SecuriteInfo[.]com[.]W64[.]ABRisk[.]QFLC-7046[.]15147[.]8967

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.W64.ABRisk.QFLC-7046.15147.8967
Size

6.1MB
MD5

011e4c8d4716feb9ca917e4fa5efa95d
SHA1

4a06c7682bd94c083208306635d542fc61ef8717
SHA256

eef1a8cc4c67c27af7143f564aa2d91ad8a6f8f6e30d767e0f6546008b5c9b25
SHA512

76f802d098f95ab70a693d972c5bdf191d6bcf32e67a02481cbcd941a3006cc4512744bd67123fd1c4e70f6b7f9da3ca6e4b9aeaeebac95d8c9d351d51f7af54
SSDEEP

98304:O8DqHX3X8KvRCQPRU8YLRk1vC7hyKtv+W/1SAZEQFLU:O8DqHXdpPuRlQvC7EyZ/1HEoLU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.W64.ABRisk.QFLC-7046.15147.8967

Files

SecuriteInfo.com.W64.ABRisk.QFLC-7046.15147.8967
.exe windows:6 windows x64 arch:x64

2d99b23b0bab8b0fca14bb2a3b2a08d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

setsockopt

crypt32

CertEnumCertificatesInStore

wldap32

ord217

normaliz

IdnToAscii

kernel32

GetDateFormatW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

FindWindowExW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptEncrypt

imm32

ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

ntdll

RtlAdjustPrivilege

d3dx9_43

D3DXCreateTextureFromFileInMemory

d3d9

Direct3DCreate9

bcrypt

BCryptGenRandom

wtsapi32

WTSSendMessageW

Exports

Exports

�4�1��Y��V�Upd$�_��G��q��"��g��"��99��Z"�%�'C�7��h��`Da�f�"I�*��񋡆@�M.�"�o��V��Bo��l��E�|�t��I�)�T��I ��3��[�Q6~RN/�Xz��pJvm��燀�v| ��[��L[�o��'Iy: �"�n�n��?j�?J0�?�M(?�WF�G)��R��3c�5�6�`��xЉ�Wh�D��E��FeЂ�z|�z>1�rB�N��*�{��4!,��O�R��3-��0�Z,��MS��:�F��^^�8V�׏=��L��c6ǉ�>��Az�u9^�3�~vƇ .<�<a>��l�^�~��C�.��p{��%z�Ƿ��Y��yB6��|�m)��d��F��W��']��z��v]�!��9u53l,kS)�� Y�n�C�jM^?��3L�ݸoǋ�)Ͱϧ��f��%rf�I�^�kc��0_�ę�W�N|�G��Ng�i�4Y�7� 7��̞uu�`Ǎ��`�!�[�*.CRk�8�G��8��eGτ&L�}1K��;�W�?��L�A��k�<�Fc�.%I�6�u��r��l&��s�Li<�Ss �8�-6�3��\�!��<)��h�n��g��!�U��j�10�&��iѥ��HۢK�ng�Vi�O��q�AFl��e��D��ͩ R�~2v'C��K\檡g��f;D�}<0v�hsS�ӚD�tS)B�E��<}��D�C�_�GT�!Ȕ�a�� <y�KfV��(�a�m�(/�;��%ob3�{G<S��Ɯm,�EX{��C��x�z��~|��4FFjSr�z�k�Sb>=A=ʖ%��a6� ۞� ��&��)�M:W�*j�&�%�h��t��[h�Du�!@��k �.�ƞ�u�K~�Īp(E�{��и��ɩvl��w~��P%��Qb�h�I8(��3�{p��* ��f��o�tznj��M�0��Q��6�D}��t8�Ԑ��g�o$��zG�<a��W~l ��'��Gp�;��@�>��=� ��at��l��p��lT��%��Q�(IO�`��G6�O�?_�G��%V�}@��,h�}��=��8:��[��4��WVA��n.��M��j9�Ro�Np�6b��q� ˶��b��zE��b`��_�� w6��1JE��{��E��c犿H8��l�� fbxޝ �_��I��To��3��;hk��T�K��8�aH�/�ܸu_�F��0��R�::�@�.�.>��?g��Y��s��Q��W ��D�y��4�=�p��5Σ�sԴ��%Ἡ��έVSkд;��J��Jp]�#��H�� I�Ȁ��Om:�W&��2Ʋk(��Ϲ��,r?