drone[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

drone.exe
Size

2.0MB
MD5

4dd15adb062c1172286dbf861bc74c45
SHA1

9712c955405dc34273e424bb408fac58bcf0a4f7
SHA256

ecce9468be5e25233b3b93b45c67e9ae232dfff30c0add53ad2c2b0c6f78c4f6
SHA512

8d4052e75d93640cd364faa603e0c8313eea9589d3297ad3624c3a6cb290e12a857e9d71c3ef0de03b01ac33845479a96523b18c74d492755fb6057c4a926d3f
SSDEEP

49152:ngVxb6SeUnIFrn7G4jyjNQzCQe1yZEEaZHjIKUd0h4Z51H6GfwLKxbxxM4hSJ6mm:gVxb6SeUnIFrn7G4jyjNQmQgy/aZHjIf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
drone.exe

Files

drone.exe
.exe windows:4 windows x86

5cc6261e71cf14aa32045e457e62409c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

packet

PacketOpenAdapter
PacketRequest

wpcap

pcap_breakloop
pcap_close
pcap_compile
pcap_dump
pcap_dump_close
pcap_dump_open
pcap_findalldevs
pcap_freealldevs
pcap_geterr
pcap_next_ex
pcap_open
pcap_open_live
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_setfilter
pcap_setmode

kernel32

AddAtomA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetLastError
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject

mingwm10

__mingwthr_key_dtor

msvcrt

_close
_fdopen
_read
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_filelengthi64
_fstati64
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmode
_snprintf
_strnicmp
_vsnprintf
abort
atexit
atoi
ceil
fclose
fflush
fgetpos
floor
fopen
fprintf
fread
free
fsetpos
fwrite
getc
localeconv
malloc
memchr
memcpy
memmove
memset
printf
putc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strpbrk
strtod
strtol
strtoul
strxfrm
ungetc

