7b8feb395f2b8a9ab31f910829ec3c08

Sharing

Copy URL Twitter E-mail

General

Target

7b8feb395f2b8a9ab31f910829ec3c08
Size

511KB
MD5

7b8feb395f2b8a9ab31f910829ec3c08
SHA1

10a93ea13dc408b703aea99aebc88cc5a0513b19
SHA256

716538c0cade47a5dce0a9218e1673d05155ed94a831b14cb02a437dc9b3ed0c
SHA512

aadf1f030a4c0c3465937733b735059a183f1ec1b82254b54417264ca324c1c924b82b66d136a77865a0054f5cd34599705fa4955bf1479f06e5c65b70d09c19
SSDEEP

12288:ZCO8eP3i7U2QBm7A3Tnm16j0bSHoR4fg:ZCO8ePSgRBm7CTn+6j0bSI0g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b8feb395f2b8a9ab31f910829ec3c08

Files

7b8feb395f2b8a9ab31f910829ec3c08
.exe windows:4 windows x86 arch:x86

d69e2f541a3a7592469f6241b9f75c7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\qdg.pdb

Imports

kernel32

GetUserDefaultLCID
InitializeCriticalSection
MoveFileExW
TlsSetValue
GetPrivateProfileSectionNamesA
WaitCommEvent
CloseHandle
IsValidCodePage
GetLastError
DeleteCriticalSection
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
SetStdHandle
GetProcessHeap
WriteConsoleA
IsValidLocale
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
ReadConsoleOutputCharacterA
ReadFile
TlsGetValue
Sleep
FlushFileBuffers
VirtualAlloc
GetModuleHandleA
InterlockedIncrement
FreeEnvironmentStringsA
SetHandleCount
GetLocaleInfoA
lstrcmpiW
TlsFree
GetStringTypeA
IsDebuggerPresent
RtlUnwind
GetVersionExA
InterlockedDecrement
GetTimeZoneInformation
HeapAlloc
LCMapStringA
LCMapStringW
GetCurrentProcess
WriteFile
GetConsoleMode
SetFilePointer
QueryPerformanceCounter
TlsAlloc
GetLocaleInfoW
GetEnvironmentStrings
GetProfileSectionW
GetProcAddress
CreateFileA
SetLastError
FreeLibrary
InterlockedExchange
GetModuleFileNameA
HeapCreate
OpenMutexA
GetCurrentThread
PulseEvent
CompareStringA
GetCPInfo
GetSystemTimeAsFileTime
VirtualQuery
GetStartupInfoA
GetOEMCP
WriteConsoleW
HeapDestroy
GetConsoleOutputCP
SetConsoleCursorPosition
GetConsoleCP
EnumSystemLocalesA
HeapSize
CompareStringW
GetCurrentProcessId
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetStringTypeW
GetEnvironmentStringsW
GetACP
GetCurrentThreadId
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetDateFormatA
VirtualFree
GetTimeFormatA
CreateMutexA
HeapReAlloc
GetCommandLineA
HeapFree
GetTickCount
TerminateProcess
GetFileType
LoadLibraryA
SetUnhandledExceptionFilter

wininet

DetectAutoProxyUrl
CreateUrlCacheContainerW
DeleteUrlCacheGroup
SetUrlCacheEntryGroupW
InternetConfirmZoneCrossingA

advapi32

RegEnumKeyA
CryptSignHashA
CryptGetDefaultProviderW
RegDeleteValueA
CryptSetProviderA
RegCreateKeyExA
StartServiceW
CryptExportKey
GetUserNameW
CryptSetProviderExA
RegQueryValueA
CryptAcquireContextA
RegEnumValueW
CryptReleaseContext
CryptSetProvParam
RegSetValueExA
RegOpenKeyExW
LookupPrivilegeValueA
RegSetValueExW
LogonUserA
CryptGetHashParam
CryptDecrypt
LookupAccountNameW
RegDeleteKeyA
RegRestoreKeyW

comctl32

InitCommonControlsEx

user32

ToUnicodeEx
ReleaseCapture
RegisterClassA
GetKeyboardLayoutNameA
RegisterClassExA
GetMessageTime
EnumDesktopsA
SetSystemCursor
DdeUninitialize
SendMessageW
SetWindowsHookExA
DlgDirListComboBoxW
DlgDirSelectExW
DrawIconEx
BeginPaint

gdi32

CreateScalableFontResourceW
SetBkColor
CreateCompatibleDC
OffsetRgn
EnableEUDC
ArcTo
FlattenPath
PlayEnhMetaFileRecord
GetCharABCWidthsFloatA
CreateRectRgn
DeviceCapabilitiesExA
GetCurrentPositionEx

shell32

FreeIconList
DragQueryFile
DragQueryFileAorW

Sections

.text
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d69e2f541a3a7592469f6241b9f75c7c

Headers

File Characteristics

PDB Paths

Imports

kernel32

wininet

advapi32

comctl32

user32

gdi32

shell32

Sections

.text Size: 371KB - Virtual size: 370KB

.rdata Size: 25KB - Virtual size: 55KB

.data Size: 106KB - Virtual size: 106KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 371KB - Virtual size: 370KB

.rdata
Size: 25KB - Virtual size: 55KB

.data
Size: 106KB - Virtual size: 106KB

.rsrc
Size: 8KB - Virtual size: 7KB