��,^�02DxM"hG�l|N�&��hG�G&=��C��,%�@ �[F�u��@3D�ׁ�v�B�)��O,�݁>}].JqN"�O��wʦ�\:$��¤�ԧ��=8��H�˙~��ԬM��L��z,v��V�s0GI��W*07��w��r�e'H6�Bv�RV2+��n��G+ R�'�"�@ʘ��bӬg��h� s��Z*GK� ��}TM��Y��E��9��|{K�6i��6 k�o�|�z"3�_٧(���Fz��o�0�Ǉjk��K��/h z�kA��ɢ�N�^�PT��p :I�X�Ø�T��S��Yݼ@n�W/\�߁2Ksns�3��T�۝�(�K��+UҬ{��8�㍓U�!��Y�/�� g̠��<Gr�,��,�^_7>v*d��I��Eᐮ��l�Hk%$IJ�O?4h�uq�|��ZRJtl��U!�P��*?�[<��R��6�a�S~�X�Z�zB�ZJ��w��-��.��Ze�C�[��-4�Z׮9 ��ն��wB�df��Y�ӓ�р _�t�Ho�~�9�q�w�tL�m.,��XY��B�}��g��cǿ��a�� X��.��񕁩U��|�� n��]�!�BP{�މV�mb::h��N�͋9UL�@(,��'>�̘�V$a;�ύj.BJz�ն:��N��8�#��ֿK�-}��db4��r�a5��?�-�$��s�+��`�ߚ��Mr\ʟ��<8 K�\Ę�Q�>�6�~-��m-��f'ba�~�:��4Z�J}��\�QL �'EA��l��#;!$�c��?�s��*U�� uH�%��l��u?��R�:8��]VaXuܢw��`/��+n!�� |ˌz::%v �ϳ��i]�V�E��M��2�qI0F�u1��_t%9eO�m��I��1��Tr��P��>��v h��e��!�$��D��"V%B�U��/yA��l�V�a�)�09_��~T��V>�?.��z��xg0�nq��^��x��M?.��RTP�:��ѩ鹜1�- �ߐG��޶�nl�)��F��Zs[&�ؚ��.��o����!өoF��pĞ�.��-��BMs�\go�m��d�U�S��;�rۜ��k[�2�� j�ȅ _��6�V��w%CN�ϱ�=c��H�p~~h �2�bvzY��2~�W�Y�%��F+N��8��r��[[<o/ pӸ�&�ǳ!CY�q+�S�E�٥�9*ZS�8�I]�b�|��Kh~X��@�2�� u|��Yџ�I��W�T8�.�[�S~��⻿�;#*�:�Xf�H��b�I`}~9=�� q�%jʸ��(��(��x�b[<�p ��F�Ԑ��KX�

Sections

0F&N}iDr
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zGJvl#lk
Size: - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Rb=g?.}>
Size: - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

c<K0)ujQ
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

YFJM|-{/
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cxa?7^|S
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

#s,h{c$w
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

&F!ld8hE
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d99b23b0bab8b0fca14bb2a3b2a08d9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

advapi32

imm32

dwmapi

ntdll

d3dx9_43

d3d9

bcrypt

wtsapi32

Exports

Exports

Sections

0F&N}iDr Size: - Virtual size: 1.5MB

zGJvl#lk Size: - Virtual size: 420KB

Rb=g?.}> Size: - Virtual size: 609KB

c<K0)ujQ Size: - Virtual size: 66KB

YFJM|-{/ Size: - Virtual size: 244B

cxa?7^|S Size: - Virtual size: 3.2MB

#s,h{c$w Size: 6.1MB - Virtual size: 6.1MB

&F!ld8hE Size: 512B - Virtual size: 480B

0F&N}iDr
Size: - Virtual size: 1.5MB

zGJvl#lk
Size: - Virtual size: 420KB

Rb=g?.}>
Size: - Virtual size: 609KB

c<K0)ujQ
Size: - Virtual size: 66KB

YFJM|-{/
Size: - Virtual size: 244B

cxa?7^|S
Size: - Virtual size: 3.2MB

#s,h{c$w
Size: 6.1MB - Virtual size: 6.1MB

&F!ld8hE
Size: 512B - Virtual size: 480B