23e3eb049993a8657bebefb0ba7f55af

Sharing

Copy URL Twitter E-mail

General

Target

23e3eb049993a8657bebefb0ba7f55af
Size

2.0MB
MD5

23e3eb049993a8657bebefb0ba7f55af
SHA1

85cf0b999698f30ce98d27284f3c2fad722d7102
SHA256

606c2c6b70012e53cf9c298a2c209bf528aa5a3474cca12c1f782942f6ba762e
SHA512

485285ebba06a73fb67a0e75e16cbc5fce572161f674a941b841913cbbd7caf9cbec3689d78dfa80c71dbbabde32f668b715a73e5b422d0ce122366fc838a707
SSDEEP

49152:91wbXEAbgy0VlBJxgPM57WSHDYjd/6xZlZM52Bm0MsOC6Q:ksy0TB3gOWSjYB/WZQ52B1MsOg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ小精灵·失落者/wqm.exe

Files

23e3eb049993a8657bebefb0ba7f55af
.rar
QQ小精灵·失落者/QQ小精灵·失落者.exe
.exe windows:4 windows x86 arch:x86

85fca2186a54ac545243ef766a26ffa3

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

13/01/2010, 00:00

Not After

13/01/2011, 23:59

Subject

CN=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6061
ord5864
ord3596
ord3619
ord640
ord6194
ord1640
ord323
ord2405
ord5785
ord1175
ord2096
ord2408
ord5860
ord807
ord2920
ord2012
ord2120
ord554
ord4163
ord1644
ord1146
ord5572
ord2919
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord491
ord1907
ord4258
ord489
ord768
ord283
ord4478
ord4267
ord2450
ord1908
ord4406
ord3729
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord804
ord4259
ord4284
ord4715
ord2370
ord6334
ord6877
ord1572
ord1199
ord2575
ord4396
ord3574
ord609
ord556
ord801
ord809
ord2122
ord2639
ord2862
ord3996
ord1168
ord3302
ord2817
ord2065
ord5829
ord3726
ord541
ord3716
ord790
ord2301
ord2358
ord6111
ord926
ord2642
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord656
ord4299
ord859
ord5053
ord4774
ord5981
ord6270
ord613
ord289
ord6358
ord1088
ord4203
ord6449
ord2727
ord6467
ord2730
ord2729
ord1568
ord1180
ord6380
ord3698
ord765
ord2086
ord6283
ord6282
ord6153
ord5645
ord5583
ord6385
ord2393
ord3790
ord2784
ord4278
ord3089
ord2860
ord3797
ord1200
ord1158
ord6883
ord879
ord2740
ord882
ord2801
ord6143
ord1802
ord1934
ord1935
ord6662
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord2621
ord1205
ord1134
ord824
ord5435
ord5571
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord3353
ord3579
ord426
ord726
ord826
ord2820
ord498
ord755
ord470
ord5637
ord5849
ord3475
ord4287
ord2109
ord1008
ord6928
ord4476
ord284
ord6453
ord1997
ord6407
ord798
ord5194
ord533
ord4400
ord3630
ord3706
ord5786
ord3370
ord2582
ord4402
ord3640
ord693
ord682
ord4243
ord6907
ord5861
ord3998
ord6007
ord3286
ord6675
ord6888
ord2244
ord4457
ord4981
ord4499
ord1949
ord4034
ord6144
ord812
ord5607
ord803
ord341
ord543
ord6140
ord654
ord3584
ord3702
ord462
ord1770
ord1601
ord6462
ord5500
ord6354
ord743
ord446
ord4003
ord2486
ord4226
ord290
ord2623
ord614
ord1799
ord2765
ord4204
ord861
ord5834
ord2044
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord1641
ord2614
ord5788
ord2567
ord2414
ord4277
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord2438
ord3654
ord2584
ord4220
ord1862
ord500
ord3701
ord772
ord1574
ord1099
ord686
ord384
ord4160
ord2302
ord795
ord3721
ord6394
ord6383
ord5440
ord5450
ord2379
ord3301
ord6930
ord5710
ord4129
ord6927
ord2777
ord6569
ord4853
ord4710
ord3092
ord6242
ord6696
ord6905
ord3874
ord4234
ord324
ord542
ord3597
ord4425
ord5280
ord1775
ord6052
ord4998
ord844
ord4376
ord5265
ord353
ord6010
ord2514
ord802
ord641
ord2763
ord5683
ord6648
ord1768
ord537
ord6199
ord6880
ord465
ord857
ord535
ord4467
ord2135
ord366
ord2092
ord674
ord3402
ord3623
ord4427
ord5252
ord4436
ord1665
ord2649
ord5282
ord5237
ord4077
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord5103
ord5100
ord3059
ord2390
ord2723
ord5290
ord389
ord268
ord5207
ord1567
ord690
ord2107
ord3811
ord860
ord5216
ord3758
ord3408
ord3227
ord3054
ord3425
ord3880
ord551
ord2818
ord939
ord354
ord922
ord5186
ord3318
ord5442
ord1979
ord858
ord1105
ord665
ord924
ord2915
ord823
ord2841
ord825
ord567
ord540
ord2864
ord2124
ord818
ord3663
ord1988
ord5953
ord3957
ord326
ord3361
ord2827
ord3138
ord683
ord2243
ord3226
ord3631
ord1233
ord6663
ord911
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055

