cead261e5babda8a6a5cecf36894ec629d6f1b7b5cbe95f48b65bf0cde25fa23

Sharing

Copy URL

Twitter E-mail

General

Target

cead261e5babda8a6a5cecf36894ec629d6f1b7b5cbe95f48b65bf0cde25fa23
Size

4.8MB
MD5

9c3a923a499407835c26b0afd78ed72b
SHA1

bab3a2ac78322dd96ff2b913a5b9721738ea7345
SHA256

cead261e5babda8a6a5cecf36894ec629d6f1b7b5cbe95f48b65bf0cde25fa23
SHA512

b438b04fc54dc14aff6b14609d71a90d0f6be31241d23412ec0c13e64a0ae998e84627550017ed2e0b55c4167352389e99824054f698590a99753a027d7db957
SSDEEP

98304:83c7WYPWEOdmLaBcoA/63G/dbjdfIMbLili8Mf27pJXvpv1ZlPHOFLyS+n:t7eEOdmLaKO3sAMOFf7PRvVvOFLcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cead261e5babda8a6a5cecf36894ec629d6f1b7b5cbe95f48b65bf0cde25fa23

Files

cead261e5babda8a6a5cecf36894ec629d6f1b7b5cbe95f48b65bf0cde25fa23
.exe windows:6 windows x86 arch:x86

55db000c5bf0dbb1ec47b9f7e064e973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\video_clip\develop\QYMediaFormat_lmm\Output\Bin\Release\Win32\Setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetProcessId
Module32FirstW
Module32NextW
lstrcmpA
WTSGetActiveConsoleSessionId
GetThreadLocale
SetThreadLocale
GetSystemInfo
GetWindowsDirectoryW
GetSystemDirectoryW
GetEnvironmentVariableW
DeviceIoControl
GetFileAttributesExW
lstrlenA
SetFileAttributesW
MoveFileExW
lstrcpynA
FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateFileMappingW
MapViewOfFile
GetFileSizeEx
GetLongPathNameW
IsBadReadPtr
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetVolumeInformationW
ResetEvent
SetEvent
PostQueuedCompletionStatus
GetExitCodeThread
CreateEventW
CreateIoCompletionPort
GetQueuedCompletionStatus
SetErrorMode
DecodePointer
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
ReadProcessMemory
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
VirtualFreeEx
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetCurrentThread
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
QueryPerformanceFrequency
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
LCMapStringEx
GetCPInfo
CompareStringEx
FormatMessageA
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
lstrcpyW
GetTimeZoneInformation
CreateRemoteThread
RaiseException
GetLastError
WriteProcessMemory
VirtualAllocEx
GetCurrentProcess
Thread32Next
Thread32First
K32EnumProcessModules
HeapDestroy
HeapAlloc
GetSystemTime
GetNativeSystemInfo
LocalFileTimeToFileTime
SystemTimeToFileTime
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetModuleFileNameW
GetFileSize
CreateFileA
OpenEventW
LocalAlloc
K32GetModuleFileNameExW
ReadFile
GetStartupInfoW
CreatePipe
GetExitCodeProcess
CreateProcessW
MoveFileW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
OutputDebugStringW
SetFilePointer
GetPrivateProfileStringW
GetPrivateProfileIntW
CopyFileW
lstrlenW
GlobalSize
CreateThread
TerminateThread
WaitForSingleObject
InitializeCriticalSection
GetVersionExW
GetFileTime
SetFileTime
GlobalUnlock
GlobalLock
WriteFile
DeleteFileW
GetTempFileNameW
GetTempPathW
LoadLibraryW
GetTickCount
MulDiv
GetModuleHandleW
GetCurrentProcessId
OpenProcess
GetModuleHandleA
FreeResource
GlobalFree
GlobalAlloc
Sleep
VerSetConditionMask
VerifyVersionInfoW
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
lstrcmpiW
LoadLibraryExW
GetProcAddress
FreeLibrary
CloseHandle
CreateFileW
CreateDirectoryW
GetVersion
SetStdHandle

