9b646dd6a2aea7f71e51ba0a0783a33d578b8c11ba1804618d10dcd3ffe69b4e

Sharing

Copy URL Twitter E-mail

General

Target

9b646dd6a2aea7f71e51ba0a0783a33d578b8c11ba1804618d10dcd3ffe69b4e
Size

681KB
MD5

727786f7aa50247f4ad9cedf2eb58e97
SHA1

95b997caba2b6d741504eb3345c9a27a6f148a38
SHA256

9b646dd6a2aea7f71e51ba0a0783a33d578b8c11ba1804618d10dcd3ffe69b4e
SHA512

77ae8a064505465ea7168e6f9a12dff653b9b2b68abc377cba7d07c6174a17f89ffacc391bb381ac67545ad9d72738f2ac1fedc3e15d74095a214e850a61e005
SSDEEP

12288:35vaHDC6tR4F/bc5TbQ5vXAuATimaoQRdWkPk+F:JvaHDDR4Fo5TbQtA9+NRRdWkP1F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b646dd6a2aea7f71e51ba0a0783a33d578b8c11ba1804618d10dcd3ffe69b4e

Files

9b646dd6a2aea7f71e51ba0a0783a33d578b8c11ba1804618d10dcd3ffe69b4e
.exe windows:6 windows x64

d89c668e79977c156fd594db81b238dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

apeditorcore

?afterKill@APNExportApp@@QEAAXXZ
??1APNExportApp@@UEAA@XZ
??0APNExportApp@@QEAA@AEAHPEAPEAD@Z
?openEditDialog@LaunchWindowClip@@SAXV?$function@$$A6AXXZ@std@@@Z
?Obj@LaunchWindowClip@@SAPEAV1@XZ
??1APNThumbApp@@UEAA@XZ
??0APNThumbApp@@QEAA@AEAHPEAPEAD@Z
??1SplashScreen@@UEAA@XZ
??0SplashScreen@@QEAA@PEAVQWidget@@@Z
?convert@APNConvertApp@@QEAA_NXZ
??1APNConvertApp@@UEAA@XZ
??0APNConvertApp@@QEAA@AEAHPEAPEAD@Z
?setLogPath@APNCrashRpt@APNext@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?uninstallCrashRpt@APNCrashRpt@APNext@@QEAAXXZ
?installCrashRpt@APNCrashRpt@APNext@@QEAAHXZ
??1APNCrashRpt@APNext@@QEAA@XZ
??0APNCrashRpt@APNext@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?Obj@LaunchWindow@@SAPEAV1@XZ
??1APNextUpdateApp@APNext@@UEAA@XZ
??0APNextUpdateApp@APNext@@QEAA@AEAHPEAPEAD@Z
?sendSplashScreenMessge@RemoteServer@@QEAAXAEBVQJsonObject@@@Z
?quitSplashScreen@RemoteServer@@QEAAXXZ
?showSplashScreen@RemoteServer@@QEAAXW4ShowType@1@@Z
?OBJ@RemoteServer@@SAPEAV1@XZ
?generateTimeDateFilename@APNext@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD_N@Z
?checkHasAudioDevice@APNextApp@APNext@@QEAA_NXZ
?stopMessageHeartBeat@APNextApp@APNext@@QEAAXXZ
?startMessageHeartBeat@APNextApp@APNext@@QEAAXXZ
?startMessageProcess@APNextApp@APNext@@QEAAXXZ
?checkUpateInNewProcess@APNextApp@APNext@@QEAAXXZ
??1APNextApp@APNext@@UEAA@XZ
??0APNextApp@APNext@@QEAA@AEAHPEAPEAD@Z
?UTF8_To_string@APN@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV23@@Z
??1APNMessageApp@APNext@@UEAA@XZ
??0APNMessageApp@APNext@@QEAA@AEAHPEAPEAD@Z

cvcore

??0CVCPoint@CVCore@@QEAA@MM@Z
?getSingleton@CVCManager@CVCore@@SAPEAV12@XZ
?setAppDataPath@CVCManager@CVCore@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

