4dfe69099c7e377eabfe60c3cceefb86

Sharing

Copy URL Twitter E-mail

General

Target

4dfe69099c7e377eabfe60c3cceefb86
Size

100KB
MD5

4dfe69099c7e377eabfe60c3cceefb86
SHA1

ca74ac654108aa4e1d9637f536bafb18900d4bfd
SHA256

f91c4ab85fe9593e39daf90cfb0565ba26a5cb76c8c8aeb007d4872f400b5412
SHA512

0af5298ef8b237ce2b3c322c87cf57d70297b2ad447757cb864b2ca601b4c1b6ef2715b96346161d5d9829fe480f5f0ce4ec784d0946fcd434ad4c5421e0aebf
SSDEEP

384:6Cuz7HrTcDwL44d0uoYn4lrJZpn1q0y3SUD2piSfFhor4od7zohQbtfNYJLWcybu:6Cu/L3L4I0uGrV1tyiU69L87zEL4bu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dfe69099c7e377eabfe60c3cceefb86

Files

4dfe69099c7e377eabfe60c3cceefb86
.exe windows:5 windows x86 arch:x86

c6b095055e29caf58f69846be8f6316b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm_e
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__set_app_type
__CxxFrameHandler3

kernel32

GetCommandLineA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCommandLineW

qtcore4

?qRegisterResourceData@@YA_NHPBE00@Z
?qUnregisterResourceData@@YA_NHPBE00@Z
?windowsVersion@QSysInfo@@SA?AW4WinVersion@1@XZ
?qMemSet@@YAPAXPAXHI@Z
??4QByteArray@@QAEAAV0@ABV0@@Z
??4QByteArray@@QAEAAV0@PBD@Z
?qRealloc@@YAPAXPAXI@Z
?qMalloc@@YAPAXI@Z
?fromUtf16@QString@@SA?AV1@PBGH@Z
?toLocal8Bit@QString@@QBE?AVQByteArray@@XZ
?qFree@@YAXPAX@Z
?shared_null@QByteArray@@0UData@1@A
?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QVector@PAD@@@Z
?malloc@QVectorData@@SAPAU1@HHHPAU1@@Z
?data@QByteArray@@QAEPADXZ
??1QByteArray@@QAE@XZ
??0QByteArray@@QAE@XZ
?deref@QBasicAtomicInt@@QAE_NXZ
?ref@QBasicAtomicInt@@QAE_NXZ
??4QBasicAtomicInt@@QAEAAV0@H@Z
??9QBasicAtomicInt@@QBE_NH@Z
??0QString@@QAE@PBD@Z
??1QString@@QAE@XZ

qtgui4

?setQuitOnLastWindowClosed@QApplication@@SAX_N@Z

lmubase

?logDebug@LMUBase@@SAXABVQString@@@Z
?retain@LMUBase@@QAEXXZ
?release@LMUBase@@QAEJXZ

lmupipe

?conduit@LMUPipeServer@@QAEPAVLMUPipeConduit@@XZ
?setTimeout@LMUPipeServer@@QAEXJ@Z
?setMaxConnections@LMUPipeServer@@QAEXJ@Z
?packetFromCommandLine@LMUPipeConduit@@SAPAVLMUPipePacket@@HQAPAD@Z
?connect@LMUPipeInternalConduit@@SAPAVLMUPipeSession@@XZ
?send@LMUPipeSession@@QAEJPAVLMUPipePacket@@@Z

lmumain

?exec@LMUQtApplication@@UAEHXZ
??0LMUQtApplication@@QAE@AAHQAPAD_N@Z
?initialize@LMUApplication@@UAEXXZ
?server@LMUApplication@@QAEPAVLMUPipeServer@@XZ
?uninitialize@LMUApplication@@UAEXXZ
??1LMUQtApplication@@UAE@XZ

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6b095055e29caf58f69846be8f6316b

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

qtcore4

qtgui4

lmubase

lmupipe

lmumain

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 916B

.rsrc Size: 79KB - Virtual size: 80KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 916B

.rsrc
Size: 79KB - Virtual size: 80KB