87082a14aa2c627808638492362e62c83c2c038a236916194e92e3a1eaf1bff7

Sharing

Copy URL

Twitter E-mail

General

Target

87082a14aa2c627808638492362e62c83c2c038a236916194e92e3a1eaf1bff7
Size

1.5MB
MD5

f6be3f2d61a2d3c0dcd9428737418805
SHA1

c243a3534266265f34316462627f45ce56fba13f
SHA256

87082a14aa2c627808638492362e62c83c2c038a236916194e92e3a1eaf1bff7
SHA512

f041854c0d3e332a3018ea9dcde479a921715be3260e03d4e634ea666f35416dcd9fe8f4fba4243fe296628ef93f0e3e60d9553da282e633ab05e7acc36e294e
SSDEEP

12288:C6MyMHoH/uLJOyo937vGFWxwFJI+yeuVb8r+ZP712Ii+51cjVWtVj5J:C6MyMk2JOt934J7Z6bQaj1BvUm9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87082a14aa2c627808638492362e62c83c2c038a236916194e92e3a1eaf1bff7

Files

87082a14aa2c627808638492362e62c83c2c038a236916194e92e3a1eaf1bff7
.exe windows:6 windows x64 arch:x64

4b1d69628da646415e8924209067e1fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\home\jenkins\agent\workspace\ase-1.0.2-DLL-Error-ScheduleTask\src\QSHelper\bin\x64\Release\QSHelper.pdb

Imports

kernel32

DeleteFileW
Process32FirstW
CloseHandle
ResetEvent
GetLocalTime
GetProcAddress
VirtualAllocEx
WTSGetActiveConsoleSessionId
DeleteCriticalSection
VerSetConditionMask
ReadProcessMemory
CreateProcessW
GetModuleHandleW
VerifyVersionInfoW
GetSystemTimeAsFileTime
VirtualFreeEx
Process32NextW
GetFullPathNameW
SetFilePointer
CreateFileW
LoadLibraryExW
GetLastError
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
GetTickCount64
Sleep
CreateEventW
CreateToolhelp32Snapshot
OpenProcess
SetEvent
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
CreateMutexW
GetSystemPowerStatus
K32GetModuleFileNameExW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
FindNextFileW
FindFirstFileW
ReadFile
GetStartupInfoW

user32

DefWindowProcW
PostMessageW
FindWindowExW
GetWindowRect
CreateWindowExW
SendMessageW
GetSystemMetrics
GetMessageW
CreatePopupMenu
GetWindowThreadProcessId
GetCursorPos
InvalidateRect
SetForegroundWindow
RegisterWindowMessageW
TrackPopupMenu
LoadStringW
ShowWindow
DispatchMessageW
PostQuitMessage
RegisterPowerSettingNotification
TranslateMessage
SetTimer
UnregisterPowerSettingNotification
KillTimer
AppendMenuW
GetClientRect
LoadCursorW
FindWindowW
RegisterClassW
LoadIconW

advapi32

RegSetKeyValueW
RegOpenKeyExW
CreateProcessAsUserW
GetUserNameW
RegQueryValueExW
RegNotifyChangeKeyValue
RevertToSelf
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
FreeSid
RegSetValueExW
ImpersonateLoggedOnUser
RegCreateKeyExW
RegDeleteKeyValueW
AllocateAndInitializeSid
RegCloseKey
CheckTokenMembership

shell32

SHGetKnownFolderPath
ShellExecuteW
Shell_NotifyIconW

ole32

StringFromGUID2
CoCreateGuid
CoTaskMemFree

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

shlwapi

PathFileExistsW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

wintrust

WinVerifyTrust

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memmove
__std_exception_copy
__std_exception_destroy
memset
_CxxThrowException
wcsrchr
memcpy

api-ms-win-crt-filesystem-l1-1-0

_waccess_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_wfsopen
__stdio_common_vfwprintf
fflush
__p__commode
__stdio_common_vswprintf
fclose

api-ms-win-crt-string-l1-1-0

_wcsicmp
_wcsnicmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_cexit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
terminate
_invalid_parameter_noinfo_noreturn
_set_app_type
_beginthreadex

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b1d69628da646415e8924209067e1fc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp140

shlwapi

wtsapi32

userenv

api-ms-win-shcore-scaling-l1-1-1

wintrust

vcruntime140_1

vcruntime140

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 1.4MB - Virtual size: 2.2MB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 1.4MB - Virtual size: 2.2MB