qtcore4

_Z18qInstallMsgHandlerPFv9QtMsgTypePKcE
_Z5qFreePv
_Z5qHashRK10QByteArray
_Z5qrandv
_Z6qDebugPKcz
_Z6qFatalPKcz
_Z6qsrandj
_Z8qVersionv
_Z8qWarningPKcz
_ZN10QByteArray11shared_nullE
_ZN10QByteArray4fillEci
_ZN10QByteArray6appendERKS_
_ZN10QByteArray6appendEc
_ZN10QByteArray6expandEi
_ZN10QByteArray6insertEiRKS_
_ZN10QByteArray6removeEii
_ZN10QByteArray6resizeEi
_ZN10QByteArray7reallocEi
_ZN10QByteArrayC1EPKci
_ZN10QByteArrayC1Eic
_ZN10QByteArrayaSERKS_
_ZN11QMetaObject8activateEP7QObjectPKS_iPPv
_ZN14QReadWriteLock11lockForReadEv
_ZN14QReadWriteLock12lockForWriteEv
_ZN14QReadWriteLock6unlockEv
_ZN14QReadWriteLockC1Ev
_ZN14QReadWriteLockD1Ev
_ZN14QTemporaryFileC1Ev
_ZN14QTemporaryFileD1Ev
_ZN15QLinkedListData11shared_nullE
_ZN16QCoreApplication15applicationNameEv
_ZN16QCoreApplication16organizationNameEv
_ZN16QCoreApplication18applicationDirPathEv
_ZN16QCoreApplication18setApplicationNameERK7QString
_ZN16QCoreApplication19setOrganizationNameERK7QString
_ZN16QCoreApplication4execEv
_ZN16QCoreApplication4exitEi
_ZN16QCoreApplicationC1ERiPPc
_ZN16QCoreApplicationD1Ev
_ZN18QThreadStorageData3setEPv
_ZN18QThreadStorageDataC1EPFvPvE
_ZN18QThreadStorageDataD1Ev
_ZN5QCharC1Ec
_ZN5QFile5closeEv
_ZN5QFile6existsERK7QString
_ZN6QMutex4lockEv
_ZN6QMutex6unlockEv
_ZN6QMutexC1ENS_13RecursionModeE
_ZN6QMutexD1Ev
_ZN7QObject10childEventEP11QChildEvent
_ZN7QObject10timerEventEP11QTimerEvent
_ZN7QObject11customEventEP6QEvent
_ZN7QObject11deleteLaterEv
_ZN7QObject11eventFilterEPS_P6QEvent
_ZN7QObject11qt_metacallEN11QMetaObject4CallEiPPv
_ZN7QObject11qt_metacastEPKc
_ZN7QObject12moveToThreadEP7QThread
_ZN7QObject13connectNotifyEPKc
_ZN7QObject16disconnectNotifyEPKc
_ZN7QObject16staticMetaObjectE
_ZN7QObject5eventEP6QEvent
_ZN7QObject7connectEPKS_PKcS1_S3_N2Qt14ConnectionTypeE
_ZN7QObjectC2EPS_
_ZN7QObjectD2Ev
_ZN7QRegExp10setPatternERK7QString
_ZN7QRegExp16setPatternSyntaxENS_13PatternSyntaxE
_ZN7QRegExpC1ERK7QStringN2Qt15CaseSensitivityENS_13PatternSyntaxE
_ZN7QRegExpC1Ev
_ZN7QRegExpD1Ev
_ZN7QString11shared_nullE
_ZN7QString16codecForCStringsE
_ZN7QString16fromAscii_helperEPKci
_ZN7QString17fromLatin1_helperEPKci
_ZN7QString4freeEPNS_4DataE
_ZN7QString6appendE5QChar
_ZN7QString6appendERKS_
_ZN7QString6insertEiPK5QChari
_ZN7QString6numberEii
_ZN7QString6removeERKS_N2Qt15CaseSensitivityE
_ZN7QString7replaceE5QCharRKS_N2Qt15CaseSensitivityE
_ZN7QString7replaceE5QCharS0_N2Qt15CaseSensitivityE
_ZN7QString7replaceERK7QRegExpRKS_
_ZN7QString7replaceERKS_S1_N2Qt15CaseSensitivityE
_ZN7QString9fromAsciiEPKci
_ZN7QStringaSERKS_
_ZN7QThread11qt_metacallEN11QMetaObject4CallEiPPv
_ZN7QThread11qt_metacastEPKc
_ZN7QThread4execEv
_ZN7QThread4waitEm
_ZN7QThread5startENS_8PriorityE
_ZN7QThread6msleepEm
_ZN7QThread6usleepEm
_ZN7QThreadC2EP7QObject
_ZN7QThreadD2Ev
_ZN8QMapData10createDataEv
_ZN8QMapData11node_createEPPNS_4NodeEi
_ZN8QMapData11node_deleteEPPNS_4NodeEiS1_
_ZN8QMapData11shared_nullE
_ZN8QMapData16continueFreeDataEi
_ZN8QProcess7executeERK7QStringRK11QStringList
_ZN8QSysInfo14WindowsVersionE
_ZN8QVariant7handlerE
_ZN8QVariantC1ERK10QByteArray
_ZN8QVariantC1ERK11QStringList
_ZN8QVariantC1ERK4QMapI7QStringS_E
_ZN8QVariantC1ERK5QListIS_E
_ZN8QVariantC1ERK7QString
_ZN8QVariantC1ERKS_
_ZN8QVariantC1Eb
_ZN8QVariantC1Ei
_ZN8QVariantC1Ej
_ZN8QVariantC1Ey
_ZN8QVariantD1Ev
_ZN8QVariantaSERKS_
_ZN9QDateTime15currentDateTimeEv
_ZN9QDateTimeD1Ev
_ZN9QHashData11shared_nullE
_ZN9QHashData12allocateNodeEv
_ZN9QHashData13detach_helperEPFvPNS_4NodeEPvEi
_ZN9QHashData14destroyAndFreeEv
_ZN9QHashData6rehashEi
_ZN9QHashData8freeNodeEPv
_ZN9QHashData8nextNodeEPNS_4NodeE
_ZN9QIODevice4peekEPcx
_ZN9QIODevice4readEPcx
_ZN9QIODevice5writeEPKcx
_ZN9QListData11shared_nullE
_ZN9QListData5eraseEPPv
_ZN9QListData6appendEv
_ZN9QListData6removeEi
_ZN9QListData7detach2Ev
_ZN9QListData7prependEv
_ZN9QMetaType12registerTypeEPKcPFvPvEPFS2_PKvE
_ZN9QSettingsC1ENS_6FormatENS_5ScopeERK7QStringS4_P7QObject
_ZN9QSettingsC1ERK7QStringNS_6FormatEP7QObject
_ZN9QtPrivate16QStringList_joinEPK11QStringListRK7QString
_ZNK10QByteArray5rightEi
_ZNK10QByteArray5toHexEv
_ZNK14QTemporaryFile8fileNameEv
_ZNK18QThreadStorageData3getEv
_ZNK5QChar8categoryEv
_ZNK7QObject6threadEv
_ZNK7QRegExp10exactMatchERK7QString
_ZNK7QString11toLocal8BitEv
_ZNK7QString11toULongLongEPbi
_ZNK7QString3argERKS_iRK5QChar
_ZNK7QString3argExiiRK5QChar
_ZNK7QString3argEyiiRK5QChar
_ZNK7QString5countE5QCharN2Qt15CaseSensitivityE
_ZNK7QString5splitERK5QCharNS_13SplitBehaviorEN2Qt15CaseSensitivityE
_ZNK7QString6toUIntEPbi
_ZNK7QString6toUtf8Ev
_ZNK7QString7indexOfERKS_iN2Qt15CaseSensitivityE
_ZNK7QString7toAsciiEv
_ZNK7QString7toLowerEv
_ZNK7QString7toUpperEv
_ZNK7QString8multiArgEiPPKS_
_ZNK7QStringeqERK13QLatin1String
_ZNK7QStringeqERKS_
_ZNK7QStringltERKS_
_ZNK7QThread10metaObjectEv
_ZNK8QVariant11toByteArrayEv
_ZNK8QVariant11toULongLongEPb
_ZNK8QVariant12toStringListEv
_ZNK8QVariant5toIntEPb
_ZNK8QVariant5toMapEv
_ZNK8QVariant6toBoolEv
_ZNK8QVariant6toListEv
_ZNK8QVariant6toUIntEPb
_ZNK8QVariant8toStringEv
_ZNK8QVariant8userTypeEv
_ZNK8QVariant9constDataEv
_ZNK9QDateTime8toTime_tEv
_ZNK9QIODevice11errorStringEv
_ZNK9QIODevice6isOpenEv
_ZNK9QSettings5valueERK7QStringRK8QVariant
_ZeqRK13QLatin1StringRK10QStringRef
_ZeqRK7QStringRK10QStringRef

