78527f4a89bab19953e7d3182ba4a085

Sharing

Copy URL

Twitter E-mail

General

Target

78527f4a89bab19953e7d3182ba4a085
Size

308KB
MD5

78527f4a89bab19953e7d3182ba4a085
SHA1

03cf8c87326c0034c8c1232bf02f49e408baf932
SHA256

3a88390bbfb7f2667f3766b2adeb4435f36f03a16aa105157d615e2fb5711483
SHA512

2b1d609e6a91686af77e19a7c8c3f3c44ab07a340c3e6752e4b7d16aa84e379bb3344a166755d9528372566d39622bfdc55795d2bf9da09700994af7d6564b09
SSDEEP

3072:mIYPuy0BgFx6AfRz10Td72Sn4UvHbZ0IspRgNSSTBfQwgtXFn/qewqMfNda7SDAi:rQxrzOTp5pbdZNSSTB8MqMfMSsQLH5Aq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78527f4a89bab19953e7d3182ba4a085

Files

78527f4a89bab19953e7d3182ba4a085
.exe windows:4 windows x86 arch:x86

45e000e3f6a6c1e554c3e4ea18b3b105

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\CC\platform_QQ1.45\Basic_HummerPlatform_VOB\Platform\Output\bin\bugreport.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

dbghelp

SymCleanup
SymInitialize
SymSetOptions
SymLoadModule
SymGetModuleInfo

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetReadFile

psapi

GetModuleFileNameExA

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

kernel32

FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
FreeEnvironmentStringsW
GetEnvironmentStrings
WriteConsoleA
GetTempPathW
CreateDirectoryW
GetTickCount
DeleteFileW
CreateFileW
ReadFile
SetFilePointer
CloseHandle
GetVersionExW
VirtualQueryEx
CreateFileA
OpenThread
FindResourceW
GetProcAddress
GetModuleHandleW
ReadProcessMemory
WriteProcessMemory
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapAlloc
GetProcessHeap
WriteFile
VirtualProtect
SetEvent
HeapFree
GetCurrentProcessId
CreateProcessW
OpenProcess
GetModuleFileNameW
SetCurrentDirectoryW
GlobalFree
GetConsoleOutputCP
GlobalLock
GlobalUnlock
GetPrivateProfileSectionW
InterlockedIncrement
InterlockedDecrement
Sleep
WideCharToMultiByte
GetFileSize
LoadLibraryW
FreeLibrary
GetLastError
GetThreadSelectorEntry
GetFileAttributesW
GetCurrentThreadId
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
HeapCreate
VirtualAlloc
VirtualFree
LoadLibraryA
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WriteConsoleW
SetEndOfFile
GlobalAlloc
GetCommandLineA
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
HeapSize
HeapReAlloc
HeapDestroy

user32

GetWindowThreadProcessId
GetMenuItemCount
CreatePopupMenu
IsWindow
DestroyMenu
GetClientRect
UnregisterClassA
MapDialogRect
SendDlgItemMessageW
GetWindowRect
MapWindowPoints
TrackPopupMenu
GetWindowTextLengthW
GetDlgItem
SetWindowLongW
ClientToScreen
DrawIconEx
SetWindowTextW
GetWindow
SetDlgItemTextW
SetWindowPos
CloseClipboard
LoadImageW
SetClipboardData
SendMessageW
EmptyClipboard
LoadIconW
OpenClipboard
RegisterClipboardFormatW
GetKeyState
InvalidateRect
MessageBoxW
EndDialog
DialogBoxParamW
CallWindowProcW
GetWindowTextW
EnableWindow
ShowWindow

gdi32

GetStockObject
DeleteObject
SetTextColor

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHBindToParent
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteW
ord155

ole32

OleInitialize
DoDragDrop
OleUninitialize

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocString
SysStringByteLen
SysFreeString

Exports

Exports

??1CWriteBuffer@@QAE@XZ
?AddBuffer@CZipBuffers@@QAE_NPBXIPBD@Z
?AnsiToUnicode@Convert@Util@@YA_NAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PBDH@Z
?Clear@CZipBuffers@@QAEXXZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?DoFormatEx@CFmtString@@QAE?AV?$vector@UtagStringItem@@V?$allocator@UtagStringItem@@@std@@@std@@PB_W@Z
?Encode16@Encode@Util@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PBEH@Z
?GZip@CGZipBuffer@@QAE_NPAEI@Z
?GetBuffer@CUnzipBuffers@@QAE_NIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetZip@CZipBuffers@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?Init@CUnzipBuffers@@QAE_NPBXI_N@Z
?MatchWildcard@FS@Util@@YAHPBD0@Z
?MatchWildcard@FS@Util@@YAHPB_W0@Z
?Uninit@CUnzipBuffers@@AAEXXZ
?Utf8FromWS@Convert@Util@@YA?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@PB_WH@Z
?Utf8FromWSLimit@Convert@Util@@YA?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@HPB_WH@Z
?Utf8ToWS@Convert@Util@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PBDH@Z
strlcat
strlcpy
wcslcat
wcslcpy

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45e000e3f6a6c1e554c3e4ea18b3b105

Headers

File Characteristics

PDB Paths

Imports

version

dbghelp

wininet

psapi

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 76KB - Virtual size: 73KB

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 76KB - Virtual size: 73KB