alog

log_set_type
log_set_callback
log_set_level
log_debug
log_info
log_error

psapi

GetProcessMemoryInfo

data_sender

DS_SendEvent
DS_Config

apuser

?unload3rdDll@APNUserLenovo@@UEAAXXZ
?sync3rdData@APNUserLenovo@@UEAAXXZ
?relogin@APNUser@@UEAAXXZ
?qt_metacast@APNUserLenovo@@UEAAPEAXPEBD@Z
?qt_metacast@APNUserHandlerLenovo@@UEAAPEAXPEBD@Z
?qt_metacall@APNUserLenovo@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacall@APNUserHandlerLenovo@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?paintVipHeadPic@APNUserLenovo@@MEAAXAEBVQImage@@@Z
?openUrl@APNUserHandler@@UEAAXAEBVQString@@@Z
?onVipPrivilegeDialog@APNUserHandler@@MEAAXXZ
?onPopupVipPayDialog@APNUserHandler@@MEAAXVQString@@@Z
?onPopupPersonalCentre@APNUserHandler@@MEAAXH@Z
?onPopLoginView@APNUserHandlerLenovo@@MEAAXV?$function@$$A6AXXZ@std@@@Z
?onLogout@APNUserHandler@@MEAAXXZ
?onLoginValidQuery@APNUserHandler@@MEAAXXZ
?metaObject@APNUserLenovo@@UEBAPEBUQMetaObject@@XZ
?metaObject@APNUserHandlerLenovo@@UEBAPEBUQMetaObject@@XZ
?logout@APNUserLenovo@@UEAAXXZ
?isInit@APNUser@@UEAA_NXZ
?init@APNUserLenovo@@UEAA_NXZ
?getVoiceTextTransformTrialSec@APNUser@@UEAA_JXZ
?get3rdAccountId@APNUserLenovo@@UEAA?AVQString@@XZ
?autoLogin@APNUserLenovo@@UEAAXXZ
??1APNUserHandlerLenovo@@UEAA@XZ
??0APNUserHandlerLenovo@@QEAA@PEAVQObject@@@Z
?setHandlerObj@APNUserHandler@@SAXPEAV1@@Z
??1APNUserLenovo@@UEAA@XZ
??0APNUserLenovo@@QEAA@PEAVQObject@@@Z
?setUserObj@APNUser@@SAXPEAV1@@Z
?OEM_FOXIT_ENABLE@API@@2QEADEA
?FOXIT@API@@2HA
?JIANYING@API@@2HA
?COOLCUT@API@@2HA
?EDITOR@API@@2HA
?AIPAI@API@@2HA
?setCreateHandlerFun@APNUserHandler@@SAXV?$function@$$A6AXXZ@std@@@Z
?setCreateUserObjFun@APNUser@@SAXV?$function@$$A6AXXZ@std@@@Z
?Obj@APNUser@@SAPEAV1@XZ
?init@API@@SAXH@Z
??1APNWarningDialog@@UEAA@XZ
??0APNWarningDialog@@QEAA@AEBVQString@@PEAVQWidget@@@Z