msvcrt

isupper
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
atoi
_itoa
_strnicmp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_getch
_exit
?terminate@@YAXXZ
sscanf
__CxxFrameHandler
srand
time
_mbscmp
rand
fputc
fclose
fgetc
fseek
fopen
fgets
free
fread
rewind
ftell
malloc
wcscpy
wcslen
_stricmp
qsort
_mbsicmp
_mbstok
_tempnam
_strdup
realloc
calloc
fprintf
_iob
strncmp
printf
isxdigit
wcsstr
_wcslwr
mbstowcs
_snprintf
strlen
memset
strrchr
_controlfp
_pctype
_isctype
__mb_cur_max
toupper
??8type_info@@QBEHABV0@@Z
_setmbcp
_ftol
memmove
_purecall
_mbsnbcpy
atol
sprintf
isdigit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
isalpha
strchr
strstr
_mbsstr
isalnum
islower
isprint
_splitpath
fwrite
strncpy
_except_handler3
isspace
_mbschr
tolower
_ismbcspace
_mbspbrk
_mbsnbicmp

kernel32

CreateMutexA
OutputDebugStringA
ReadProcessMemory
TlsSetValue
SetEnvironmentVariableA
TlsAlloc
InitializeCriticalSection
DeleteCriticalSection
PulseEvent
EnterCriticalSection
LeaveCriticalSection
CopyFileA
OpenEventA
SuspendThread
GetCurrentThread
IsDBCSLeadByte
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
VirtualQuery
GetSystemInfo
VirtualFree
GlobalSize
GlobalReAlloc
SetUnhandledExceptionFilter
Module32Next
Module32First
CreateToolhelp32Snapshot
SleepEx
ReleaseMutex
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
WriteFile
SystemTimeToFileTime
GetLocalTime
LocalFileTimeToFileTime
SetFileTime
LCMapStringA
GetStartupInfoA
OpenProcess
VirtualProtectEx
GetCurrentProcessId
MoveFileA
OpenMutexA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileAttributesA
SizeofResource
SetCurrentDirectoryA
MultiByteToWideChar
GetSystemDirectoryA
InterlockedDecrement
GetModuleHandleA
GetModuleFileNameA
GetTempFileNameA
GetPrivateProfileStringA
WriteProfileStringA
CreateFileA
DeviceIoControl
GetProcAddress
CompareStringA
lstrcatA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
lstrcpynA
GetProcessHeap
HeapAlloc
HeapFree
CreateThread
GetExitCodeThread
GetLastError
CreateEventA
CloseHandle
Sleep
GetCurrentProcess
SetPriorityClass
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
CreateProcessA
WaitForSingleObject
GetTempPathA
CreateDirectoryA
DeleteFileA
IsBadReadPtr
SetFileAttributesA
MoveFileExA
GetTickCount
GetStringTypeExA
GetUserDefaultLCID
InterlockedCompareExchange
InterlockedExchange
LocalFree
FormatMessageA
LocalAlloc
GetFileSize
ReadFile
GlobalFree
GetACP
VirtualProtect
SetEvent
ResetEvent
Beep
IsDebuggerPresent
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentDirectoryA
GetFileAttributesExA
InterlockedIncrement
GetCurrentThreadId
WideCharToMultiByte
TerminateThread
GetProfileStringA

