06973760bb8e9089318e6a93953c4ea8

Sharing

Copy URL Twitter E-mail

General

Target

06973760bb8e9089318e6a93953c4ea8
Size

128KB
MD5

06973760bb8e9089318e6a93953c4ea8
SHA1

391f99ba252b19f2d72d176fcc6e460908465a8c
SHA256

82b5c2d1442be0ce47c1bbe27951a0260590db8e67891229b5303ea84cb2f6b7
SHA512

9e258e9487f5ad13598d98fb878edc205422bbc2ed9d0a13f6332c814589a96d767c3e64fdbf9ad02caef85a317d25ec57a22acaeb6354f2ff3d788a167bd5df
SSDEEP

3072:a064Y5JG+BHOdPbGBi4+ONurpnraauZ5vQaBIwZOnXf:I0Jb43EVrPU5RB5OnX

Score

1^/10

Malware Config

Signatures

Files

06973760bb8e9089318e6a93953c4ea8
.dll windows:5 windows x86 arch:x86

e09d9525ada78cff5b1b145fe7b18369

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/07/2016, 09:16

Not After

21/07/2019, 08:09

Subject

CN=深圳市为爱普信息技术有限公司,OU=IT Dept.,O=深圳市为爱普信息技术有限公司,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c9:7d:a0:29:e1:7a:8a:36:3d:94:59:c1:1c:c9:86:96:d5:94:52:b5
Signer

Actual PE Digest

c9:7d:a0:29:e1:7a:8a:36:3d:94:59:c1:1c:c9:86:96:d5:94:52:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qt5core

??8@YA_NABVQString@@0@Z
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?staticMetaObject@QObject@@2UQMetaObject@@B
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
??0QObject@@QAE@PAV0@@Z
??1QObject@@UAE@XZ
?arg@QString@@QBE?AV1@HHHVQChar@@@Z
??4QString@@QAEAAV0@$$QAV0@@Z
??4QString@@QAEAAV0@PBD@Z
??0QByteArray@@QAE@XZ
?fromRawData@QByteArray@@SA?AV1@PBDH@Z
??4QByteArray@@QAEAAV0@$$QAV0@@Z
?toHex@QByteArray@@QBE?AV1@XZ
?data@QByteArray@@QAEPADXZ
?fromLatin1@QString@@SA?AV1@PBDH@Z
?toStdString@QString@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?clear@QByteArray@@QAEXXZ
?fromTime_t@QDateTime@@SA?AV1@I@Z
?toString@QDateTime@@QBE?AVQString@@ABV2@@Z
??1QDateTime@@QAE@XZ
?fromUtf8@QString@@SA?AV1@PBDH@Z
?currentDateTime@QDateTime@@SA?AV1@XZ
?toTime_t@QDateTime@@QBEIXZ
?qt_metacast@QObject@@UAEPAXPBD@Z
??1QString@@QAE@XZ
??4QString@@QAEAAV0@ABV0@@Z
??0QString@@QAE@ABV0@@Z
?fromStdString@QString@@SA?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z
?arg@QString@@QBE?AV1@_JHHVQChar@@@Z
??0QChar@@QAE@UQLatin1Char@@@Z
?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z
??1QByteArray@@QAE@XZ
?constData@QByteArray@@QBEPBDXZ
?toUtf8@QString@@QBE?AVQByteArray@@XZ
??0QString@@QAE@XZ
?isEmpty@QString@@QBE_NXZ

qt5gui

??1QPixmap@@UAE@XZ
??0QPixmap@@QAE@XZ
??4QPixmap@@QAEAAV0@ABV0@@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
WaitForSingleObject
ReleaseMutex
CreateMutexW
CloseHandle

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_initterm_e
_initterm
_encoded_null
_amsg_exit
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
ftell
rewind
fread
fseek
fclose
fopen
sprintf
_atoi64
atoi
srand
rand
_time64
memset
_purecall
__CxxFrameHandler3
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
free
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
memcpy
memmove
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z

sqlite3

sqlite3_column_blob
sqlite3_column_bytes
sqlite3_open
sqlite3_prepare_v2
sqlite3_column_double
sqlite3_column_int
sqlite3_reset
sqlite3_finalize
sqlite3_close
sqlite3_column_int64
sqlite3_column_text
sqlite3_step

Exports

Exports

ios_photo_get_list
ios_photo_get_thumb

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e09d9525ada78cff5b1b145fe7b18369

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5Certificate

Extended Key Usages

Key Usages

c9:7d:a0:29:e1:7a:8a:36:3d:94:59:c1:1c:c9:86:96:d5:94:52:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

qt5core

qt5gui

kernel32

msvcp100

msvcr100

sqlite3

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 4KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

c9:7d:a0:29:e1:7a:8a:36:3d:94:59:c1:1c:c9:86:96:d5:94:52:b5
Signer

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 4KB