apcore

?Obj@APNGlobalVariant@@SAPEAV1@XZ
?setIsGles@APNGlobalVariant@@QEAAX_N@Z
?setIsEnableHDPI@APNGlobalVariant@@QEAAX_N@Z
?toObject@JsonHelper@@SA?AVQJsonObject@@VQString@@PEA_N@Z
?readVersion@APN@@YA?AVQString@@AEBV2@@Z
?readChannel@APN@@YA?AVQString@@AEBV2@@Z
?getLanguageFromFile@APN@@YA?AVQString@@XZ
?urlFromParams@APN@@YA?AVQUrl@@HPEAPEAD@Z
?takeUrlInfo@APN@@YA_NVQUrl@@AEAVQString@@1PEAV?$QList@U?$QPair@VQString@@V1@@@@@@Z
?isNullOrEmpty@TextUitility@@SA_NAEBVQString@@@Z
?join@FilePathHelper@@SA?AVQString@@VQStringList@@@Z
?getAppDataLocation@FilePathHelper@@SA?AVQString@@XZ
?getSettingFilename@FilePathHelper@@SA?AVQString@@XZ
?getOldSettingFilename@FilePathHelper@@SA?AVQString@@XZ
?sendDataEventNew@APNSignalCenter@@QEAAXVQString@@@Z
?runAdminPrivileges@OS@@YAXAEBVQString@@0@Z
?Obj@NetworkHelper@@SAPEAV1@XZ
?get@NetworkHelper@@QEAA?AVQString@@VQUrl@@@Z
??0LockedFile@@QEAA@AEBVQString@@@Z
??1LockedFile@@UEAA@XZ
?lock@LockedFile@@QEAA_NW4LockMode@1@_N@Z
?unlock@LockedFile@@QEAA_NXZ
?UPDATE_FILENAME@APNInfo@@2QEBDEB
?CHANNEL_FILENAME@APNInfo@@2QEBDEB
?IS_DEBUG@APNInfo@@2_NA
?IS_EDITOR@APNInfo@@2_NA
?IS_COOLCUT@APNInfo@@2_NA
?IS_JIANYING@APNInfo@@2_NA
?IS_LENOVO@APNInfo@@2_NA
?IS_FOXIT@APNInfo@@2_NA
?Obj@APNSignalCenter@@SAPEAV1@XZ
??0APNInfo@@QEAA@PEAVQObject@@@Z
?refreshResourcePath@APNInfo@@QEAAXXZ
?isRunAsAdministrator@OS@@YA_NXZ
?NOT_HDPI_ENABLE_FLAG_FILE@APNInfo@@2VQString@@A
?APP_LANGUAGE@APNInfo@@2VQString@@A
?init@APNInfo@@SAXH@Z
?ALL_LANGUAGES@LanguageType@@2VQStringList@@A
?DEAFAULT_LANGUAGE@LanguageType@@2VQString@@A
?Spain@LanguageType@@2VQString@@A
?Arabic@LanguageType@@2VQString@@A
?Italiano@LanguageType@@2VQString@@A
?France@LanguageType@@2VQString@@A
?Deutsch@LanguageType@@2VQString@@A
?Japanese@LanguageType@@2VQString@@A
?English@LanguageType@@2VQString@@A
?Chinese@LanguageType@@2VQString@@A
?desktopProjectExtnCompatible@APNInfo@@2VQString@@A
?desktopProjectExtn@APNInfo@@2VQString@@A
?SingleAppSeverName@APNInfo@@2VQString@@A
?DISPLAY_APPNAME@APNInfo@@2VQString@@A
?RESOURCE_PATH@APNInfo@@2VQString@@A
?URL_PROTOCOL@APNInfo@@2VQString@@A
?XIAODAO_CHANNEL@APNInfo@@2VQString@@A
?XIAODAO_VERSION@APNInfo@@2VQString@@A
??1APNInfo@@UEAA@XZ

qt5quick

?setSceneGraphBackend@QQuickWindow@@SAXW4GraphicsApi@QSGRendererInterface@@@Z

qt5network

?waitForConnected@QLocalSocket@@QEAA_NH@Z
??1QLocalSocket@@UEAA@XZ
??0QLocalSocket@@QEAA@PEAVQObject@@@Z
?connectToServer@QLocalSocket@@QEAAXAEBVQString@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?waitForBytesWritten@QLocalSocket@@UEAA_NH@Z

qt5widgets

??1QApplication@@UEAA@XZ
?exec@QApplication@@SAHXZ
?exec@QDialog@@UEAAHXZ
?show@QWidget@@QEAAXXZ
??0QApplication@@QEAA@AEAHPEAPEADH@Z

qt5gui

?setHighDpiScaleFactorRoundingPolicy@QGuiApplication@@SAXW4HighDpiScaleFactorRoundingPolicy@Qt@@@Z
?setQuitOnLastWindowClosed@QGuiApplication@@SAX_N@Z