user32

IsWindowVisible
GetClientRect
GetWindowRect
GetParent
IsWindow
EnableWindow
SendMessageA
GetMenuItemInfoA
SetRect
DrawEdge
RegisterWindowMessageA
IsRectEmpty
GetFocus
UpdateWindow
LockWindowUpdate
BringWindowToTop
DefWindowProcA
GetClassInfoA
DrawFrameControl
ShowScrollBar
MapVirtualKeyA
SetCursorPos
ClipCursor
GetWindowThreadProcessId
GetForegroundWindow
GetWindowDC
GetAsyncKeyState
GetGUIThreadInfo
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SendInput
RegisterHotKey
UnregisterHotKey
keybd_event
CheckMenuItem
GetCapture
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumDisplaySettingsA
UnregisterClassA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
PostThreadMessageA
ShowWindow
EnumWindows
LoadStringA
FillRect
CopyRect
GetDesktopWindow
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
LoadBitmapA
GetSubMenu
TabbedTextOutA
GrayStringA
GetDlgCtrlID
PostQuitMessage
DestroyCursor
GetWindowLongA
IsMenu
GetNextDlgTabItem
SetCursor
InvalidateRect
GetActiveWindow
WindowFromPoint
ClientToScreen
DrawFocusRect
OffsetRect
InflateRect
FrameRect
DrawStateA
GetIconInfo
LoadImageA
SetWindowTextA
MessageBoxA
SetActiveWindow
SetForegroundWindow
wsprintfA
SetCapture
ReleaseCapture
PtInRect
CopyIcon
LoadCursorA
LoadMenuA
LoadIconA
DrawIcon
IsIconic
ScreenToClient
GetCursorPos
PostMessageA
SetTimer
KillTimer
RedrawWindow
SetWindowLongA
GetSysColor
SystemParametersInfoA
SetWindowPos

gdi32

PtVisible
PatBlt
RectVisible
GetPixel
SetPixel
CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
GetDeviceCaps
TextOutA
ExtTextOutA
Rectangle
Escape
GetStockObject
SetTextColor
SetBkColor
CreateBitmap
CreateRectRgnIndirect
GetCurrentObject
GetObjectA
SetDIBits
CreateDCA
GetDIBits
GetBkColor
CreateRectRgn

advapi32

RegSetValueExA
RegCreateKeyExA
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyA
RegCreateKeyA
RegQueryValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
ControlService

