BizQQ2[.]0SP19[.]2798[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BizQQ2.0SP19.2798.exe
Size

34.2MB
MD5

cc79a1a6abd9ee9973ccc5e8c2330c02
SHA1

c018105b081a888afa9a8dda15988d1062cc115f
SHA256

8e9b8aa5430c187eed0862e8cb73fac6676d859d90b66060c30c19b665833398
SHA512

181e9a39a2f059f48c67008f5c518eea97caec80a5b10342405f3ce3482363f556d961b4752a01a6cdb66299306b0711f4bb6537e51f9ae417f0e876526c579d
SSDEEP

786432:2xviMa7etPf125LkXiKGCAKpl9YFFt4Z4pKAdMvkvYI:8viMEol25IXiKGCAKpl2UPkv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BizQQ2.0SP19.2798.exe

Files

BizQQ2.0SP19.2798.exe
.exe windows:4 windows x86 arch:x86

722bffcb0106ee7a077e99b37dbf4b6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\BuildWorkTemp\CRM2.17\HummerPack\2798\AutoProject\HummerSetup.pdb

Imports

msimg32

TransparentBlt

shell32

SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHCreateDirectoryExW
SHBrowseForFolderW

msi

ord32
ord159
ord118
ord8
ord160
ord195
ord92
ord70
ord137
ord141
ord88

advapi32

RegCreateKeyW
RegCloseKey
RegSetValueExW
RegEnumKeyW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

shlwapi

PathFileExistsW
PathStripToRootW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
socket
recv
WSACleanup
inet_addr
htonl
connect
WSAStartup
closesocket
send

imm32

ImmDisableIME

kernel32

SetStdHandle
InterlockedExchange
LoadLibraryA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetCurrentProcessId
GetTickCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
WriteConsoleW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
FlushFileBuffers
HeapSize
SetLastError
TlsFree
FreeEnvironmentStringsW
GetConsoleOutputCP
FormatMessageW
LocalFree
GetLastError
CreateMutexW
GetVersionExW
GetSystemDirectoryW
SetFileAttributesW
DeleteCriticalSection
GetCurrentDirectoryW
CloseHandle
GetFileAttributesW
GetTempPathW
InitializeCriticalSection
FindFirstFileW
VirtualFree
VirtualAlloc
FreeResource
GetDriveTypeW
FindResourceW
LoadResource
CreateDirectoryW
WriteFile
SizeofResource
ReadFile
CreateFileW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
CreateThread
EnterCriticalSection
GetDiskFreeSpaceExW
FindNextFileW
FindClose
GetProcAddress
lstrcmpW
WideCharToMultiByte
LoadLibraryW
GetPrivateProfileIntW
GetPrivateProfileStringW
FreeLibrary
RemoveDirectoryW
DeleteFileW
Sleep
GetCurrentThreadId
WritePrivateProfileStringW
GetWindowsDirectoryW
CopyFileW
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadReadPtr
IsBadWritePtr
lstrcmpiW
WaitForSingleObject
TerminateProcess
CreateProcessW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
MoveFileW
Process32NextW
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapReAlloc
HeapCreate
GetUserDefaultLCID
HeapDestroy
RaiseException
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
CreateFileA
GetLocaleInfoW
InterlockedCompareExchange
LockResource
LocalAlloc

user32

GetFocus
GetCursorPos
IsWindow
CreateWindowExW
GetDlgItemTextW
SetFocus
SetClassLongW
PostQuitMessage
ReleaseDC
GetWindowDC
SetWindowLongW
DrawTextW
OffsetRect
CreateDialogParamW
GetKeyState
GetDlgCtrlID
GetWindowLongW
GetWindowRect
GetClientRect
SetTimer
SetWindowTextW
EnableWindow
GetWindowTextW
ShowWindow
GetDlgItem
SendMessageW
DialogBoxParamW
MessageBoxW
EndDialog
TranslateAcceleratorW
TranslateMessage
GetMessageW
DispatchMessageW
LoadAcceleratorsW
KillTimer
GetParent
InvalidateRect
DestroyIcon
TrackMouseEvent
CallNextHookEx
LoadBitmapW
GetDC
ReleaseCapture
SetWindowRgn
DrawIconEx
GetActiveWindow
GetClassNameW
LoadImageW
GetWindow
MapVirtualKeyW
SetWindowPos
UnhookWindowsHookEx
DestroyWindow
SetWindowsHookExW
SetDlgItemTextW

gdi32

CreateCompatibleBitmap
DeleteDC
SelectObject
GetTextExtentExPointW
DeleteObject
CreateRoundRectRgn
SetBkColor
BitBlt
GetStockObject
CreateFontW
CreateCompatibleDC
SetTextColor
GetObjectW
SetBkMode

ole32

CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
CoUninitialize

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33.9MB - Virtual size: 33.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

722bffcb0106ee7a077e99b37dbf4b6b

Headers

File Characteristics

PDB Paths

Imports

msimg32

shell32

msi

advapi32

shlwapi

version

ws2_32

imm32

kernel32

user32

gdi32

ole32

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 42KB

.rsrc Size: 33.9MB - Virtual size: 33.9MB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 42KB

.rsrc
Size: 33.9MB - Virtual size: 33.9MB