qt5core

??1QLibrary@@UEAA@XZ
?resolve@QLibrary@@QEAAP6AXXZPEBD@Z
??0QSettings@@QEAA@AEBVQString@@W4Format@0@PEAVQObject@@@Z
??1QSettings@@UEAA@XZ
?sync@QSettings@@QEAAXXZ
?setValue@QSettings@@QEAAXAEBVQString@@AEBVQVariant@@@Z
?defaultTypeFor@QTimer@@CA?AW4TimerType@Qt@@H@Z
?singleShotImpl@QTimer@@CAXHW4TimerType@Qt@@PEBVQObject@@PEAVQSlotObjectBase@QtPrivate@@@Z
??0QTranslator@@QEAA@PEAVQObject@@@Z
??1QTranslator@@UEAA@XZ
?load@QTranslator@@QEAA_NAEBVQString@@000@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?isEmpty@QTranslator@@UEBA_NXZ
?metaObject@QTranslator@@UEBAPEBUQMetaObject@@XZ
?qt_metacall@QTranslator@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QTranslator@@UEAAPEAXPEBD@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?translate@QTranslator@@UEBA?AVQString@@PEBD00H@Z
?shared_null@QListData@@2UData@1@B
??1QJsonObject@@QEAA@XZ
??0QJsonObject@@QEAA@V?$initializer_list@U?$QPair@VQString@@VQJsonValue@@@@@std@@@Z
?toString@QJsonValue@@QEBA?AVQString@@XZ
?toInt@QJsonValue@@QEBAHH@Z
??0QJsonValue@@QEAA@AEBV0@@Z
??1QJsonValue@@QEAA@XZ
??0QJsonValue@@QEAA@PEBD@Z
??0QJsonValue@@QEAA@AEBVQString@@@Z
?tempPath@QDir@@SA?AVQString@@XZ
?setCurrent@QDir@@SA_NAEBVQString@@@Z
?isDir@QFileInfo@@QEBA_NXZ
?isFile@QFileInfo@@QEBA_NXZ
?absolutePath@QFileInfo@@QEBA?AVQString@@XZ
?exists@QFileInfo@@SA_NAEBVQString@@@Z
?exists@QFileInfo@@QEBA_NXZ
??1QFileInfo@@QEAA@XZ
??0QFileInfo@@QEAA@AEBVQString@@@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
??6QDebug@@QEAAAEAV0@H@Z
??6QDebug@@QEAAAEAV0@D@Z
??6QDebug@@QEAAAEAV0@_N@Z
?setAutoInsertSpaces@QDebug@@QEAAX_N@Z
?autoInsertSpaces@QDebug@@QEBA_NXZ
?maybeSpace@QDebug@@QEAAAEAV1@XZ
?nospace@QDebug@@QEAAAEAV1@XZ
??1QDebug@@QEAA@XZ
??0QDebug@@QEAA@AEBV0@@Z
??6QTextStream@@QEAAAEAV0@PEBD@Z
??6QTextStream@@QEAAAEAV0@AEBVQString@@@Z
?flush@QTextStream@@QEAAXXZ
??1QTextStream@@UEAA@XZ
??0QTextStream@@QEAA@PEAVQIODevice@@@Z
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?copy@QFile@@SA_NAEBVQString@@0@Z
?exists@QFile@@QEBA_NXZ
??1QFile@@UEAA@XZ
??0QFile@@QEAA@AEBVQString@@@Z
?close@QFileDevice@@UEAAXXZ
??0QLibrary@@QEAA@AEBVQString@@PEAVQObject@@@Z
?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
?isEmpty@QUrl@@QEBA_NXZ
?toString@QUrl@@QEBA?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z
??1QUrl@@QEAA@XZ
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z
??0QUrl@@QEAA@AEBV0@@Z
?readLine@QIODevice@@QEAA?AVQByteArray@@_J@Z
??0QVariant@@QEAA@AEBVQString@@@Z
??0QVariant@@QEAA@PEBD@Z
??1QVariant@@QEAA@XZ
?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z
?installTranslator@QCoreApplication@@SA_NPEAVQTranslator@@@Z
?applicationFilePath@QCoreApplication@@SA?AVQString@@XZ
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
?exec@QCoreApplication@@SAHXZ
?instance@QCoreApplication@@SAPEAV1@XZ
?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z
?QStringList_contains@QtPrivate@@YA_NPEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z
?QStringList_join@QtPrivate@@YA?AVQString@@PEBVQStringList@@PEBVQChar@@H@Z
?end@QListData@@QEBAPEAPEAXXZ
?begin@QListData@@QEBAPEAPEAXXZ
?at@QListData@@QEBAPEAPEAXH@Z
?size@QListData@@QEBAHXZ
?append@QListData@@QEAAPEAPEAXXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?dispose@QListData@@QEAAXXZ
?realloc@QListData@@QEAAXH@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?toStdString@QString@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??8QString@@QEBA_NPEBD@Z
??4QString@@QEAAAEAV0@PEBD@Z
??0QString@@QEAA@PEBD@Z
??8@YA_NAEBVQString@@0@Z
?number@QString@@SA?AV1@KH@Z
?number@QString@@SA?AV1@HH@Z
?fromLocal8Bit@QString@@SA?AV1@PEBDH@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
?toUtf8@QString@@QEGBA?AVQByteArray@@XZ
?replace@QString@@QEAAAEAV1@AEBV1@0W4CaseSensitivity@Qt@@@Z
??YQString@@QEAAAEAV0@AEBV0@@Z
??YQString@@QEAAAEAV0@VQChar@@@Z
?toLower@QString@@QEGBA?AV1@XZ
?endsWith@QString@@QEBA_NVQChar@@W4CaseSensitivity@Qt@@@Z
?endsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?constData@QString@@QEBAPEBVQChar@@XZ
?length@QString@@QEBAHXZ
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??0QString@@QEAA@$$QEAV0@@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
??1QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
??0QString@@QEAA@VQLatin1String@@@Z
??0QString@@QEAA@VQChar@@@Z
??0QString@@QEAA@XZ
?constData@QByteArray@@QEBAPEBDXZ
?isEmpty@QByteArray@@QEBA_NXZ
?size@QByteArray@@QEBAHXZ
??1QByteArray@@QEAA@XZ
?qChecksum@@YAGPEBDI@Z
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
??0QMessageLogger@@QEAA@PEBDH0@Z
?value@QJsonObject@@QEBA?AVQJsonValue@@AEBVQString@@@Z
?path@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
?isEmpty@QJsonObject@@QEBA_NXZ
?detach@QListData@@QEAAPEAUData@1@H@Z