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_GetImageInfo

ole32

StgCreateDocfile
OleRun
StgOpenStorageOnILockBytes
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CreateILockBytesOnHGlobal
CoCreateInstance
CoInitialize
ProgIDFromCLSID

oleaut32

LoadTypeLi
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SafeArrayPutElement
SafeArrayCreateVector
VariantCopy
GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysAllocString

urlmon

URLDownloadToFileA

msvcp60

?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??1logic_error@std@@UAE@XZ
??0bad_exception@std@@QAE@ABV01@@Z
??1bad_exception@std@@UAE@XZ
??_7bad_exception@std@@6B@
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0runtime_error@std@@QAE@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Xlen@std@@YAXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?what@logic_error@std@@UBEPBDXZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7logic_error@std@@6B@
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7runtime_error@std@@6B@
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z

shlwapi

SHDeleteKeyA

ws2_32

setsockopt
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAEventSelect
htonl
WSASocketA
ntohs
ntohl
htons
gethostbyname
inet_ntoa
inet_addr
WSAConnect
WSASend
WSAEnumNetworkEvents
WSARecv
shutdown

psapi

EnumProcessModules

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

imagehlp

MakeSureDirectoryPathExists

wininet

InternetSetOptionA

uxtheme

SetThemeAppProperties

winmm

timeGetTime
PlaySoundA

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B
ANTLR3_TREE_ADAPTORDebugNew
ANTLR3_TREE_ADAPTORNew
QMScriptLexerNew
QMScriptLexerNewSSD
QMScriptParserNew
QMScriptParserNewSSD
antlr3ArboretumNew
antlr3BaseRecognizerNew
antlr3BaseTreeAdaptorInit
antlr3BaseTreeNew
antlr3BitsetCopy
antlr3BitsetList
antlr3BitsetLoad
antlr3BitsetNew
antlr3BitsetOf
antlr3BitsetSetAPI
antlr3CommonTokenDebugStreamSourceNew
antlr3CommonTokenNew
antlr3CommonTokenStreamNew
antlr3CommonTokenStreamSourceNew
antlr3CommonTreeNew
antlr3CommonTreeNewFromToken
antlr3EnumNew
antlr3ExceptionNew
antlr3Hash
antlr3HashTableNew
antlr3IntStreamNew
antlr3IntTrieNew
antlr3LexerNew
antlr3LexerNewStream
antlr3ListNew
antlr3MTExceptionNew
antlr3NewAsciiStringCopyStream
antlr3NewAsciiStringInPlaceStream
antlr3NewUCS2StringInPlaceStream
antlr3ParserNew
antlr3ParserNewStream
antlr3ParserNewStreamDbg
antlr3RecognitionExceptionNew
antlr3RewriteRuleNODEStreamNewAE
antlr3RewriteRuleNODEStreamNewAEE
antlr3RewriteRuleNODEStreamNewAEV
antlr3RewriteRuleSubtreeStreamNewAE
antlr3RewriteRuleSubtreeStreamNewAEE
antlr3RewriteRuleSubtreeStreamNewAEV
antlr3RewriteRuleTOKENStreamNewAE
antlr3RewriteRuleTOKENStreamNewAEE
antlr3RewriteRuleTOKENStreamNewAEV
antlr3SetCTAPI
antlr3SetTokenAPI
antlr3StackNew
antlr3StringFactoryNew
antlr3TokenFactoryNew
antlr3TokenStreamNew
antlr3UCS2StringFactoryNew
antlr3VectorFactoryNew
antlr3VectorNew
antlr3dfapredict
antlr3dfaspecialStateTransition
antlr3dfaspecialTransition

Sections

.text
Size: 736KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQ小精灵·失落者/wqm.exe
.exe windows:5 windows x86 arch:x86

