QTADO[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

QTADO.exe
Size

596KB
MD5

17f1463026ad628dc53e2c94eff46403
SHA1

fb9d70eb1b998f4c1d31637eb35774c549c4187c
SHA256

8a11bd9364b6297ab6ea484d7b5208b388513abe4a6424fbf19658bef7fd998d
SHA512

591ebf4251aac4d884648c691ce58d0835bd8e0f3203e51cf9c3061464699e2e615f66ecef4b33d6d5578da2f2b7977f34309fe27fe64c77100a79c03f655ab6
SSDEEP

12288:aJl8eSUb7RFWGCNUul/8hI5qKiabK2gTqUGxi2VkITt:aJl8eSm905qNabK2grGHket

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
QTADO.exe

Files

QTADO.exe
.exe windows:4 windows x86

62dff9450040131a6990f7a56c734136

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
SetUnhandledExceptionFilter
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
HeapSize
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualAlloc
HeapReAlloc
GetCurrentDirectoryA
GetACP
TerminateProcess
GetFileType
SetStdHandle
GetTimeZoneInformation
ExitThread
CreateThread
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
RtlUnwind
GetStringTypeA
GetStartupInfoA
SetLastError
GetPrivateProfileIntA
RaiseException
SetErrorMode
lstrcpyW
GetStringTypeW
SystemTimeToFileTime
LoadResource
LockResource
GetCurrentThreadId
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
GetVersion
MulDiv
OutputDebugStringA
SearchPathA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
lstrcpyA
lstrcatA
GetTempPathA
InterlockedIncrement
lstrcpynA
WaitForSingleObject
FormatMessageA
lstrlenA
LocalAlloc
InterlockedDecrement
lstrlenW
WideCharToMultiByte
LocalFileTimeToFileTime
GetFileSize
CopyFileA
SizeofResource
GetCPInfo
GetOEMCP
GetProfileStringA
TlsSetValue
TlsGetValue
LocalReAlloc
TlsFree
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
GlobalHandle
DeleteCriticalSection
GetProcessVersion
InitializeCriticalSection
GlobalFlags
GetVolumeInformationA
GetShortPathNameA
GetStringTypeExA
DeleteFileA
FindFirstFileA
FindClose
UnlockFile
MoveFileA
SetEndOfFile
SetFilePointer
LockFile
FlushFileBuffers
CreateFileA
WriteFile
ReadFile
GlobalReAlloc
GetCurrentProcess
DuplicateHandle
GetFileTime
GlobalSize
GetDiskFreeSpaceA
GetTempFileNameA
SetFileTime
GetFullPathNameA
lstrcmpA
GetFileAttributesA
GlobalAlloc
IsBadReadPtr
GetCurrentThread
IsBadWritePtr
FileTimeToSystemTime
GetThreadLocale
FileTimeToLocalFileTime
GetLastError
GlobalFree
LocalFree
SetThreadPriority
CreateEventA
SuspendThread
CloseHandle
ResumeThread
SetEvent
GetPrivateProfileStringA
MultiByteToWideChar
WritePrivateProfileStringA
FindResourceA
GetTickCount

