f0e0c263984e37f5ad853f006e6c1183fcea52957fe4a13bb7d2885f77c972a4

Sharing

Copy URL Twitter E-mail

General

Target

f0e0c263984e37f5ad853f006e6c1183fcea52957fe4a13bb7d2885f77c972a4
Size

23KB
MD5

c93755efc003633e56d646c583816254
SHA1

8e1ecaf770729bd784f9617600fc37489fe0fa6d
SHA256

f0e0c263984e37f5ad853f006e6c1183fcea52957fe4a13bb7d2885f77c972a4
SHA512

14a231f27d81beacc28c56a84dca97e4c4a380578a680c5d2f163cc22d0845294ab6f18d2523699287a3cf3647b515bd347d97acb65add27108f7eb3a143a5d0
SSDEEP

384:NJwqDxred+YODIcc/HeG5ulECJqqr/23h5oRKN+/XtVzV54aHhrD:ZxidIW/6ECJn+x5oRDVzRH9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0e0c263984e37f5ad853f006e6c1183fcea52957fe4a13bb7d2885f77c972a4

Files

f0e0c263984e37f5ad853f006e6c1183fcea52957fe4a13bb7d2885f77c972a4
.exe windows:6 windows x64 arch:x64

6f56da2efa18f2c3e71587032fa20edf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\projects\vs\qq_info\qinfo\x64\Release\qinfo.pdb

Imports

kernel32

GetModuleFileNameA
WriteProcessMemory
GetFullPathNameW
InitializeCriticalSectionEx
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
GetExitCodeThread
GetLastError
Process32NextW
Process32FirstW
CloseHandle
LoadLibraryW
GetProcAddress
VirtualAllocEx
DeleteCriticalSection
GetModuleHandleW
WideCharToMultiByte
CreateRemoteThread
VirtualFreeEx
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

shlwapi

PathFileExistsW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
strrchr
memset
__std_exception_copy
__std_exception_destroy
memcmp
__C_specific_handler
__current_exception
_CxxThrowException
__current_exception_context
__std_terminate
memcpy

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

terminate
_register_thread_local_exe_atexit_callback
__p___argc
_get_initial_narrow_environment
__p___argv
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit
exit
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f56da2efa18f2c3e71587032fa20edf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

shlwapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 792B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 100B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 792B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 100B