qtnetwork4

_ZN10QTcpServer11qt_metacallEN11QMetaObject4CallEiPPv
_ZN10QTcpServer11qt_metacastEPKc
_ZN10QTcpServer16staticMetaObjectE
_ZN10QTcpServer21nextPendingConnectionEv
_ZN10QTcpServer6listenERK12QHostAddresst
_ZN10QTcpServerC2EP7QObject
_ZN10QTcpServerD2Ev
_ZN10QTcpSocketC1EP7QObject
_ZN11QHttpHeader8setValueERK7QStringS2_
_ZN11QHttpHeaderD2Ev
_ZN12QHostAddressC1ENS_14SpecialAddressE
_ZN12QHostAddressC1EPh
_ZN12QHostAddressC1ERK7QString
_ZN12QHostAddressC1ERKS_
_ZN12QHostAddressC1Ej
_ZN12QHostAddressD1Ev
_ZN12QHostAddressaSERKS_
_ZN15QAbstractSocket18disconnectFromHostEv
_ZN15QAbstractSocket19setSocketDescriptorEiNS_11SocketStateE6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN15QAbstractSocket19waitForDisconnectedEi
_ZN18QHttpRequestHeaderC1ERK7QStringS2_ii
_ZN19QHttpResponseHeaderC1ERKS_
_ZN5QHttp7requestERK18QHttpRequestHeaderP9QIODeviceS4_
_ZN5QHttpC1ERK7QStringtP7QObject
_ZNK10QTcpServer10serverPortEv
_ZNK10QTcpServer11errorStringEv
_ZNK10QTcpServer13serverAddressEv
_ZNK10QTcpServer21hasPendingConnectionsEv
_ZNK12QHostAddress13toIPv4AddressEv
_ZNK12QHostAddress13toIPv6AddressEv
_ZNK12QHostAddress6isNullEv
_ZNK12QHostAddress8protocolEv
_ZNK12QHostAddress8toStringEv
_ZNK15QAbstractSocket11peerAddressEv
_ZNK15QAbstractSocket5stateEv
_ZNK15QAbstractSocket8peerPortEv
_ZNK18QHttpRequestHeader8toStringEv
_ZNK19QHttpResponseHeader10statusCodeEv
_ZNK19QHttpResponseHeader12majorVersionEv
_ZNK19QHttpResponseHeader12minorVersionEv
_ZNK19QHttpResponseHeader12reasonPhraseEv
_ZNK5QHttp11errorStringEv
_ZNK5QHttp14currentRequestEv
_ZTV18QHttpRequestHeader
_ZTV19QHttpResponseHeader

