9bb0a4996f5cd95bd7838bc380f50877c58d233c3b44c4fa4237333fd95fd6c5

Sharing

Copy URL

Twitter E-mail

General

Target

9bb0a4996f5cd95bd7838bc380f50877c58d233c3b44c4fa4237333fd95fd6c5
Size

1.5MB
MD5

6de209a24c98dd22c4ac7b087e2dc7eb
SHA1

32d4cc83c54b1d90950f6582729b5954a752a090
SHA256

9bb0a4996f5cd95bd7838bc380f50877c58d233c3b44c4fa4237333fd95fd6c5
SHA512

c3b19333d10057dc58ff384092ccde97ba9c0ede18ee6e163a56194444aaa97f13b0d38f8bb39a84c74e774f5e6a43f6cdf147017cfedfa859371e038ed14fa0
SSDEEP

12288:N6MyMPoH/uLJOyo937vGFWxwFJI+yeuVb8r+ZP712Ii+51cjVWtVj5J:N6MyMc2JOt934J7Z6bQaj1BvUm9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bb0a4996f5cd95bd7838bc380f50877c58d233c3b44c4fa4237333fd95fd6c5

Files

9bb0a4996f5cd95bd7838bc380f50877c58d233c3b44c4fa4237333fd95fd6c5
.exe windows:6 windows x64 arch:x64

4b1d69628da646415e8924209067e1fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\home\jenkins\agent\workspace\ase-1.0.2-DLL-Error-ScheduleTask\src\QSHelper\bin\x64\Release\QSHelper.pdb

Imports

kernel32

DeleteFileW
Process32FirstW
CloseHandle
ResetEvent
GetLocalTime
GetProcAddress
VirtualAllocEx
WTSGetActiveConsoleSessionId
DeleteCriticalSection
VerSetConditionMask
ReadProcessMemory
CreateProcessW
GetModuleHandleW
VerifyVersionInfoW
GetSystemTimeAsFileTime
VirtualFreeEx
Process32NextW
GetFullPathNameW
SetFilePointer
CreateFileW
LoadLibraryExW
GetLastError
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
GetTickCount64
Sleep
CreateEventW
CreateToolhelp32Snapshot
OpenProcess
SetEvent
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
CreateMutexW
GetSystemPowerStatus
K32GetModuleFileNameExW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
FindNextFileW
FindFirstFileW
ReadFile
GetStartupInfoW

user32

DefWindowProcW
PostMessageW
FindWindowExW
GetWindowRect
CreateWindowExW
SendMessageW
GetSystemMetrics
GetMessageW
CreatePopupMenu
GetWindowThreadProcessId
GetCursorPos
InvalidateRect
SetForegroundWindow
RegisterWindowMessageW
TrackPopupMenu
LoadStringW
ShowWindow
DispatchMessageW
PostQuitMessage
RegisterPowerSettingNotification
TranslateMessage
SetTimer
UnregisterPowerSettingNotification
KillTimer
AppendMenuW
GetClientRect
LoadCursorW
FindWindowW
RegisterClassW
LoadIconW

advapi32

RegSetKeyValueW
RegOpenKeyExW
CreateProcessAsUserW
GetUserNameW
RegQueryValueExW
RegNotifyChangeKeyValue
RevertToSelf
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
FreeSid
RegSetValueExW
ImpersonateLoggedOnUser
RegCreateKeyExW
RegDeleteKeyValueW
AllocateAndInitializeSid
RegCloseKey
CheckTokenMembership

shell32

SHGetKnownFolderPath
ShellExecuteW
Shell_NotifyIconW

ole32

StringFromGUID2
CoCreateGuid
CoTaskMemFree

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

shlwapi

PathFileExistsW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

wintrust

WinVerifyTrust

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memmove
__std_exception_copy
__std_exception_destroy
memset
_CxxThrowException
wcsrchr
memcpy

api-ms-win-crt-filesystem-l1-1-0

_waccess_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_wfsopen
__stdio_common_vfwprintf
fflush
__p__commode
__stdio_common_vswprintf
fclose

api-ms-win-crt-string-l1-1-0

_wcsicmp
_wcsnicmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_cexit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
terminate
_invalid_parameter_noinfo_noreturn
_set_app_type
_beginthreadex

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b1d69628da646415e8924209067e1fc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp140

shlwapi

wtsapi32

userenv

api-ms-win-shcore-scaling-l1-1-1

wintrust

vcruntime140_1

vcruntime140

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 1.4MB - Virtual size: 2.2MB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 1.4MB - Virtual size: 2.2MB