user32

RegisterClipboardFormatW
GetSysColor
SetCaretPos
CreateCaret
GetCaretBlinkTime
wsprintfW
UpdateWindow
CloseClipboard
SetClipboardData
FindWindowW
FindWindowExW
WaitForInputIdle
ReleaseDC
SetWindowPos
MoveWindow
PostQuitMessage
LoadCursorW
KillTimer
SetTimer
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SetWindowLongW
GetWindowLongW
GetDlgItem
UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
GetDC
GetIconInfo
IsClipboardFormatAvailable
UpdateLayeredWindow
SetActiveWindow
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
MonitorFromPoint
GetClientRect
GetWindowRect
MapWindowPoints
GetParent
OpenClipboard
LoadIconW
MonitorFromWindow
GetMonitorInfoW
MessageBoxW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
SetRectEmpty
EqualRect
SetCursor
ClientToScreen
GetCursorPos
PtInRect
ScreenToClient
GetDoubleClickTime
CopyRect
IntersectRect
PostMessageW
SystemParametersInfoW
BeginPaint
EndPaint
IsIconic
InvalidateRect
TrackMouseEvent
SetFocus
GetCursor
SetCapture
ReleaseCapture
SetWindowRgn
EnableWindow
GetForegroundWindow
GetWindowTextW
SetForegroundWindow
IsWindowVisible
GetFocus
GetWindowTextLengthW
SetWindowTextW
IsRectEmpty
LoadImageW
FillRect
IsZoomed
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
GetWindow
EmptyClipboard
DrawTextW

gdi32

Rectangle
CreatePen
RestoreDC
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
GetDeviceCaps
GetStockObject
SetBkColor
GetBitmapBits
StretchBlt
SetStretchBltMode
SetPixel
CreateFontIndirectW
CreateSolidBrush
GetTextExtentPointW
GetObjectW
SetTextColor
SetBkMode
CreateRectRgn
CombineRgn
CreateRoundRectRgn
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
SetBitmapBits
GetTextColor
GetCurrentObject
SetTextCharacterExtra
GetViewportOrgEx
CopyMetaFileW
SelectPalette
RealizePalette
CreateDIBSection
GetDIBits

advapi32

RegOpenKeyExW
AccessCheck
MapGenericMask
DuplicateToken
GetFileSecurityW
RegNotifyChangeKeyValue
RegConnectRegistryW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
LookupAccountNameW
GetUserNameW
GetUserNameA
LookupAccountNameA
GetSidIdentifierAuthority
IsValidSid
GetLengthSid
SetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
EnumServicesStatusExW
CreateProcessAsUserW
DuplicateTokenEx
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeleteService
ControlService
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceStatus
RegEnumKeyW
CloseServiceHandle
CreateServiceW
StartServiceW
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteW
SHGetFolderPathW
ord165
SHCreateDirectoryExW
CommandLineToArgvW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteExW
SHGetKnownFolderPath
SHGetPathFromIDListW

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateGuid
OleRun
OleDuplicateData
RegisterDragDrop
RevokeDragDrop
OleSetContainedObject
CoSetProxyBlanket
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReleaseStgMedium
CreateStreamOnHGlobal
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleCreateStaticFromData
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocString
SysAllocStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantCopy
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysStringLen
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

PathCommonPrefixW
PathIsPrefixW
PathCanonicalizeW
PathIsRootW
PathRelativePathToW
StrFormatByteSizeW
UrlGetPartW
StrToIntExW
SHDeleteValueW
SHGetValueW
PathIsDirectoryW
PathSearchAndQualifyW
ord176
AssocQueryStringW
SHDeleteKeyW
SHSetValueW
PathRemoveBackslashW
StrCmpIW
PathCombineW
PathAppendW
PathAddBackslashW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW
PathFileExistsW
StrCpyNW

comctl32

ord17
DrawShadowText
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCloneBrush
GdipDeleteBrush
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapLockBits
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateSolidFill

crypt32

CertGetNameStringW
CryptBinaryToStringA
CryptBinaryToStringW
CryptStringToBinaryA
CryptStringToBinaryW

wininet

InternetReadFile
InternetSetFilePointer
HttpQueryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW

dbghelp

ImageNtHeader
ImageDirectoryEntryToData

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

secur32

GetUserNameExW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35.8MB - Virtual size: 35.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55db000c5bf0dbb1ec47b9f7e064e973

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

crypt32

wininet

dbghelp

wtsapi32

userenv

netapi32

iphlpapi

secur32

wintrust

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 291KB - Virtual size: 290KB

.data Size: 19KB - Virtual size: 102KB

.rsrc Size: 35.8MB - Virtual size: 35.8MB

.reloc Size: 79KB - Virtual size: 79KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 291KB - Virtual size: 290KB

.data
Size: 19KB - Virtual size: 102KB

.rsrc
Size: 35.8MB - Virtual size: 35.8MB

.reloc
Size: 79KB - Virtual size: 79KB