFree
TlsSetValue
TlsGetValue
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemTimeAsFileTime
CreateWaitableTimerW
SetLastError
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
PostQueuedCompletionStatus
SleepEx
SetEvent
QueueUserAPC
TerminateThread
WaitForMultipleObjects
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventW
GetLastError
TlsAlloc
LocalFree
WideCharToMultiByte
FormatMessageW
FormatMessageA
GetCommandLineW

user32

NotifyWinEvent
WindowFromPoint
MessageBeep
SetWindowRgn
GetSystemMenu
LoadMenuW
ReleaseCapture
SetCapture
CharUpperW
IsZoomed
TrackMouseEvent
IntersectRect
EnumDisplayMonitors
SetLayeredWindowAttributes
MapDialogRect
GetAsyncKeyState
LoadCursorW
GetSysColorBrush
OffsetRect
SetRectEmpty
CreatePopupMenu
SetParent
BringWindowToTop
LockWindowUpdate
EnableWindow
PostMessageW
PostQuitMessage
SendDlgItemMessageA
InflateRect
GetMenuItemInfoW
DestroyMenu
GetSystemMetrics
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
SetCursor
ShowOwnedPopups
TranslateMessage
GetMessageW
SystemParametersInfoW
CopyImage
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
DestroyIcon
LoadImageW
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
GetUserObjectInformationW
GetProcessWindowStation
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetClassLongW
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBoxW
ScreenToClient
MapWindowPoints
GetSysColor
CopyRect
EqualRect
PtInRect
GetWindowLongW
SetWindowLongW
GetClassLongW
GetParent
GetClassNameW
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
GetMenuStringW
GetMenuState
InsertMenuW
AppendMenuW
RemoveMenu
DrawStateW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClipboardFormatW
CharUpperBuffW
ModifyMenuW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
CopyIcon
FrameRect
PostThreadMessageW
WaitMessage
GetNextDlgGroupItem
GetIconInfo
HideCaret
InvertRect
GetKeyNameTextW
DrawIcon
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetComboBoxInfo
SetCursorPos
InvalidateRect
FillRect
LoadBitmapW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
GetDesktopWindow
GetWindowThreadProcessId
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetDC
GetWindowDC
ReleaseDC
ClientToScreen
IsDialogMessageW
SetWindowTextW
CheckDlgButton
GetCursorPos
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
ShowWindow
MoveWindow
GetWindowRgn
SetWindowPos

gdi32

GetStockObject
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
SetTextColor
SetBkColor
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateDIBitmap
CreateRectRgnIndirect
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
CombineRgn
PatBlt
SetRectRgn
DPtoLP
CreateRoundRectRgn
BitBlt
EnumFontFamiliesExW
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
CreateBitmap
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
DeleteDC
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
CreateDIBSection

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

CryptCreateHash
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
RegCloseKey
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptGenRandom
RegEnumValueW
RegQueryValueW
RegEnumKeyW

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
DragQueryFileW
SHBrowseForFolderW
DragFinish

shlwapi

PathFindExtensionW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathIsUNCW
PathFindFileNameW

uxtheme

DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeParentBackground
CloseThemeData
OpenThemeData
IsAppThemed
DrawThemeText

ole32

RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
CoDisconnectObject
CoInitialize
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
RevokeDragDrop

oleaut32

VariantCopy
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString

ws2_32

socket
ntohs
gethostbyname
htonl
htons
inet_addr
inet_ntoa
gethostbyaddr
connect
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
select
ioctlsocket
closesocket
WSAGetLastError
WSACleanup
WSAStartup
setsockopt
getsockopt
WSASetLastError
send
recv
getservbyname
getservbyport
shutdown

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdiplusShutdown
GdipGetImageHeight
GdipGetImagePixelFormat
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImagePalette

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Exports

Exports

?n_CustomData_size@@3HA
xd_task_start
xd_task_stop
xd_uninit

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 886KB - Virtual size: 886KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2af7d02f07ff1d0cfa90cb3d306251c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

ws2_32

crypt32

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 886KB - Virtual size: 886KB

.data Size: 47KB - Virtual size: 84KB

.rsrc Size: 133KB - Virtual size: 133KB

.reloc Size: 235KB - Virtual size: 234KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 886KB - Virtual size: 886KB

.data
Size: 47KB - Virtual size: 84KB

.rsrc
Size: 133KB - Virtual size: 133KB

.reloc
Size: 235KB - Virtual size: 234KB