d3db24df438df3f0f9351df1fddab06efc4f880ce3b8471394aff01e0596d9c6

Sharing

Copy URL

Twitter E-mail

General

Target

d3db24df438df3f0f9351df1fddab06efc4f880ce3b8471394aff01e0596d9c6
Size

46KB
MD5

f8bd80adc5a847ffdd7c52918733b762
SHA1

d3965ff2af04fa28e811c07de9dec15223925ee1
SHA256

d3db24df438df3f0f9351df1fddab06efc4f880ce3b8471394aff01e0596d9c6
SHA512

17b9cdbad53904436e12c96c88692d37c41748b5e6ae93d65a16adcade729a99e2e1eefedf19a86f7cdf5c11c70234add6bd44aa841cd3d481856c2b3297af26
SSDEEP

768:CVe5H+cfxyamTUvzN79sYrddKpskQqzLd53evO/q5LZ:Co++yaNx9Frj0ziO/qP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3db24df438df3f0f9351df1fddab06efc4f880ce3b8471394aff01e0596d9c6

Files

d3db24df438df3f0f9351df1fddab06efc4f880ce3b8471394aff01e0596d9c6
.exe windows:5 windows x64 arch:x64

359baea96dcc49f95a479a9562e1b6f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcurl

ord4
ord1
ord7
ord11
ord5
ord71
ord70
ord29
ord33
ord37
ord28
ord34
ord36

qt5xml

??1QDomElement@@QEAA@XZ
?text@QDomElement@@QEBA?AVQString@@XZ
??4QDomElement@@QEAAAEAV0@AEBV0@@Z
?setContent@QDomDocument@@QEAA_NAEBVQByteArray@@PEAVQString@@PEAH2@Z
?documentElement@QDomDocument@@QEBA?AVQDomElement@@XZ
??1QDomDocument@@QEAA@XZ
??0QDomDocument@@QEAA@XZ
?nextSiblingElement@QDomNode@@QEBA?AVQDomElement@@AEBVQString@@@Z
?firstChildElement@QDomNode@@QEBA?AVQDomElement@@AEBVQString@@@Z
?isNull@QDomNode@@QEBA_NXZ
?nodeName@QDomNode@@QEBA?AVQString@@XZ
??1QDomNode@@QEAA@XZ

qt5core

?toUtf8@QString@@QEBA?AVQByteArray@@XZ
?fromUtf8@QString@@SA?AV1@PEBDH@Z
?toInt@QString@@QEBAHPEA_NH@Z
?number@QString@@SA?AV1@HH@Z
??8@YA_NAEBVQString@@0@Z
??M@YA_NAEBVQString@@0@Z
?append@QString@@QEAAAEAV1@AEBV1@@Z
?append@QString@@QEAAAEAV1@PEBD@Z
??9QString@@QEBA_NPEBD@Z
?compare_helper@QString@@CAHPEBVQChar@@HPEBDHW4CaseSensitivity@Qt@@@Z
?qHash@@YAIAEBVQString@@I@Z
?realloc@QListData@@QEAAXH@Z
?remove@QListData@@QEAAXH@Z
?size@QListData@@QEBAHXZ
?at@QListData@@QEBAPEAPEAXH@Z
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
?allocateNode@QHashData@@QEAAPEAXH@Z
?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z
?rehash@QHashData@@QEAAXH@Z
?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z
?firstNode@QHashData@@QEAAPEAUNode@1@XZ
?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z
??0QFileInfo@@QEAA@AEBVQString@@@Z
??1QFileInfo@@QEAA@XZ
?fileName@QFileInfo@@QEBA?AVQString@@XZ
?nextNode@QMapNodeBase@@QEBAPEBU1@XZ
?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
??1QDebug@@QEAA@XZ
??6QDebug@@QEAAAEAV0@H@Z
??6QDebug@@QEAAAEAV0@J@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z
?shared_null@QHashData@@2U1@B
?shared_null@QMapDataBase@@2U1@B
?fromLocal8Bit@QString@@SA?AV1@PEBDH@Z
?close@QFileDevice@@UEAAXXZ
?setFileName@QFile@@QEAAXAEBVQString@@@Z
?exists@QFile@@QEBA_NXZ
?remove@QFile@@QEAA_NXZ
?arg@QString@@QEBA?AV1@GHHVQChar@@@Z
?arg@QString@@QEBA?AV1@HHHVQChar@@@Z
?arg@QString@@QEBA?AV1@KHHVQChar@@@Z
?constData@QString@@QEBAPEBVQChar@@XZ
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
??0QString@@QEAA@XZ
?constData@QByteArray@@QEBAPEBDXZ
??0QByteArray@@QEAA@AEBV0@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
??0QMessageLogger@@QEAA@PEBDH0@Z
?shared_null@QListData@@2UData@1@B
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QFile@@UEAA@XZ
??0QFile@@QEAA@AEBVQString@@@Z
?append@QListData@@QEAAPEAPEAXXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
??1QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
??1QByteArray@@QEAA@XZ
??0QString@@QEAA@PEBD@Z

kernel32

GetNativeSystemInfo
WideCharToMultiByte
LocalFree
GetCommandLineW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetVersionExW

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z

msvcr120

_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
__crtCapturePreviousContext
exit
__set_app_type
__getmainargs
__crtGetShowWindowMode
?terminate@@YAXXZ
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
printf
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
memmove
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_purecall
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
__crtSetUnhandledExceptionFilter
_exit
??_V@YAXPEAX@Z
_amsg_exit

shell32

CommandLineToArgvW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

359baea96dcc49f95a479a9562e1b6f5

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

qt5xml

qt5core

kernel32

msvcp120

msvcr120

shell32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 512B - Virtual size: 112B

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 512B - Virtual size: 112B