kernel32

SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentThreadId
InitializeSListHead
GetCommandLineW
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetLogicalProcessorInformation
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
LocalFree
SetThreadExecutionState
FormatMessageA
MoveFileExW
ReplaceFileW
MultiByteToWideChar
WideCharToMultiByte
CopyFileW
GetCurrentProcessId
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
SetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

shell32

CommandLineToArgvW
SHGetFolderPathW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegCloseKey
RegQueryValueExW

msvcp140

?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

vcruntime140

memset
strchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
strstr
memchr
memcmp
strrchr
__current_exception
__current_exception_context
__C_specific_handler
__std_type_info_destroy_list
__std_terminate
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm
_crt_atexit
_execute_onexit_table
_initterm_e
_cexit
_seh_filter_exe
_get_narrow_winmain_command_line
_initialize_narrow_environment
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_set_app_type
terminate
_crt_at_quick_exit
_seh_filter_dll
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_aligned_free
_set_new_mode
calloc
_aligned_realloc
_aligned_malloc
_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

strtod
mbstowcs
strtoull
wcstombs
wcstol

api-ms-win-crt-stdio-l1-1-0

fseek
_wfopen
__acrt_iob_func
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
feof
fopen
fputc
fread
fsetpos
_fseeki64
_set_fmode
fwrite
__stdio_common_vsprintf
__stdio_common_vfprintf
ungetc
__p__commode
_ftelli64
setvbuf
__stdio_common_vsscanf
fgets

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_wstat64i32
_lock_file
_unlock_file
_wfullpath