cc34f2fbb8ae85c887d307dd6a601ee3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
LCMapStringA
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapReAlloc
CreateThread
ExitThread
ExitProcess
RaiseException
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoW
GetFileSizeEx
LocalFileTimeToFileTime
SetErrorMode
FindResourceExW
GetProfileIntW
GetProcessHeap
GetTimeFormatW
SearchPathW
GetDateFormatW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetDiskFreeSpaceW
GetTempFileNameW
GetFileTime
SetFileTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
FileTimeToLocalFileTime
CreateFileW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
GetStringTypeExW
MoveFileW
lstrlenA
lstrcmpA
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
GlobalGetAtomNameW
GetModuleHandleA
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
SuspendThread
GetCurrentThreadId
ResumeThread
SetThreadPriority
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
ResetEvent
lstrcpynW
GetLocalTime
VirtualProtect
GetTickCount
WaitForSingleObject
OpenFileMappingW
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
CreateEventW
CloseHandle
WinExec
InterlockedDecrement
lstrcpyW
SetEvent
FreeLibrary
SizeofResource
WritePrivateProfileStringW
GetModuleFileNameW
GetTempPathW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLastError
SetLastError
GetModuleHandleW
GetCurrentProcessId
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
FindNextFileW
FindClose
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
Sleep
IsDBCSLeadByte
LoadLibraryW
GetProcAddress
FindResourceW
LoadResource
LockResource
GetConsoleOutputCP

user32

SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
PeekMessageW
UnhookWindowsHookEx
GetWindowTextLengthW
SetWindowPos
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
ScrollWindow
GetMenuStringW
GetScrollInfo
GetMenuItemCount
RemoveMenu
AdjustWindowRectEx
IsChild
GetForegroundWindow
RegisterClipboardFormatW
DrawIcon
SetWindowRgn
OffsetRect
GetSubMenu
LoadIconW
PostThreadMessageW
UpdateWindow
IsWindow
SetTimer
MapWindowPoints
WindowFromPoint
KillTimer
DrawIconEx
DestroyIcon
ReleaseCapture
SetCapture
ScreenToClient
CheckMenuItem
AppendMenuW
PtInRect
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
SetActiveWindow
GetLastActivePopup
RemovePropW
GetPropW
SetPropW
GetClassLongW
IsRectEmpty
EqualRect
CopyRect
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetMenuItemID
LoadMenuW
SendMessageW
PostMessageW
GetWindowRect
GetClientRect
InvalidateRect
GetFocus
GetCapture
WinHelpW
GetMenuState
SendDlgItemMessageA
GetParent
SetRectEmpty
EnableWindow
GetWindowLongW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsWindowEnabled
SetFocus
GetKeyState
InflateRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetSystemMetrics
GetWindow
ChildWindowFromPointEx
ReleaseDC
GetDC
GetClassNameW
MapVirtualKeyW
UnhookWinEvent
MessageBoxW
SetWinEventHook
LoadBitmapW
GetSysColor
CreatePopupMenu
InsertMenuW
RegisterWindowMessageW
EnableMenuItem
ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ClientToScreen
BeginPaint
EndPaint
GetKeyNameTextW
GetWindowThreadProcessId
TranslateAcceleratorW
GetDesktopWindow
BringWindowToTop
InsertMenuItemW
LoadAcceleratorsW
SetCursor
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CopyAcceleratorTableW
SetRect
InvalidateRgn
CharNextW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
CharUpperW
PostQuitMessage
ShowOwnedPopups
MapDialogRect
LockWindowUpdate
GetNextDlgGroupItem
MessageBeep
IsClipboardFormatAvailable
UnionRect
SetParent
SetMenuDefaultItem
ValidateRect
IsWindowVisible
RedrawWindow
OpenClipboard
SetForegroundWindow
ShowWindow
CloseClipboard
SetClipboardData
EmptyClipboard
SetWindowContextHelpId
PrintWindow
GetWindowDC
CreateMenu
GetClipboardData
GetDoubleClickTime
DestroyCursor
MapVirtualKeyExW
IsCharLowerW
GetWindowRgn
CharUpperBuffW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CreateAcceleratorTableW
SubtractRect
WaitMessage
GetMenuDefaultItem
IsMenu
GetSystemMenu
DeleteMenu
UnregisterClassW
GetSysColorBrush
LoadCursorW
DestroyAcceleratorTable
IsZoomed
DrawEdge
DrawFrameControl
SetCursorPos
CopyIcon
EnableScrollBar
FrameRect
DrawFocusRect
GetIconInfo
SetClassLongW
DrawStateW
CopyImage
LoadImageW
GetUpdateRect
GetAsyncKeyState
TrackPopupMenu
GetCursorPos
GetWindowTextW
EnumChildWindows
FillRect

