e221ff3eb4701c0be67564caa4c2d64878a1b9d1655b9e0eaf1e6a827f7a009c

Sharing

Copy URL

Twitter E-mail

General

Target

e221ff3eb4701c0be67564caa4c2d64878a1b9d1655b9e0eaf1e6a827f7a009c
Size

1.5MB
MD5

5bc5a89593938822dbb763f1c4a9d874
SHA1

346abe45fcf49bf28c1cb36f04d52c5ee6065614
SHA256

e221ff3eb4701c0be67564caa4c2d64878a1b9d1655b9e0eaf1e6a827f7a009c
SHA512

00f5e46f75c5eadb81522267ae1b99debd3802b5404740cd6454b536b443d4e909058097e2e6e9d7c72e905f41f2ba16df3487553f654d59ec585fcc184e59b6
SSDEEP

12288:3PYvxCP/iSdN1D2eMFvH/KNJIiaVe9891oN7Jv0GynIqPDLQ9D7310iPf9j7738E:3P/bxJT7JsnIqc10iH9j7Tm3+vQgn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e221ff3eb4701c0be67564caa4c2d64878a1b9d1655b9e0eaf1e6a827f7a009c

Files

e221ff3eb4701c0be67564caa4c2d64878a1b9d1655b9e0eaf1e6a827f7a009c
.exe windows:5 windows x86 arch:x86

9269de9c1b684a193ff42c3fe49da4a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\devops\workspace\p-37d34ce895ed4865ac95061b653d796f\Misc\Setup3\build\Release\QQSetupEx.pdb

Imports

ws2_32

ntohl
htons
recv
inet_ntoa
connect
socket
send
inet_addr
WSAStartup
gethostbyname
closesocket
WSACleanup
htonl

netapi32

Netbios

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetQueryOptionW
InternetReadFile
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetGetConnectedState

arkhttpclient

arkHTTPShutdown
arkHTTPSetLogCallback
arkHTTPSendRequest
arkHTTPQueryInfo
arkHTTPClose
arkHTTPSetOption
arkHTTPOpen
arkHTTPStartup
arkHTTPCancelRequest

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl

kernel32

CompareStringW
GetACP
ExitProcess
GetConsoleCP
SetFilePointerEx
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
EncodePointer
RtlUnwind
OutputDebugStringW
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
CreateDirectoryW
GetLongPathNameW
GetTempPathW
GetFileAttributesW
DeleteFileW
ReadFile
WriteFile
SetFilePointer
CreateFileW
GetLastError
CloseHandle
GetFileSize
GetVersionExW
SizeofResource
HeapFree
GetCommandLineW
InitializeCriticalSectionAndSpinCount
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
HeapSize
LockResource
HeapReAlloc
RaiseException
CreateThread
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
GetLocalTime
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
OpenThread
GetCurrentProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetCurrentProcessId
lstrcmpiW
OpenMutexW
MoveFileW
GetExitCodeProcess
ExpandEnvironmentStringsW
WaitForMultipleObjects
GetModuleHandleA
CreateEventW
MultiByteToWideChar
LoadLibraryW
GetCurrentDirectoryW
FreeLibrary
DeviceIoControl
InterlockedExchange
FindFirstFileW
InterlockedCompareExchange
FindClose
SwitchToThread
CopyFileW
MoveFileExW
WideCharToMultiByte
GetModuleFileNameW
GetSystemDirectoryW
FreeResource
GetFileSizeEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFileAttributesW
Sleep
LoadLibraryA
QueryPerformanceFrequency
GetSystemTimeAsFileTime
VirtualQuery
GetProcessTimes
GetStdHandle
CreatePipe
DuplicateHandle
CreateProcessW
GlobalAddAtomW
SetEvent
SetErrorMode
GetWindowsDirectoryW
GetVersion
GlobalAlloc
GlobalFree
OpenProcess
lstrcmpW
lstrcpynW
lstrcpyW
lstrcatW
lstrlenA
lstrlenW
GetTempFileNameW
RemoveDirectoryW
FindNextFileW
GetShortPathNameW
MulDiv
GetPrivateProfileStringW
WritePrivateProfileStringW
SetCurrentDirectoryW
GetFullPathNameW
SearchPathW
ResetEvent
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
TlsSetValue
ReleaseSemaphore
TlsAlloc
TlsGetValue
TlsFree
CreateSemaphoreA
SetLastError
PeekNamedPipe
FlushFileBuffers
SetEndOfFile
GetConsoleMode
ReadConsoleW
WriteConsoleW
GetFileType
FileTimeToSystemTime
TerminateProcess
LCMapStringW
GetStartupInfoW
UnhandledExceptionFilter
GetStringTypeW
WaitForSingleObjectEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetTimeZoneInformation

user32

CreateWindowExW
SendMessageW
RegisterClassExW
ShowWindow
IsWindow
GetDesktopWindow
GetClassInfoExW
LoadMenuW
PostMessageW
TrackPopupMenu
GetSubMenu
DestroyMenu
SetForegroundWindow
GetCursorPos
DestroyWindow
DispatchMessageW
PeekMessageW
wsprintfW
wvsprintfW
GetWindowLongW
SetTimer
RegisterClassW
SetWindowLongW
KillTimer
LoadImageW
UpdateWindow
SendMessageTimeoutW
CharUpperW
UnregisterClassW
DefWindowProcW
SetWindowTextW
MessageBoxIndirectW
CharPrevW
CharNextW
GetMessageW
FindWindowW
PostThreadMessageW
TranslateMessage

gdi32

GetStockObject

advapi32

RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
RegEnumKeyW
RegEnumValueW

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoTaskMemFree
CoUninitialize
CoCreateGuid
CoInitialize

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathFileExistsW
StrChrIA
PathIsDirectoryW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
WTHelperGetProvCertFromChain
WinVerifyTrust
CryptCATAdminAcquireContext

crypt32

CertGetNameStringW

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 560KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9269de9c1b684a193ff42c3fe49da4a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

netapi32

version

wininet

arkhttpclient

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

wintrust

crypt32

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 8KB - Virtual size: 300KB

.QMGuid Size: 512B - Virtual size: 20B

.ndata Size: - Virtual size: 560KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 82KB - Virtual size: 84KB

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 8KB - Virtual size: 300KB

.QMGuid
Size: 512B - Virtual size: 20B

.ndata
Size: - Virtual size: 560KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 82KB - Virtual size: 84KB