user32

DestroyIcon
GetNextDlgGroupItem
DeleteMenu
FindWindowA
LoadStringA
GetClassNameA
GetSysColorBrush
CharUpperA
CountClipboardFormats
IsClipboardFormatAvailable
SetParent
IsRectEmpty
InSendMessage
RegisterClipboardFormatA
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
MapDialogRect
GetAsyncKeyState
CharNextA
EndDialog
CreateDialogIndirectParamA
SetRect
WindowFromPoint
GetMessageA
TranslateMessage
ValidateRect
DestroyCursor
SetCursorPos
SetCapture
InflateRect
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetNextDlgTabItem
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
DispatchMessageA
GetMenuStringA
CopyAcceleratorTableA
BeginDeferWindowPos
EndDeferWindowPos
SetScrollRange
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
RegisterClassA
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetDCEx
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetLastActivePopup
EqualRect
GetDlgItem
GetKeyState
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpA
SetMenu
LoadIconA
GetClassInfoA
DestroyMenu
SetFocus
ShowWindow
GetDesktopWindow
IsWindowEnabled
SetCursor
PeekMessageA
GetCapture
ReleaseCapture
LoadAcceleratorsA
SetRectEmpty
RegisterWindowMessageA
GetActiveWindow
GetMenuItemID
AdjustWindowRectEx
RedrawWindow
SetWindowPos
SetWindowLongA
DefMDIChildProcA
RemoveMenu
InsertMenuA
ScreenToClient
DeferWindowPos
SetPropA
DrawMenuBar
TranslateAcceleratorA
TranslateMDISysAccel
DefFrameProcA
CreateWindowExA
BringWindowToTop
GetMenu
GetMenuItemCount
LoadCursorA
GetDC
ReleaseDC
MessageBeep
LoadMenuA
GetSubMenu
EnableMenuItem
GetCursorPos
IsZoomed
GetWindow
LoadBitmapA
GetWindowLongA
PtInRect
GetParent
CopyRect
FillRect
DrawFocusRect
LockWindowUpdate
GetSysColor
EnableWindow
IsIconic
PostThreadMessageA
wsprintfA
PostMessageA
GetFocus
GetWindowRect
IsWindowVisible
ClientToScreen
CreatePopupMenu
AppendMenuA
SetTimer
GetClientRect
SendMessageA
InvalidateRect
UpdateWindow
IsWindow
KillTimer
GetScrollPos
DefDlgProcA
IsWindowUnicode
HideCaret
ShowCaret
ExcludeUpdateRgn
UnregisterClassA

gdi32

BitBlt
GetObjectA
GetStockObject
GetClipBox
SetTextColor
DeleteObject
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
GetTextExtentPoint32A
StretchDIBits
CreateCompatibleBitmap
Escape
CreateFontA
GetTextMetricsA
GetCharWidthA
GetTextColor
GetBkColor
PatBlt
CreateDCA
DPtoLP
CreateRectRgnIndirect
EndDoc
EndPage
AbortDoc
SetAbortProc
GetMapMode
StartPage
CombineRgn
LPtoDP
SetRectRgn
CopyMetaFileA
CreateDIBitmap
GetTextExtentPointA
IntersectClipRect
ExcludeClipRect
SelectClipRgn
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
SetViewportOrgEx
SetMapMode
SetBkMode
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
CreateBitmap
CreateFontIndirectA
CreateCompatibleDC
SetBkColor
GetDeviceCaps
OffsetViewportOrgEx

comdlg32

ChooseFontA
FindTextA
ReplaceTextA
GetFileTitleA
PrintDlgA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
SetFileSecurityA
GetFileSecurityA
RegSetValueA
RegCreateKeyA

shell32

ExtractIconA
SHGetFileInfoA
DragQueryFileA
DragFinish
DragAcceptFiles
ShellExecuteA

comctl32

ImageList_DrawEx
ImageList_Draw
ImageList_GetIconSize
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy

oledlg

ord4
ord3
ord11
ord8

ole32

OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleLockRunning
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleSave
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
CreateGenericComposite
OleGetClipboard
CoRevokeClassObject
OleSetMenuDescriptor
CoTreatAsClass
StgOpenStorageOnILockBytes
StgIsStorageFile
StgCreateDocfile
OleIsRunning
CreateItemMoniker
CoLockObjectExternal
WriteClassStg
GetRunningObjectTable
CreateFileMoniker
CoTaskMemFree
ReleaseStgMedium
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoDisconnectObject
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
ReadClassStg
CoGetClassObject
ReadFmtUserTypeStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoTaskMemAlloc
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
StringFromCLSID
StgOpenStorage

olepro32

ord253

oleaut32

GetErrorInfo
VariantTimeToSystemTime
VarBstrFromCy
SysAllocStringLen
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysStringLen
VariantCopy
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantClear
VariantInit
SysStringByteLen
VariantChangeType

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62dff9450040131a6990f7a56c734136

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 412KB - Virtual size: 408KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 32KB - Virtual size: 45KB

.rsrc Size: 48KB - Virtual size: 46KB

.text
Size: 412KB - Virtual size: 408KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 32KB - Virtual size: 45KB

.rsrc
Size: 48KB - Virtual size: 46KB