api-ms-win-crt-string-l1-1-0

towlower
strlen
towupper
strncpy
strncmp
toupper
wcslen
strcmp
tolower
strcat_s

api-ms-win-crt-time-l1-1-0

_localtime64
strftime

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Exports

Exports

�MCr_Ò�F(�U��?��n`Hg׬��#y�j�5��G�? �t��<��!�`;��`t��s�D �W�ɖ�t��]à�C�ȊB�A=/$�9��݋�d��w�4�n�^�0��* I��U�9��B��j��t5J>:'t2k�/s -]��5��Y��<TS�R�9�Wf��$A�=��*�I��y�j1��ڮe��o,�� ;��H?�U ��/Zu�PU�D_��l�q��T<QW��)�=�hSܦ�X�Y�l�WH3�{x��8d��]��'��v�b'K��;�PZ��B>۾?(�n�C�_ �*��D��})]��bLH)\ �&��25I�KXT�+N��]|�DO#�f��\ ��?��_�@$��\��7��̱1^�(W �%��l1��wUs��>yvm�請h�� I=�w��c��X0�\��8�e��=�l]�y�!�%HB��1K��̰3�b��.�[0�$��u�̤{\~�C�s&��rL�׹� z��7G/~{�� A��v6��wM�$g��>S93<��L��m��"��9|%t��_�VWe�Qw��W[�)p�UW�X)�W��8��vM��T%�R��{�h�_��+��D��?>W�u])A,�AΣj;}��p��AA�/�X:Gdi9��"��1�[1��MOjO�h:�4��Qr�/[��i�v�-�B|C|��c�@�PK�~SX��I�;in�[X0��cSYߊ�]L��)�T#��W'#0A��A��6�P��hbc, ��@��"n^,��i��$<�|g�_)J��#�|�6��iMUV*�V+�f��kc�v�gil|i]R0�X�kti=�qM�|z��3#%�?��mW��N��Ai٢Hnw��;N��q�͍��U��I��6,��H��kxp��5a�s��U��Sϙǐ�cJ?Q��u�0j��_��*^��%�3[��˻�}Sw_.�� 1hIHƴ��$�^��b��Q�^ΐ��u�=3í�r��"D��R�1��jR��_BVP3]v��O;��N}�1�g�J�IS��o��?�r6 W�$,(��/j�eܲ�"��{��)��$F XN��{/6��pYk��D��W��.�� 7�ѳ��sq*�VS��9u�m��W�u�Ȁ8�"��j��ʥ��R ЙˉDg_7L�h誟��M5�m�:y��l7"^��xj Q��$�~��ubyp�� "� x�EjF�/��p��G��Kh�!�s�)�� ~c�"iD�V��Z�$[ϛ��S��Wɰ"Z�?��c�H��ܺoU`vƒUi�mۘ^��n�;��K�ͩ��x��y�d!��౰&ry��5��F��a=�L�G�}F_�+7A�'��.��}�(�� y�ר`��l#��9%'�=��Ű^��փ_��F�j��Lp��ݳwFsk/�8��ĔNA�3��iOcmzo�o��N��b��bⶂ�[��p�]X�M-k��<�T��M��2^8��\��g��T��I�ı\�e��`��dsn��C�]�qXa��đu�/��݂`�&�:S7��\�O��-��bP�8t��SD�v��y��m��tB�&q��<C�(��DN�R�k� g� f��Jf%�/灭�>\t��>��?1/m̱��#P��|��ط��@T��,�$�q<�rs.��XK\tO=)��/�¸�8QjA�- ��NP��'C�T��N"��<�{�>�&��W�ҭ�i� ��Γ-��jy�KF� �vx��}.23R�! �C&�g��Fcґ_�hi�F�>6$M�"�E��3q�㱈7�(�BQ�ž c� FWF�^��&zx_��pE�X�Z�R�3ͱ�xy��U��N$:�%f\ڹ��{t\H��*8��3f[X]A%O�)��K��,ݒz[��$�M�-?=�ѐء��i��ƻ�Z�7;��k#��8��B��:ؒ��\@�D��V7T�T��rS��x?_"�pD��{r]=��:�3q"��0�;�i�H>6�V��+��b�h'��^��!�a��׍e�^V>�[�L��R��Q2 ��F�\Ȓ_x�� ^8��4e�9=��x�s��3��"0��N�b��h*��!�A+�*�eykR" �TP�i��+"�B�U�4�1��/�lr��9/0p.f��"��HR�qAć�dM��'in��&Ǯ�QYE��p�W5��9��ڹ��&} ��?jr�oM�淡�V�]V��I�J?7lM�au��L��^T�� ]��p9�I��|�KI��$+��h��%�V�*�r��%Ojf��z�ퟨT��gKQ5@�w��5n��徆N�<��wAJ��zX`�@�;OZ.��NS��Kc��5��@U��[��-��ۊܬ6��8��R-0i��c -G��ZлQ�i��3��O��5]5So�XW��JB��eTe�Š��L&��r�t��P(��J��)� BBִ.2�QߗcV��ъ��ڽm� T� ��}�E� n�֟,y ��_N�b]��ߧ�9�� c�Y/"Z݀�WI{�'3|�z[�o�o��rl=�oh�"��,�J4�]�G״�}R>��~� ؀\��4?��ҍf��`G5��]��;$��)��3��B��=��u�]R��LCxtf��[)�$|os�2Z=��ˮ� z��hn��V��ɖ��F��`��7�G�]^1��w�8�1O��~B��^d��aA

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d89c668e79977c156fd594db81b238dc

Headers

DLL Characteristics

File Characteristics

Imports

apeditorcore

cvcore

alog

psapi

data_sender

apuser

apcore

qt5quick

qt5network

qt5widgets

qt5gui

qt5core

kernel32

shell32

advapi32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 261KB - Virtual size: 260KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 23KB - Virtual size: 23KB

.vmp0 Size: 88KB - Virtual size: 87KB

.tls Size: 512B - Virtual size: 48B

.vmp1 Size: 106KB - Virtual size: 106KB

.reloc Size: 1024B - Virtual size: 688B

.rsrc Size: 107KB - Virtual size: 106KB

.text
Size: 261KB - Virtual size: 260KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 23KB - Virtual size: 23KB

.vmp0
Size: 88KB - Virtual size: 87KB

.tls
Size: 512B - Virtual size: 48B

.vmp1
Size: 106KB - Virtual size: 106KB

.reloc
Size: 1024B - Virtual size: 688B

.rsrc
Size: 107KB - Virtual size: 106KB