gdi32

SetROP2
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SetBkMode
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
SaveDC
GetRgnBox
GetBkColor
GetTextColor
CreateEllipticRgn
LPtoDP
GetTextMetricsW
RestoreDC
GetClipBox
GetDCOrgEx
CreateFontIndirectW
CopyMetaFileW
CreateBitmap
SetBkColor
SetTextColor
DeleteObject
GetTextExtentPoint32W
GetTextFaceW
CreateRectRgn
CreateDIBSection
SelectObject
CreateDCW
GetDeviceCaps
DeleteDC
GetStockObject
SetDCBrushColor
Ellipse
GetDIBits
RealizePalette
SetPixel
EnumFontFamiliesW
GetTextCharsetInfo
CreateDIBitmap
Polyline
CreatePolygonRgn
Polygon
CreateRoundRectRgn
OffsetRgn
Rectangle
RoundRect
SetDIBColorTable
FrameRgn
FillRgn
GetPaletteEntries
CreatePalette
PtInRegion
GetBoundsRect
SetPaletteEntries
ExtFloodFill
GetNearestPaletteIndex
GetSystemPaletteEntries
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
EnumFontFamiliesExW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StretchBlt
GetMapMode
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
DPtoLP
SetPolyFillMode
BitBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

GetFileSecurityW
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueW
RegDeleteValueW
RegCloseKey
SetFileSecurityW
RegQueryValueW
RegEnumKeyW

shell32

SHAppBarMessage
SHBrowseForFolderW
ExtractIconW
DragQueryFileW
DragFinish
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_GetIcon
ImageList_DrawEx
ImageList_GetImageCount

shlwapi

PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrStrIW
PathFileExistsW
SHDeleteKeyW
UrlUnescapeW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleFlushClipboard
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CreateStreamOnHGlobal
CLSIDFromString
CoDisconnectObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleDuplicateData
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoRegisterMessageFilter
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
DoDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator

oleaut32

VarUdateFromDate
LoadTypeLi
OleCreateFontIndirect
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocStringLen
VariantCopy
SysAllocString
SysFreeString
VariantClear

urlmon

UrlMkSetSessionOption
URLDownloadToFileW

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdiplusStartup
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCloneImage
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdiplusShutdown

wininet

InternetCloseHandle
InternetGetLastResponseInfoW
InternetOpenW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestW
InternetOpenUrlW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
HttpQueryInfoW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
FindFirstUrlCacheEntryW

winmm

PlaySoundW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 828KB - Virtual size: 827KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQ小精灵·失落者/使用说明.txt
QQ小精灵·失落者/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

85fca2186a54ac545243ef766a26ffa3

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8Certificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

msvcp60

shlwapi

ws2_32

psapi

rpcrt4

imagehlp

wininet

uxtheme

winmm

Exports

Exports

Sections

.text Size: 736KB - Virtual size: 732KB

.rdata Size: 464KB - Virtual size: 460KB

.data Size: 144KB - Virtual size: 277KB

.rsrc Size: 1024KB - Virtual size: 1020KB

cc34f2fbb8ae85c887d307dd6a601ee3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

wininet

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 404KB - Virtual size: 404KB

.data Size: 30KB - Virtual size: 55KB

.rsrc Size: 828KB - Virtual size: 827KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

.text
Size: 736KB - Virtual size: 732KB

.rdata
Size: 464KB - Virtual size: 460KB

.data
Size: 144KB - Virtual size: 277KB

.rsrc
Size: 1024KB - Virtual size: 1020KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 404KB - Virtual size: 404KB

.data
Size: 30KB - Virtual size: 55KB

.rsrc
Size: 828KB - Virtual size: 827KB