qtscript4

_ZN12QScriptValue11setPropertyERK7QStringRKS_RK6QFlagsINS_12PropertyFlagEE
_ZN12QScriptValue4callERKS_RK5QListIS_E
_ZN12QScriptValueC1EP13QScriptEnginei
_ZN12QScriptValueC1ERKS_
_ZN12QScriptValueC1Ev
_ZN12QScriptValueD1Ev
_ZN12QScriptValueaSERKS_
_ZN13QScriptEngine10newQObjectEP7QObjectNS_14ValueOwnershipERK6QFlagsINS_17QObjectWrapOptionEE
_ZN13QScriptEngine14newQMetaObjectEPK11QMetaObjectRK12QScriptValue
_ZN13QScriptEngine7convertERK12QScriptValueiPv
_ZN13QScriptEngine8evaluateERK7QStringS2_i
_ZN13QScriptEngineC1Ev
_ZN13QScriptEngineD1Ev
_ZNK12QScriptValue10isFunctionEv
_ZNK12QScriptValue6engineEv
_ZNK12QScriptValue7isArrayEv
_ZNK12QScriptValue7isValidEv
_ZNK12QScriptValue7toInt32Ev
_ZNK12QScriptValue8isNumberEv
_ZNK12QScriptValue8propertyERK7QStringRK6QFlagsINS_11ResolveFlagEE
_ZNK12QScriptValue8propertyEjRK6QFlagsINS_11ResolveFlagEE
_ZNK12QScriptValue8toStringEv
_ZNK12QScriptValue8toUInt32Ev
_ZNK12QScriptValue9isVariantEv
_ZNK12QScriptValue9toVariantEv
_ZNK13QScriptEngine12globalObjectEv
_ZNK13QScriptEngine17uncaughtExceptionEv
_ZNK13QScriptEngine20hasUncaughtExceptionEv
_ZNK13QScriptEngine27uncaughtExceptionLineNumberEv

qtxml4

_ZN16QXmlStreamReader15readElementTextEv
_ZN16QXmlStreamReader8readNextEv
_ZN16QXmlStreamReader9setDeviceEP9QIODevice
_ZN16QXmlStreamReaderC1Ev
_ZN16QXmlStreamReaderD1Ev
_ZNK16QXmlStreamReader4nameEv
_ZNK16QXmlStreamReader5atEndEv
_ZNK16QXmlStreamReader9tokenTypeEv

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5cc6261e71cf14aa32045e457e62409c

Headers

File Characteristics

Imports

packet

wpcap

kernel32

mingwm10

msvcrt

qtcore4

qtnetwork4

qtscript4

qtxml4

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.data Size: 1024B - Virtual size: 640B

.rdata Size: 114KB - Virtual size: 113KB

.bss Size: - Virtual size: 22KB

.idata Size: 15KB - Virtual size: 15KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 1024B - Virtual size: 640B

.rdata
Size: 114KB - Virtual size: 113KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 15KB - Virtual size: 15KB