bff75dc1f9f37ed45e172dd5b8aa7194

Sharing

Copy URL Twitter E-mail

General

Target

bff75dc1f9f37ed45e172dd5b8aa7194
Size

8.8MB
MD5

bff75dc1f9f37ed45e172dd5b8aa7194
SHA1

70c4f22dc2b8fb44d6e714c265d3b1e593209d4f
SHA256

309206a37ace2662e6f13afb362025585e57f4edfb859d4bc8975d425eb278db
SHA512

a2e683b3a45e5b50cebf278ec61c386d894991dba9bfae8d2d4465efd2b8b17a12479133d8ac32c978eaa3eccf1d9fee757d8bb18799127cfbe3496996acdc23
SSDEEP

196608:T6r/Lywf9YfAK2whKtJqvbaOrYjg7lY+uzNPfZVDbZj+eqsxAaOrygQRxv:GLbaGwhKufnXulN6kuWDRl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bff75dc1f9f37ed45e172dd5b8aa7194

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

bff75dc1f9f37ed45e172dd5b8aa7194
.exe windows:4 windows x86 arch:x86

2ed29530ed248e0a4b0120bfc3a9f86f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Windows\qzdm\UnZip.pdb

Imports

kernel32

GlobalFlags
GetCPInfo
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
InterlockedIncrement
GetACP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
InterlockedDecrement
GetModuleFileNameW
WritePrivateProfileStringA
FreeResource
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetProcAddress
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
LoadLibraryA
SetLastError
MoveFileA
GetVersionExA
LoadResource
SizeofResource
FindResourceA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetSystemDefaultLangID
GetTickCount
GetNativeSystemInfo
CreateDirectoryA
LockResource
GlobalLock
GlobalAlloc
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
lstrlenA
DeleteFileA
Sleep
GetFileAttributesA
GetModuleFileNameA
GetLastError
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
CloseHandle
OutputDebugStringA
WaitForSingleObject
GetStdHandle
CreateProcessA

user32

RegisterClipboardFormatA
PostThreadMessageA
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
GetTopWindow
InvalidateRgn
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
EnableWindow
GetClientRect
GetSystemMetrics
SendMessageA
IsIconic
LoadIconA
MessageBoxA
CharUpperA
GetMenu

gdi32

DeleteDC
GetWindowExtEx
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
ExtSelectClipRgn
GetMapMode
GetViewportExtEx
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetRgnBox
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
OpenSCManagerA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
StartServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoFreeUnusedLibraries
CoTaskMemFree
CoRegisterMessageFilter
OleInitialize
CoRevokeClassObject
CoTaskMemAlloc
OleIsCurrentClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
SysStringLen

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ed29530ed248e0a4b0120bfc3a9f86f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 208KB - Virtual size: 205KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 8.5MB - Virtual size: 8.5MB

.text
Size: 208KB - Virtual size: 205KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 8.5MB - Virtual size: 8.5MB