2337e5902eb51ddb05d424e3bc83ee19

Sharing

Copy URL

Twitter E-mail

General

Target

2337e5902eb51ddb05d424e3bc83ee19
Size

159KB
MD5

2337e5902eb51ddb05d424e3bc83ee19
SHA1

dc243a44ee5d682927d2b257d80209487c5e2048
SHA256

98d3da6832b18ebe8cccc12ee0c149af124d7f3d0bd753c064e2474ba9179db3
SHA512

d8db22c054643adebaff5df72ee79028dbe6013f0b739df0939aa542f687ac8fc12f35ae1fdd51c0a6469f3f82b71fb12359f8d8a6fb72b514cf4aaa1671882c
SSDEEP

3072:wS1Y8lnT4BNY45Wn8WeVbyjqSoFcyUF4br0vZJ89Jhq5yj3zMybzO:3yaTENR7W/qpcywOdCyj3zTbzO

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQyan.exe
unpack001/qqyandll1.dll

Files

2337e5902eb51ddb05d424e3bc83ee19
.rar
QQyan.exe
.exe windows:4 windows x86 arch:x86

65e7bbfc654b2d176a64af8f72eef0a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_A

kernel32

HeapFree
TerminateProcess
CreateThread
ExitThread
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
LoadLibraryA
Sleep
GetProfileStringA
CreateDirectoryA
GetLastError
GetCurrentProcess
CloseHandle
Process32Next
Thread32Next
Thread32First
Process32First
CreateToolhelp32Snapshot
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetModuleFileNameA
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
GlobalLock
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
FreeLibrary
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThread
lstrcmpA
GlobalAlloc
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
CreateEventA
SetLastError
MulDiv
LocalFree
FormatMessageA
FindClose
FindFirstFileA
FindNextFileA
lstrcpynA
GlobalFlags
SizeofResource
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetCurrentDirectoryA
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
DuplicateHandle
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetTickCount
GetFileAttributesA
GetFileSize
GetFileTime
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
HeapAlloc

user32

PostThreadMessageA
PostQuitMessage
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
IsWindowVisible
GetTopWindow
IsChild
GetCapture
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
InflateRect
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
EnableWindow
DispatchMessageA
TranslateMessage
SetCursor
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
RegisterClipboardFormatA
CharUpperA
WinHelpA
GetDlgItem
IsWindowEnabled
MessageBoxA
InvalidateRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetMessageA
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
LoadStringA
DestroyMenu
GetSysColorBrush
LoadCursorA
GetDesktopWindow
PtInRect
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
MapDialogRect
RemovePropA
SetWindowContextHelpId
ValidateRect
GetCursorPos
GetMenuItemID

gdi32

CreateCompatibleDC
BitBlt
GetTextExtentPointA
GetMapMode
LPtoDP
DPtoLP
GetBkColor
GetTextColor
PatBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
DeleteObject
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ord17
ImageList_Destroy

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemAlloc

olepro32

ord253

oleaut32

VariantCopy
VariantClear
SysAllocStringLen
SysFreeString
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantTimeToSystemTime

ws2_32

htons
WSAStartup
WSACleanup
gethostbyname
socket
connect
send
recv
shutdown
closesocket

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qqyandll1.dll
.dll windows:4 windows x86 arch:x86

052133802dd8a61edfa60862105affef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dnsapi

DnsQuery_A

kernel32

RtlUnwind
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
SetStdHandle
IsBadReadPtr
IsBadCodePtr
FlushInstructionCache
VirtualProtect
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
GetOEMCP
GetCPInfo
GetProcessVersion
GetLastError
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalUnlock
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
LocalFree
CloseHandle
GetModuleFileNameA
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
TerminateThread
CreateThread
CreateEventA
GetLocalTime
WaitForSingleObject
GetTickCount
Sleep
OutputDebugStringA
SetEvent
WideCharToMultiByte
FreeEnvironmentStringsA

user32

CopyRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconA
ClientToScreen
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
UnregisterClassA
PtInRect
SetWindowTextA
LoadStringA
ShowWindow
LoadCursorA
GetSysColorBrush
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
GetWindowTextA
IsWindow
GetClientRect
GetParent
GetMenu
PostMessageA
PostQuitMessage
MessageBoxA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
WindowFromDC
GetActiveWindow
GetClassNameA

gdi32

RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SaveDC
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
Escape
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ExtTextOutW
ExtTextOutA
TextOutW
TextOutA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

ws2_32

WSAStartup
WSACleanup
closesocket
shutdown
socket
send
connect
htons
gethostbyname
recv

Exports

Exports

installhook
uninstallhook

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

65e7bbfc654b2d176a64af8f72eef0a0

Headers

File Characteristics

Imports

dnsapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 116KB - Virtual size: 113KB

052133802dd8a61edfa60862105affef

Headers

File Characteristics

Imports

dnsapi

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

ws2_32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 16KB - Virtual size: 30KB

shared Size: 4KB - Virtual size: 8B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 116KB - Virtual size: 113KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 16KB - Virtual size: 30KB

shared
Size: 4KB - Virtual size: 8B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 14KB