a3f4922e860cdf6223840c77fa5ac90e

Sharing

Copy URL Twitter E-mail

General

Target

a3f4922e860cdf6223840c77fa5ac90e
Size

672KB
MD5

a3f4922e860cdf6223840c77fa5ac90e
SHA1

216c8f12e64c3e3a81efd4a495979c26fadd3fc5
SHA256

059608de97873264e26276785996c280d423dc86d303443966fad8d6794a4ec0
SHA512

4f4214b83b4370c3d7def1eebb2fd8fa54edf2fd1fc64aeb776d76a62b739be40575dcfc071726b4b1a5036bed1d67300d38480dcea089aad35c94ab6d8fbd13
SSDEEP

12288:i+3IQslToaKWSRQyZo75kY2lZemDxq3WTU+rjhHXwjVHVH:i5oaKWSRQyo7uzzTXv5oVHVH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3f4922e860cdf6223840c77fa5ac90e

Files

a3f4922e860cdf6223840c77fa5ac90e
.exe windows:4 windows x86 arch:x86

2905d945b48792360ff5c8425471937a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\QQLive_dailyBuild\src\symbol\QQLive.pdb

Imports

chatskin

?SetSkin@CSkinBase@@QAEJPB_W0@Z
?GetOwnerRenderMsg@CSkinBase@@SAIXZ
?TransparentBlt2@@YAXPAUHDC__@@HHHH0HHHHI@Z
?GetSkinColor@@YAKPB_WH@Z
?SetSkinVar@@YAHPB_W0@Z
?SetSkinColorScheme@@YAXHH@Z
?GetDrawMsg@CSkinBase@@SAIXZ
?GetSkinColorScheme@@YAXAAH0@Z
?RenderRichText@@YAHPB_WPAUHDC__@@ABUtagRECT@@HPAUHWND__@@PAUHFONT__@@H@Z
?LoadSkinFromFile@@YAHPB_W00@Z
?HookColorSchemeChange@@YAHPAUHWND__@@H@Z
?GetColorSchemeChangeMsg@CSkinBase@@SAIXZ
?CreateSkinControl@@YAPAUHWND__@@PB_WPAU1@H@Z
?GetLockSizeMsg@CSkinBase@@SAIXZ
?GetSkinFont@@YAPAUHFONT__@@PB_W@Z
?SetWndSkin@@YAHPB_WPAUHWND__@@H@Z
?GetPicEx@@YAHPB_WAAPAUHBITMAP__@@AAUtagPOINT@@AAUtagSIZE@@H@Z

chatutlt

?GetKeyValue@@YAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0AAV12@@Z
?GetExeFolder@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?NavigateURL@@YAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?FormUrlEncode@@YAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetUserAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?KillOtherQQLivePlayerApp@@YAHPB_W@Z
?RegistLocalInfo@@YAHXZ
?GetModuleFolder@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUHINSTANCE__@@@Z
?MinimizeMemory@@YAXXZ
?IsWinXPOrLater@@YAHXZ
?SaveBitmapToFile@@YAHPAUHBITMAP__@@PB_W1@Z

chatproxy

?CreateSocks5ProxyUDPSocket@CProxyTool@@QAEHAAI0AAUsockaddr_in@@PB_WG222GAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetUserProxySetting@CProxyTool@@QAEHAAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAG11@Z
?MakeUdpProxySendBuf@CProxyTool@@QAEHPAEH0AAHKG@Z
?CreateProxyTCPSocket@CProxyTool@@QAEHAAIPB_WGAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1CProxyTool@@UAE@XZ
??0CProxyTool@@QAE@XZ

chatlog

?CheckDirectoryExist@@YAHPB_W@Z
?GetUserAppDataPath2@@YAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetUserGuid@@YAXPADAAH@Z
?StrToAddr@@YAHAAUsockaddr_in@@PB_WF@Z
?CreateAllDirectory@@YAHPB_W@Z
?DOLOG@@YAXPB_WZZ
?CheckFileExist@@YAHPB_W@Z
?ReportThirdPart@@YAXPB_W@Z

exceptcatch

?SetExceptionCatcher@@YAXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z

xmlparser

?OutOfElem@CMarkup@@QAE_NXZ
?GetTagName@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetAttrib@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@Z
?SetDoc@CMarkup@@QAE_NPB_W@Z
?IntoElem@CMarkup@@QAE_NXZ
?FindElem@CMarkup@@QAE_NPB_W@Z
??0CMarkup@@QAE@XZ
??1CMarkup@@UAE@XZ
?GetData@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ

mfc80u

ord3198
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord776
ord4256
ord1182
ord5199
ord1178
ord1392
ord5908
ord3435
ord6720
ord762
ord354
ord1542
ord605
ord5105
ord1661
ord5283
ord1662
ord2011
ord4884
ord1908
ord4729
ord3635
ord2797
ord4206
ord1434
ord5178
ord4574
ord3990
ord265
ord1707
ord1472
ord1021
ord421
ord655
ord380
ord5489
ord2697
ord2696
ord3195
ord266
ord2369
ord1883
ord2651
ord5829
ord3483
ord2361
ord1274
ord502
ord1271
ord3281
ord3155
ord4109
ord6140
ord5637
ord4098
ord2364
ord3869
ord1079
ord2860
ord3873
ord6751
ord5862
ord6700
ord282
ord4232
ord4026
ord1479
ord2121
ord5869
ord6749
ord5803
ord2155
ord2656
ord1785
ord5727
ord3157
ord6063
ord4314
ord2648
ord3590
ord2366
ord6279
ord2261
ord5609
ord6232
ord5558
ord1866
ord1772
ord1784
ord5965
ord777
ord4100
ord2260
ord2444
ord578
ord304
ord1416
ord3417
ord3756
ord2362
ord5867
ord1220
ord314
ord1067
ord5524
ord2460
ord5398
ord2788
ord620
ord3189
ord4882
ord3395
ord4117
ord2081
ord3995
ord347
ord602
ord1270
ord642
ord5633
ord6116
ord3296
ord3208
ord4230
ord1549
ord1628
ord1058
ord5226
ord4562
ord4535
ord3942
ord3677
ord5222
ord5220
ord2925
ord1911
ord3826
ord566
ord5378
ord757
ord6215
ord1123
ord5096
ord1007
ord3800
ord1139
ord5579
ord2009
ord1121
ord2054
ord4320
ord6274
ord3795
ord1096
ord6272
ord3824
ord4008
ord1049
ord2239
ord4032
ord334
ord593
ord5113
ord3327
ord4475
ord2832
ord5562
ord5971
ord5209
ord317
ord584
ord5320
ord587
ord651
ord384
ord629
ord5083
ord3311
ord4743
ord1386
ord741
ord386
ord631
ord2271
ord2279
ord3925
ord2749
ord3176
ord2365
ord6277
ord3752
ord2086
ord1582
ord4234
ord4112
ord778
ord3983
ord6278
ord6276
ord290
ord567
ord758
ord6033
ord2254
ord3223
ord4231
ord1561
ord1475
ord1924
ord3400
ord6262
ord1388
ord4093
ord2082
ord657
ord4101
ord3396
ord3224
ord2867
ord2876
ord326
ord5636
ord2083
ord2952
ord658
ord563
ord753
ord6251
ord3645
ord2225
ord1006
ord1921
ord1555
ord330
ord589
ord591
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord3424
ord3165
ord1571
ord1959
ord3249
ord2340
ord6282
ord1086
ord1172
ord5316
ord3497
ord6293
ord1946
ord5327
ord4094
ord2085
ord3238
ord564
ord755
ord6003
ord370
ord618
ord6219
ord2070
ord5319
ord287
ord1430
ord6284
ord2893
ord1535
ord1481
ord322
ord586
ord5360
ord4807
ord5660
ord4283
ord4242
ord3154
ord922
ord1427
ord5358
ord5645
ord4739
ord4160
ord1485
ord5361
ord5661
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4581
ord4172
ord3471
ord4165
ord4974
ord4383
ord410
ord4775
ord648
ord4198
ord4784
ord4437
ord4438
ord3734
ord3644
ord4908
ord4513
ord4514
ord4914
ord4553
ord5043
ord4433
ord4281
ord4362
ord4495
ord4840
ord4964
ord2560
ord4523
ord4474
ord4965
ord4358
ord4510
ord4667
ord4267
ord4194
ord2711
ord4942
ord1553
ord4788
ord4123
ord5162
ord4370
ord4292
ord1351
ord4371
ord3338
ord4957
ord2414
ord4790
ord4704
ord4799
ord2413
ord5047
ord4958
ord4643
ord2415
ord4940
ord4501
ord4955
ord2412
ord4668
ord4125
ord1293
ord2411
ord1999
ord4126
ord5202
ord5147
ord1610
ord5910
ord6763
ord3968
ord4854
ord1087
ord1162
ord1200
ord581
ord909
ord4238
ord1646
ord1590
ord3331
ord5196
ord2531
ord2725
ord1536
ord2829
ord6721
ord4301
ord5911
ord2708
ord1611
ord2856
ord1156
ord283
ord1608
ord2534
ord3204
ord2077
ord3940
ord2640
ord1393
ord2527
ord4226
ord2985
ord5148
ord3712
ord1899
ord3713
ord5067
ord3703
ord1925
ord577
ord4179
ord2638
ord5210
ord3943
ord4480
ord293
ord4255
ord745
ord2311
ord557
ord760
ord1176
ord572
ord3397
ord4716
ord3158
ord4276
ord1118
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord280
ord929
ord6271
ord5711
ord2255
ord927
ord931
ord2384
ord1894
ord6002
ord896
ord2404
ord5638
ord2388
ord774
ord1719
ord2394
ord899
ord2392
ord2390
ord2407
ord900
ord2402
ord2386
ord709
ord2409
ord501
ord4074
ord2397
ord2379
ord2381
ord4347
ord2399
ord2169
ord2163
ord6086
ord1513
ord3678
ord6273
ord3796
ord4119
ord6275
ord6061
ord764
ord315
ord765
ord1198
ord416

