7e11ebd96fac71a49a1c1cca296c6f59477cc91fd6ff68408f1fdf1030dadabc

Sharing

Copy URL

Twitter E-mail

General

Target

7e11ebd96fac71a49a1c1cca296c6f59477cc91fd6ff68408f1fdf1030dadabc
Size

1.2MB
MD5

0a5fa11e70fde65d3b62fbb8f09b13e7
SHA1

48ea6938d6d2d30a3635fd7ff5b61824b05a065c
SHA256

7e11ebd96fac71a49a1c1cca296c6f59477cc91fd6ff68408f1fdf1030dadabc
SHA512

4fd021f9e5c2e2007ab986a29847b0bb1ad157522084cf7b4da5d5fcc340311e5d79765d967ff8db8c9fb5a42a00338c2d8bf415ff982f9afc5e010a0362b774
SSDEEP

3072:L5vuqJGKR2jDbG2kn0bfIjlym1PEAei2Hse//xf1BxxZzFFWDn:dvNJjlym1PEpi2NpfDxxYD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e11ebd96fac71a49a1c1cca296c6f59477cc91fd6ff68408f1fdf1030dadabc

Files

7e11ebd96fac71a49a1c1cca296c6f59477cc91fd6ff68408f1fdf1030dadabc
.exe windows:5 windows x86 arch:x86

5723ed92d0f51a8863944939b271a6ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\devops\workspace\p-37d34ce895ed4865ac95061b653d796f\Output\Plugin\Com.Tencent.AudioVideo\bin\QQExternal.pdb

Imports

common

??1CTXBSTR@@QAE@XZ
?MakeLower@CTXStringW@@QAEAAV1@XZ
?Find@CTXStringW@@QBEHPB_WH@Z
?Left@CTXStringW@@QBE?AV1@H@Z
?Find@CTXStringW@@QBEH_WH@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?Right@CTXStringW@@QBE?AV1@H@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??8@YA_NABVCTXStringW@@PB_W@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?GetSession@TXLog@@YAKXZ
?GetLCID@NLS@@YAKXZ
?SetBugReportFlag@TXBugReport@@YAHK@Z
?SetBugReportUin@TXBugReport@@YAXKH@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?SetMainAndLogicMsgLoop@Misc@Util@@YAXPAVMessageLoopForUI@AsyncTask@@PAVMessageLoop@4@@Z
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?OnExitWinMain@Misc@Util@@YAXXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
??1CTXStringW@@QAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
?GetBSTR@CTXStringW@@QBEPA_WXZ
??4CTXStringW@@QAEAAV0@PA_W@Z
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
?Tokenize@CTXStringW@@QBE?AV1@PB_WAAH@Z
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@PB_W@Z
??BCTXStringW@@QBEPB_WXZ
?IsEmpty@CTXStringW@@QBE_NXZ
??0CTXStringW@@QAE@ABV0@@Z
?Empty@CTXStringW@@QAEXXZ
??0CTXStringW@@QAE@XZ
?GetString@CTXStringW@@QBEPB_WXZ
?GetLength@CTXStringW@@QBEHXZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
??0CTXBSTR@@QAE@XZ
??H@YA?AVCTXStringW@@ABV0@0@Z

asynctask

??1Thread@AsyncTask@@UAE@XZ
??0MessageLoopForUI@AsyncTask@@QAE@XZ
??1MessageLoopForUI@AsyncTask@@UAE@XZ
??1Lock@AsyncTask@@QAE@XZ
??0Lock@AsyncTask@@QAE@XZ
?RegisterCallback@AtExitManager@AsyncTask@@SAXP6AXPAX@Z0@Z
?Release@Lock@AsyncTask@@QAEXXZ
?Acquire@Lock@AsyncTask@@QAEXXZ
?StartWithOptions@Thread@AsyncTask@@QAE_NABUOptions@12@@Z
??0Thread@AsyncTask@@QAE@PBD@Z

kernel32

LocalAlloc
Sleep
CreateFileW
OpenProcess
TerminateProcess
InterlockedExchange
GetModuleFileNameW
GetCommandLineW
SetThreadPriority
ResumeThread
CreateThread
GetCurrentProcessId
WideCharToMultiByte
DeviceIoControl
MapViewOfFile
CloseHandle
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetModuleHandleW
InitializeSListHead
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
GetSystemTimeAsFileTime
LocalFree
GetVersionExW
FindClose
FindFirstFileW
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
OpenFileMappingW
GetCurrentThreadId
GetTickCount
GetLastError

user32

DispatchMessageW
GetSystemMetrics
ReleaseDC
GetWindowDC
GetWindowThreadProcessId
FindWindowW
ChildWindowFromPoint
ScreenToClient
GetWindowRect
GetParent
PostQuitMessage
GetWindowLongW
GetMessageW
TranslateMessage

gdi32

DeleteObject
CreateCompatibleDC
BitBlt
SelectObject
GetBitmapBits
CreateCompatibleBitmap
GetObjectW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegEnumKeyExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoGetClassObject

oleaut32

SysAllocString
SysFreeString
GetErrorInfo

shlwapi

PathFindExtensionW

msvcp140

?_Xlength_error@std@@YAXPBD@Z

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage

ws2_32

WSACleanup
closesocket
getaddrinfo
WSAStartup
inet_addr
socket
inet_ntoa
recvfrom
htonl
htons
sendto
setsockopt
WSAGetLastError
ntohs

iphlpapi

GetAdaptersAddresses
GetIpForwardTable
GetAdaptersInfo

netapi32

Netbios

vcruntime140

memmove
memcpy
memcmp
_purecall
memchr
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
_except_handler4_common

api-ms-win-crt-string-l1-1-0

wcscat_s
strncpy_s
tolower
_stricmp
wcslen
strlen
isalnum
wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__p__commode
__stdio_common_vswprintf_s
_set_fmode
__stdio_common_vsnprintf_s

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-runtime-l1-1-0

_resetstkoflw
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_controlfp_s
__p___argv
__p___argc
_exit
exit
_initterm_e
_initterm
_register_onexit_function
terminate
_set_app_type
_c_exit
_get_initial_narrow_environment
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_exe
_crt_atexit
_cexit

api-ms-win-crt-utility-l1-1-0

rand
labs
srand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5723ed92d0f51a8863944939b271a6ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

common

asynctask

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

msvcp140

gdiplus

ws2_32

iphlpapi

netapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 67KB - Virtual size: 68KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 67KB - Virtual size: 68KB