1f343faacd784a127477f2b1e028ad9e758fd9ce5b1f645720c520012826ef33

Sharing

Copy URL

Twitter E-mail

General

Target

1f343faacd784a127477f2b1e028ad9e758fd9ce5b1f645720c520012826ef33
Size

1.8MB
MD5

db30b90ee99512417c68d79d32f5c778
SHA1

2ee8a4ba6d898b6462d4362f9ec08a92895071cd
SHA256

1f343faacd784a127477f2b1e028ad9e758fd9ce5b1f645720c520012826ef33
SHA512

a046b5bcc39c4c3650b775a4a2c47f3fd183f608a3a73200bfe7aa0add0eb3b74ad8cd313b8e692b13e8212af932c69a7c98b7b4e790728dcd9ddbdbd545e244
SSDEEP

12288:dJzVfXviHAN7dNkcKxvAOwLH6oGyJkjx1GaxxTmIap5EKfD2GgVxN5XEK4jAFXB4:dJzVfXvhVaorJkjqx9rEKOUBjAFXgB5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f343faacd784a127477f2b1e028ad9e758fd9ce5b1f645720c520012826ef33

Files

1f343faacd784a127477f2b1e028ad9e758fd9ce5b1f645720c520012826ef33
.exe windows:6 windows x86 arch:x86

a6481466c63161792a65ef27762f31d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\code\rundir\qt\release\BlueStacks X.pdb

Imports

blauncher

??0BSXLocalClient@@QAE@PAVQObject@@@Z
??1BSXLocalClient@@UAE@XZ
?launch@BSXLocalClient@@QAEXABVQString@@@Z
?sendSync@BSXLocalClient@@QAEXABVQString@@@Z
?metaObject@BSXLocalClient@@UBEPBUQMetaObject@@XZ
?qt_metacall@BSXLocalClient@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@BSXLocalClient@@UAEPAXPBD@Z
??0BSXLocalServer@@QAE@PAVQObject@@@Z
??1BSXLocalServer@@UAE@XZ
?launch@BSXLocalServer@@QAEXABVQString@@@Z
?sig_receive@BSXLocalServer@@QAEXVQString@@@Z
?iCommandLine@@YAPAVICommandLine@@XZ
?metaObject@BSXLocalServer@@UBEPBUQMetaObject@@XZ
?qt_metacall@BSXLocalServer@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@BSXLocalServer@@UAEPAXPBD@Z
?staticMetaObject@BSXLocalServer@@2UQMetaObject@@B
?BLConfig@@YA?AVQVariant@@W4AppConfig@BLauncher@@@Z
?InitConnections@Plugin@@YAXPAVIPluginManager@@@Z
?instance@BLauncher@@SAPAV1@XZ
?doClearWebCache@BLauncher@@QAEXXZ
?getAppConfigValue@BLauncher@@QAE?AVQVariant@@W4AppConfig@1@@Z
?setAppconfigValue@BLauncher@@QAEXW4AppConfig@1@ABVQVariant@@@Z
?saveRegistryValue@BLauncher@@QAEXW4RegistryPath@1@W4AppConfig@1@W4RegistryType@1@ABVQVariant@@@Z
?registryValue@BLauncher@@QAE?AVQVariant@@W4RegistryPath@1@W4AppConfig@1@W4RegistryType@1@@Z
?init@BEvent@@SAXXZ
?MainWindowPlugin@Plugin@@YAPAVIMainWindow@@XZ
?instance@Log@@SAPAV1@XZ
?start@Log@@QAEXXZ
?registerMainThreadID@Log@@SAXH@Z
?stop@Log@@SAXXZ
?initErrorMsg@BError@@SAXXZ
?instance@Language@@SAPAV1@XZ
?init@Language@@QAEXXZ
?setStartingEnv@CreateProcessHelper@@SAXPAPAD@Z
?startAgent@BAgent@@SAXXZ

qt5widgets

??0QApplication@@QAE@AAHPAPADH@Z
?staticMetaObject@QMainWindow@@2UQMetaObject@@B
?setStyleSheet@QApplication@@QAEXABVQString@@@Z
?exec@QApplication@@SAHXZ
??1QApplication@@UAE@XZ
?allWidgets@QApplication@@SA?AV?$QList@PAVQWidget@@@@XZ
?event@QApplication@@MAE_NPAVQEvent@@@Z
?compressEvent@QApplication@@MAE_NPAVQEvent@@PAVQObject@@PAVQPostEventList@@@Z
?metaObject@QApplication@@UBEPBUQMetaObject@@XZ
?notify@QApplication@@UAE_NPAVQObject@@PAVQEvent@@@Z
?qt_metacall@QApplication@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QApplication@@UAEPAXPBD@Z