msvcr80

_invalid_parameter_noinfo
wcsncmp
??0exception@std@@QAE@XZ
memmove_s
wcsncpy_s
memcpy_s
malloc
_resetstkoflw
_purecall
calloc
_recalloc
realloc
free
memset
_ultoa
_CxxThrowException
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_wtoi
??1exception@std@@UAE@XZ
wcstoul
towlower
_time64
fopen_s
fwrite
_beginthreadex
fclose
wcscat_s
wcscpy_s
srand
rand
__RTDynamicCast
swprintf_s
vswprintf_s
wcstol
isdigit
_wcsicmp
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
__dllonexit
_unlock
?terminate@@YAXXZ
memcpy

kernel32

lstrlenA
EnterCriticalSection
FindResourceW
InterlockedDecrement
LoadResource
InterlockedIncrement
GetLastError
SizeofResource
GetModuleHandleW
GlobalUnlock
LoadLibraryExW
GetVersion
FreeLibrary
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
DeleteCriticalSection
RaiseException
InitializeCriticalSection
lstrcmpiW
GetModuleFileNameW
GetFileAttributesW
lstrlenW
LeaveCriticalSection
GetPrivateProfileIntW
SetLastError
DeleteFileW
GlobalLock
GetTickCount
LockResource
CopyFileW
WideCharToMultiByte
GetPrivateProfileStringW
TerminateThread
ResetEvent
CreateEventW
CloseHandle
SetEvent
WaitForSingleObject
SetFileAttributesW
Sleep
CreateMutexW
GlobalAddAtomW
LoadLibraryW
GlobalAlloc
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapFree
GetProcessHeap
GetStartupInfoW
GetProcAddress
CreateProcessW
SetUnhandledExceptionFilter

user32

MoveWindow
SendMessageTimeoutW
GetDesktopWindow
GetKeyState
DrawIcon
RegisterHotKey
LoadIconW
GetWindow
SetWindowRgn
CopyRect
GetSysColor
ShowWindow
RemovePropW
CheckMenuItem
UnregisterClassA
IsWindowVisible
LoadCursorW
SetCursor
GetClientRect
InvalidateRect
GetCursorPos
GetWindowRect
EnableWindow
PtInRect
GetSystemMenu
UnregisterHotKey
AppendMenuW
SetForegroundWindow
ShowOwnedPopups
IsZoomed
IsIconic
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetClipboardData
OffsetRect
SystemParametersInfoW
GetTopWindow
GetClassNameW
EnableMenuItem
SetFocus
GetMenuItemInfoW
GetCapture
ClipCursor
SetCapture
ReleaseCapture
RedrawWindow
KillTimer
SetTimer
SetWindowLongW
InflateRect
GetWindowLongW
IsWindow
GetSystemMetrics
PostMessageW
CharNextW
SetPropW
CreatePopupMenu
SendMessageW
DestroyIcon
IsMenu
LoadImageW
ScreenToClient
DrawIconEx
IsCharAlphaW
GetParent
GetPropW
GetForegroundWindow
GetFocus
ReleaseDC
GetDC
MessageBoxW
DispatchMessageW
TranslateMessage
RegisterWindowMessageW
GetMessageW
SetParent
FlashWindow

gdi32

GetDeviceCaps
StretchBlt
CreateRoundRectRgn
OffsetRgn
CombineRgn
CreateRectRgn
BitBlt
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontIndirectW
GetObjectW
CreateFontW
CreateSolidBrush
DeleteObject
SelectObject
CreateCompatibleDC
Rectangle
Ellipse

advapi32

RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW

shell32

ShellExecuteW
Shell_NotifyIconW

comctl32

_TrackMouseEvent
InitCommonControlsEx

ole32

CoRevokeClassObject
StringFromCLSID
CoCreateInstance
CoRegisterClassObject
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoLoadLibrary
CoTaskMemFree
StringFromGUID2

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetVartype
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SysAllocStringByteLen
VariantChangeType
VariantCopy
UnRegisterTypeLi
RegisterTypeLi
VarBstrCmp
VariantInit
DispCallFunc
VarUI4FromStr
VariantClear
SafeArrayDestroy
SysAllocStringLen
SysFreeString
SysStringLen
LoadTypeLi
SysAllocString
LoadRegTypeLi
GetErrorInfo

urlmon

URLDownloadToCacheFileW

gdiplus

GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipDrawImageRectI
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdipCreateFromHDC

msvcp80

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

wininet

InternetCrackUrlW

ws2_32

gethostbyname
WSAStartup
WSACleanup
sendto
send
inet_ntoa
connect
closesocket
WSAGetLastError
socket
ntohs
setsockopt
htons
htonl

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2905d945b48792360ff5c8425471937a

Headers

File Characteristics

PDB Paths

Imports

chatskin

chatutlt

chatproxy

chatlog

exceptcatch

xmlparser

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

gdiplus

msvcp80

wininet

ws2_32

Sections

.text Size: 408KB - Virtual size: 406KB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 80KB - Virtual size: 78KB

.text
Size: 408KB - Virtual size: 406KB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 80KB - Virtual size: 78KB