efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714

Sharing

Copy URL Twitter E-mail

General

Target

efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714
Size

4.9MB
MD5

8ca033b4f6ad41791a7aacb45396f048
SHA1

0d8a8fa29274074f9d69e76fe5cc736ec7b0cdba
SHA256

efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714
SHA512

c852b741754ae029bd780adeb71b94b6c692aefb49baaee358600cb02e8941ea6c55290e530e855a691a2dba3164f5b2235038d661d5fd982262aaaa9c72b113
SSDEEP

24576:uVyYn7ZLqvCS8hANkawqRYDIB2UdGS76i32jFii:aYBpYeGSX325B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714

Files

efe5bcf6972da315764576095dded48dec0ed56c9474983e402a144eecdcf714
.exe windows:5 windows x86 arch:x86

1607a35b1727d7c12db383854cca52cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\workspace\qb10frame_release\chrome\out\Release\uninst.pdb

Imports

kernel32

WideCharToMultiByte
CreateDirectoryW
WriteFile
lstrcmpiW
GetLocalTime
GetShortPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetCurrentThreadId
ExpandEnvironmentStringsW
CreateEventW
CreateMutexW
OpenMutexW
GetSystemDefaultLangID
LocalAlloc
GetSystemInfo
GlobalFree
VirtualQuery
ResumeThread
WritePrivateProfileStringW
SetEndOfFile
VirtualAlloc
VirtualFree
VirtualProtect
GetThreadContext
FlushInstructionCache
SetThreadContext
GetModuleHandleExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
OutputDebugStringW
TerminateThread
GetSystemTimeAsFileTime
SetEvent
DeviceIoControl
IsDebuggerPresent
EncodePointer
CopyFileW
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
LoadLibraryExA
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
MultiByteToWideChar
SetStdHandle
GetCurrentDirectoryW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetACP
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
LoadLibraryExW
InterlockedIncrement
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
FreeLibrary
GetFileAttributesW
TerminateProcess
RemoveDirectoryW
CreateThread
GetWindowsDirectoryW
GetExitCodeProcess
CreateProcessW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersionExW
GetCurrentProcess
GetModuleHandleW
InterlockedExchange
ChangeTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueue
CreateTimerQueue
LocalFree
GetCommandLineW
GetCurrentProcessId
GetTickCount
GetTempPathW
MoveFileExW
GetModuleFileNameW
DeleteFileW
WaitForSingleObject
DecodePointer
LeaveCriticalSection
EnterCriticalSection
FindNextFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
lstrlenW
FindFirstFileW
CloseHandle
GetFullPathNameW
SetLastError
FindClose
GetProcAddress
LoadLibraryW
Sleep
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
ReadFile
GetFileSize
OpenProcess
CreateFileW
InitializeSListHead
WriteConsoleW

user32

IsWindowVisible
SendInput
GetForegroundWindow
SetForegroundWindow
EnumWindows
ClientToScreen
SetWindowRgn
UpdateLayeredWindow
IsZoomed
IsIconic
GetDesktopWindow
GetWindowDC
LoadStringW
CharUpperW
GetClassInfoExW
RegisterClassExW
ShowWindow
PostQuitMessage
wsprintfW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
DispatchMessageW
SetWindowPos
MoveWindow
SetWindowTextW
CallWindowProcW
DefWindowProcW
GetMessageW
DestroyWindow
PostMessageW
OffsetRect
KillTimer
SetTimer
EqualRect
SendMessageW
SetCapture
ReleaseCapture
UnionRect
PtInRect
CreateWindowExW
GetCursorPos
ScreenToClient
IntersectRect
IsWindowEnabled
IsRectEmpty
BeginPaint
EndPaint
GetClientRect
EnumChildWindows
GetParent
DestroyIcon
SetRectEmpty
LoadImageW
SetCursor
LoadCursorW
GetWindowLongW
UpdateWindow
DrawFocusRect
GetDC
IsWindow
ReleaseDC
DrawTextW
FindWindowW
FindWindowExW
GetWindowThreadProcessId
MessageBoxW
SetWindowLongW
TranslateMessage
MapWindowPoints
GetWindow
InvalidateRect
CopyRect
UnregisterClassW
GetSysColor
RedrawWindow

advapi32

RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
ConvertSidToStringSidW
GetTokenInformation
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteValueW

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateGuid
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathFindFileNameW
SHDeleteValueW
SHDeleteKeyW
PathIsDirectoryEmptyW
PathIsDirectoryW
PathIsRootW
PathRemoveBlanksW
PathRemoveBackslashW
PathCombineW
PathAppendW
PathCanonicalizeW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathMatchSpecW

comctl32

_TrackMouseEvent

gdi32

DeleteDC
SelectObject
MoveToEx
LineTo
DeleteObject
BitBlt
GetClipBox
SelectClipRgn
RectVisible
GetViewportOrgEx
RestoreDC
SaveDC
CreateRectRgnIndirect
GetObjectW
CreateFontIndirectW
CreateCompatibleDC
SetViewportOrgEx
CreateDIBSection
SetBkMode
SetTextColor
GetBitmapBits
SetBitmapBits
SetBkColor
ExtTextOutW
GetTextExtentExPointW
GetTextExtentPoint32W
GetCurrentObject
GetStockObject
SetDIBColorTable
CombineRgn
CreatePen

msimg32

AlphaBlend

gdiplus

GdipGetImagePalette
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFillRectangle
GdipCreateLineBrushFromRect
GdiplusStartup
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageRectRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipDisposeImage
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawEllipseI
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipFillEllipseI
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrush
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipBitmapUnlockBits

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

psapi

GetProcessImageFileNameW
GetMappedFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

htonl
htons

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpConnect
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpWriteData

Sections

.text
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1607a35b1727d7c12db383854cca52cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

gdi32

msimg32

gdiplus

netapi32

psapi

version

ws2_32

winhttp

Sections

.text Size: 438KB - Virtual size: 437KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 8KB - Virtual size: 86KB

.gfids Size: 1024B - Virtual size: 576B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 91KB - Virtual size: 92KB

.text
Size: 438KB - Virtual size: 437KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 8KB - Virtual size: 86KB

.gfids
Size: 1024B - Virtual size: 576B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 91KB - Virtual size: 92KB