qt5gui

?staticMetaObject@QGuiApplication@@2UQMetaObject@@B
?setHighDpiScaleFactorRoundingPolicy@QGuiApplication@@SAXW4HighDpiScaleFactorRoundingPolicy@Qt@@@Z
?lastWindowClosed@QGuiApplication@@QAEXXZ

qt5network

?setUseSystemConfiguration@QNetworkProxyFactory@@SAX_N@Z

qt5core

??0QPluginLoader@@QAE@ABVQString@@PAVQObject@@@Z
?qResourceFeatureZlib@@YAEXZ
?qUnregisterResourceData@@YA_NHPBE00@Z
?qRegisterResourceData@@YA_NHPBE00@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_metacast@QObject@@UAEPAXPBD@Z
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?value@QSettings@@QBE?AVQVariant@@ABVQString@@ABV2@@Z
??1QSettings@@UAE@XZ
??0QSettings@@QAE@ABVQString@@W4Format@0@PAVQObject@@@Z
?setCurrent@QDir@@SA_NABVQString@@@Z
?toNativeSeparators@QDir@@SA?AVQString@@ABV2@@Z
?createUuid@QUuid@@SA?AV1@XZ
??9QUuid@@QBE_NABV0@@Z
?isNull@QUuid@@QBE_NXZ
?toString@QUuid@@QBE?AVQString@@W4StringFormat@1@@Z
??0QUuid@@QAE@PBD@Z
?startDetached@QProcess@@SA_NABVQString@@ABVQStringList@@@Z
?fromPercentEncoding@QUrl@@SA?AVQString@@ABVQByteArray@@@Z
?singleShotImpl@QTimer@@CAXHW4TimerType@Qt@@PBVQObject@@PAVQSlotObjectBase@QtPrivate@@@Z
?defaultTypeFor@QTimer@@CA?AW4TimerType@Qt@@H@Z
?applicationFilePath@QCoreApplication@@SA?AVQString@@XZ
?instance@QCoreApplication@@SAPAV1@XZ
?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z
?quit@QEventLoop@@QAEXXZ
?exec@QEventLoop@@QAEHV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z
??1QEventLoop@@UAE@XZ
??0QEventLoop@@QAE@PAVQObject@@@Z
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QFile@@UAE@XZ
??0QFile@@QAE@ABVQString@@@Z
?toBool@QVariant@@QBE_NXZ
?toInt@QVariant@@QBEHPA_N@Z
??0QVariant@@QAE@ABVQString@@@Z
??0QVariant@@QAE@XZ
?setCodecForLocale@QTextCodec@@SAXPAV1@@Z
?codecForName@QTextCodec@@SAPAV1@PBD@Z
?setMaxThreadCount@QThreadPool@@QAEXH@Z
?globalInstance@QThreadPool@@SAPAV1@XZ
?currentThreadId@QThread@@SAPAXXZ
?elapsed@QElapsedTimer@@QBE_JXZ
?start@QElapsedTimer@@QAEXXZ
?readAll@QIODevice@@QAE?AVQByteArray@@XZ
?toStdWString@QString@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??0QString@@QAE@ABVQByteArray@@@Z
?number@QString@@SA?AV1@KH@Z
?number@QString@@SA?AV1@HH@Z
?toInt@QString@@QBEHPA_NH@Z
?toUtf8@QString@@QHAE?AVQByteArray@@XZ
?append@QString@@QAEAAV1@ABV1@@Z
??4QString@@QAEAAV0@$$QAV0@@Z
??1QByteArray@@QAE@XZ
??0QByteArray@@QAE@PBDH@Z
?warning@QMessageLogger@@QBAXPBDZZ
?qputenv@@YA_NPBDABVQByteArray@@@Z
?qEnvironmentVariable@@YA?AVQString@@PBD@Z
?shared_null@QHashData@@2U1@B
?shared_null@QListData@@2UData@1@B
?null@QString@@2UNull@1@B
?qt_metacast@QPluginLoader@@UAEPAXPBD@Z
?qt_metacall@QPluginLoader@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?metaObject@QPluginLoader@@UBEPBUQMetaObject@@XZ
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
?entryList@QDir@@QBE?AVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z
?cd@QDir@@QAE_NABVQString@@@Z
?absoluteFilePath@QDir@@QBE?AVQString@@ABV2@@Z
??1QDir@@QAE@XZ
??0QDir@@QAE@ABVQString@@@Z
?fileName@QPluginLoader@@QBE?AVQString@@XZ
?load@QPluginLoader@@QAE_NXZ
?instance@QPluginLoader@@QAEPAVQObject@@XZ
??1QPluginLoader@@UAE@XZ
?deallocate@QArrayData@@SAXPAU1@II@Z
?isLibrary@QLibrary@@SA_NABVQString@@@Z
??6QDebug@@QAEAAV0@ABVQString@@@Z
??6QDebug@@QAEAAV0@PBD@Z
??1QDebug@@QAE@XZ
?shared_null@QMapDataBase@@2U1@B
??0QString@@QAE@ABV0@@Z
??1QString@@QAE@XZ
??4QString@@QAEAAV0@ABV0@@Z
?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z
??1Connection@QMetaObject@@QAE@XZ
?detach@QListData@@QAEPAUData@1@H@Z
?dispose@QListData@@QAEXXZ
?dispose@QListData@@SAXPAUData@1@@Z
?begin@QListData@@QBEPAPAXXZ
?end@QListData@@QBEPAPAXXZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z
?quit@QCoreApplication@@SAXXZ
?recalcMostLeftNode@QMapDataBase@@QAEXXZ
?createNode@QMapDataBase@@QAEPAUQMapNodeBase@@HHPAU2@_N@Z
?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPAU1@XZ
?freeData@QMapDataBase@@SAXPAU1@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
??0QObject@@QAE@PAV0@@Z
??1QObject@@UAE@XZ
?disconnect@QObject@@SA_NPBV1@PBD01@Z
?deleteLater@QObject@@QAEXXZ
?event@QObject@@UAE_NPAVQEvent@@@Z
?fromUtf8@QString@@SA?AV1@PBDH@Z
?qBadAlloc@@YAXXZ
??0QMessageLogger@@QAE@PBDH0@Z
?info@QMessageLogger@@QBE?AVQDebug@@XZ
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?toString@QVariant@@QBE?AVQString@@XZ
??0QString@@QAE@XZ
??8@YA_NABVQString@@0@Z
??0QString@@QAE@ABUNull@0@@Z
?qHash@@YAIABVQString@@I@Z
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?realloc@QListData@@QAEXH@Z
?append@QListData@@QAEPAPAXXZ
?setParent@QObject@@QAEXPAV1@@Z
??0QUrl@@QAE@XZ
??1QUrl@@QAE@XZ
??0QUuid@@QAE@ABVQString@@@Z
?toString@QUuid@@QBE?AVQString@@XZ
?allocateNode@QHashData@@QAEPAXH@Z
?freeNode@QHashData@@QAEXPAX@Z
?detach_helper@QHashData@@QAEPAU1@P6AXPAUNode@1@PAX@ZP6AX0@ZHH@Z
?hasShrunk@QHashData@@QAEXXZ
?rehash@QHashData@@QAEXH@Z
?free_helper@QHashData@@QAEXP6AXPAUNode@1@@Z@Z
?nextNode@QHashData@@SAPAUNode@1@PAU21@@Z
?nextNode@QMapNodeBase@@QBEPBU1@XZ
??1QVariant@@QAE@XZ

kernel32

LocalFree
GetCommandLineW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetModuleHandleW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateMutexW
GetLastError
CloseHandle
WideCharToMultiByte

vcruntime140

__CxxFrameHandler3
memcpy
_purecall
__current_exception
__std_terminate
_except_handler4_common
__std_exception_copy
__std_exception_destroy
memset
_CxxThrowException
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
terminate
_initterm
_exit
exit
_get_narrow_winmain_command_line
_initterm_e
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-environment-l1-1-0

__p__environ

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

shell32

CommandLineToArgvW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6481466c63161792a65ef27762f31d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

blauncher

qt5widgets

qt5gui

qt5network

qt5core

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

shell32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 366KB - Virtual size: 365KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 366KB - Virtual size: 365KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB