d:\Hummer\QQ1.60_NetBar\Basic_Hummer3_VOB\Hummer2010\Misc\AUClient\Release\QQUpdateCenter.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d4dfc851997ee32a393cec60f5981fd5.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
d4dfc851997ee32a393cec60f5981fd5.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
d4dfc851997ee32a393cec60f5981fd5
-
Size
704KB
-
MD5
d4dfc851997ee32a393cec60f5981fd5
-
SHA1
9576a6fb03cafef49c638e466ec7e40d7287a00f
-
SHA256
e5f9af80d9bb6db2f257678e39ecfa9d181a3099edadb4311716a0dd36d68ad7
-
SHA512
98d45f6dfdf33e5588ca71a8bd363504850c7b1f2ce36bea1f39c9046205d4afa85b432c55d7ceb58ba5df9acde298663031aa7f92c3045b05c96fc2d480e7a1
-
SSDEEP
6144:7Vy8YQvI2tgooNxcVjAixir8VJrbze/D10S0Mn3hgGSNTB4dbqz9HOUTrc9vCqMc:7wtEtgDNx6fi2Jnze0IxgGSNTmdbJTN
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d4dfc851997ee32a393cec60f5981fd5
Files
-
d4dfc851997ee32a393cec60f5981fd5.exe windows:4 windows x86 arch:x86
007c9528ed804e5b26178444dee41ca3
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
aucommon
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?InitNetwork@Network@Util@@YAHXZ
??0CTXBSTR@@QAE@PB_W@Z
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
??8CTXBSTR@@QBE_NPB_W@Z
??ICTXBSTR@@QAEPAPA_WXZ
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ
??0CTXBSTR@@QAE@XZ
?IsEmpty@CTXBSTR@@QAEHXZ
??1CTXHttpDownloadSink@@UAE@XZ
?CancelDownload@CTXHttpDownload@@QAEXXZ
??0CTXHttpDownloadSink@@IAE@XZ
?Download@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@0H@Z
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
??0CTXHttpDownload@@QAE@XZ
?SetProxyInfo@NetworkEnv@Util@@YAJPAUITXDataRead@@@Z
?GetIEProxySetting@Network@Util@@YAHPAUITXData@@AAE@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??1CTXHttpDownload@@UAE@XZ
??YCTXStringW@@QAEAAV0@PB_W@Z
?GetFileSystemDirectory@FS@@YAHPB_WAAVCTXStringW@@@Z
??0CTXStringW@@QAE@XZ
?SetEventMask@CTXHttpDownload@@QAEXE@Z
?GetTimeOffsetUTC@NLS@@YAJXZ
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@K@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@0@Z
??0CTXStringW@@QAE@PB_W@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@PAEK@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@AAV2@H@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@AAK@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@AAH@Z
?MoveDownloadFile@CTXHttpDownload@@QAEHPB_WH@Z
?CreateDirectoryW@FS@@YAHPB_W@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??1CFmtString@@QAE@XZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?PropertyLong@CFmtString@@QAEHPB_WJ0@Z
??0CFmtString@@QAE@XZ
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
?AddBufLenWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?AddDWord@CTXCommPack@@QAEHKH@Z
?Reset@CTXCommPack@@QAEXXZ
?GetBufferOut@CTXCommPack@@QAEHAAVCTXBuffer@@@Z
?InitDownloadTempDirectory@CTXHttpDownload@@SAXPB_W@Z
?AddByte@CTXCommPack@@QAEHE@Z
?DeleteFileW@FS@@YAHPB_W@Z
?IsFileExist@FS@@YAHPB_W@Z
?CreateFileW@FS@@YAHPB_WKPAPAUITXFile@@@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?Record@Perf@Util@@YAJPB_WHH00@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
??0CTXStringW@@QAE@UtagGBK@@PBDH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
??1CTXStringA@@QAE@XZ
?GetString@CTXStringA@@QBEPBDXZ
??0CTXStringA@@QAE@UtagGBK@@PB_WH@Z
??0CTXStringW@@QAE@UtagEN@@PBDH@Z
?Utf8ToWS@Convert@Util@@YA?AVCTXStringW@@PBDH@Z
?SetUserPrefer@CP2PDownloadParam@@QAEXW4USER_PREFER_TYPE@@@Z
?ClearRequestHeader@CTXHttpDownload@@QAEXXZ
?AbortDownload@CP2PDownload@@QAEXXZ
?SetTargetShareRate@CP2PDownload@@QAEXN@Z
?Download@CP2PDownload@@QAEHPAVCP2PDownloadParam@@@Z
?EnableShareTimeout@CP2PDownload@@QAEXHK@Z
?EnableShareRatePolicy@CP2PDownload@@QAEXH@Z
?SetPartInfo@CP2PDownloadParam@@QAEXEE@Z
?SetApplicationType@CP2PDownloadParam@@QAEXE@Z
?SetP2PStatReport@CP2PDownloadParam@@QAEXAAUP2PStatSvrAddrPara@@I@Z
?SetHttpSpeedLimit@CP2PDownloadParam@@QAEXK@Z
?SetHttpConnectionLimit@CP2PDownloadParam@@QAEXK@Z
?SetDownloadMechanism@CP2PDownloadParam@@QAEXK@Z
?SetLocalFileName@CP2PDownloadParam@@QAEXPBD@Z
?SetTorrentURL@CP2PDownloadParam@@QAEXPBD@Z
?SetFileURL@CP2PDownloadParam@@QAEXPBD@Z
?SetStunServer@CP2PDownloadParam@@QAEHPBDG@Z
?SetPeerServer@CP2PDownloadParam@@QAEHPBDG0G@Z
??BCTXStringA@@QBEPBDXZ
?Init@CP2PDownloadParam@@QAEHXZ
?GetProxyInfo@NetworkEnv@Util@@YAJPAPAUITXDataRead@@@Z
?GetTargetShareRate@CP2PDownload@@QAENXZ
??1CP2PDownloadUIInterface@@UAE@XZ
??1CP2PDownload@@UAE@XZ
??1CP2PDownloadParam@@UAE@XZ
?SetUIInterface@CP2PDownload@@QAEXPAVCP2PDownloadUIInterface@@@Z
?SetP2PFile@CP2PDownload@@QAEXABVCTXStringW@@@Z
??0CP2PDownloadParam@@QAE@XZ
??0CP2PDownload@@QAE@XZ
??0CP2PDownloadUIInterface@@QAE@XZ
?SetUserLCID@TXI18N@@YAXK@Z
?SetConfigFile@TXI18N@@YAHPB_W0@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
??0CTXStringW@@QAE@PB_WH@Z
?GetBuf@CTXCommPack@@QAEHPAPBEHH@Z
??BCTXStringW@@QBEPB_WXZ
??1CTXStringW@@QAE@XZ
ord37
??0CTXCommPack@@QAE@XZ
?SetBufferIn@CTXCommPack@@QAEXPBEIH@Z
?GetWord@CTXCommPack@@QAEHAAGHH@Z
?GetByte@CTXCommPack@@QAEHAAEH@Z
??1CTXCommPack@@UAE@XZ
?GetBuf@CTXCommPack@@QAEHPAEHH@Z
?AddWord@CTXCommPack@@QAEHGH@Z
mfc80u
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord3546
ord3204
ord1118
ord1925
ord3157
ord1271
ord2366
ord1894
ord519
ord4256
ord4714
ord5207
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4730
ord4207
ord5178
ord4184
ord4838
ord4611
ord4791
ord5064
ord5066
ord5065
ord6744
ord718
ord3126
ord516
ord6061
ord4574
ord4861
ord2255
ord5727
ord4312
ord3661
ord3635
ord3158
ord2985
ord4226
ord1536
ord2077
ord587
ord605
ord354
ord3176
ord5199
ord4206
ord1785
ord6063
ord4729
ord5711
ord1079
ord3311
ord4234
ord1582
ord2086
ord741
ord1058
ord745
ord557
ord578
ord5399
ord2462
ord310
ord4314
ord2159
ord1955
ord3390
ord6751
ord6749
ord2362
ord3198
ord3224
ord2952
ord4232
ord2083
ord658
ord3286
ord1572
ord1634
ord715
ord651
ord416
ord2364
ord2422
ord3869
ord1555
ord3189
ord620
ord2155
ord3877
ord5864
ord6115
ord2651
ord6086
ord2861
ord777
ord2652
ord3756
ord4098
ord1403
ord5485
ord1713
ord1178
ord3547
ord721
ord4266
ord1512
ord4274
ord5208
ord1573
ord2027
ord1318
ord5699
ord2161
ord2365
ord977
ord524
ord1386
ord4109
ord4948
ord3662
ord6040
ord4577
ord900
ord6173
ord6167
ord2261
ord4074
ord860
ord2121
ord4078
ord5484
ord2444
ord783
ord281
ord277
ord304
ord300
ord754
ord3322
ord2981
ord2872
ord3793
ord1556
ord1921
ord3674
ord4267
ord2711
ord5162
ord1351
ord3338
ord1610
ord5910
ord6763
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4581
ord4172
ord4165
ord4974
ord4383
ord4775
ord4198
ord4784
ord4437
ord4438
ord3734
ord4908
ord4513
ord4514
ord4914
ord4553
ord5043
ord4433
ord4362
ord4495
ord4840
ord4964
ord4523
ord4474
ord4965
ord4510
ord4667
ord4942
ord4788
ord4281
ord4370
ord4957
ord4790
ord4704
ord4358
ord4799
ord5047
ord4958
ord4643
ord4940
ord4501
ord4955
ord4668
ord4125
ord1293
ord1999
ord4126
ord1553
ord2797
ord2413
ord2414
ord2415
ord2412
ord2411
ord807
ord4123
ord496
ord1220
ord778
ord2151
ord1270
ord2361
ord3223
ord4231
ord1561
ord2082
ord4093
ord1475
ord1924
ord6262
ord1388
ord657
ord3400
ord2254
ord3984
ord602
ord2074
ord326
ord347
ord3983
ord589
ord5638
ord330
ord3395
ord290
ord2648
ord5829
ord4347
ord3471
ord410
ord4371
ord648
ord5202
ord1161
ord3644
ord497
ord1717
ord3155
ord5633
ord709
ord501
ord3296
ord1920
ord5630
ord2827
ord1908
ord618
ord370
ord5999
ord2277
ord3867
ord1135
ord5117
ord334
ord5119
ord593
ord5121
ord6201
ord747
ord559
ord3168
ord5462
ord4038
ord548
ord2321
ord1430
ord629
ord5083
ord384
ord5319
ord6166
ord1647
ord1590
ord5196
ord2856
ord4480
ord3331
ord572
ord426
ord423
ord760
ord663
ord660
ord4060
ord1707
ord5423
ord3016
ord5426
ord1156
ord1646
ord865
ord862
ord6271
ord4057
ord3678
ord1105
ord3508
ord6293
ord261
ord5327
ord1571
ord2340
ord258
ord287
ord6282
ord5316
ord1172
ord3249
ord284
ord1003
ord5434
ord558
ord746
ord896
ord1176
ord6165
ord6171
ord4101
ord1002
ord2260
ord1049
ord762
ord1472
ord4535
ord3677
ord757
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord3824
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord2984
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord566
ord776
ord6111
ord6700
ord282
ord1479
ord265
ord266
ord5524
ord3990
ord283
ord2895
ord2460
ord5398
ord3927
ord5558
ord1476
ord280
ord899
ord870
ord2311
ord774
ord577
ord293
ord764
ord5609
ord1198
msvcr80
__wgetmainargs
_amsg_exit
_snwprintf
_beginthreadex
strncpy
wcsncpy_s
labs
strtoul
wcscpy_s
wcstoul
srand
rand
_swprintf
_cexit
wcsstr
wcstol
wcscpy
_errno
strerror
_wcsnicmp
wcsncmp
wcschr
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
__CxxFrameHandler3
memcmp
_time64
memcpy
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
memmove
memset
_purecall
__wargv
__argc
wcsncpy
free
_wtoi
_wtol
wcslen
malloc
wcscmp
_CxxThrowException
fclose
fread
?_type_info_dtor_internal_method@type_info@@QAEXXZ
ftell
fseek
_wfopen
__RTDynamicCast
memcpy_s
fputws
feof
fgetws
fwrite
_rmtmp
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
strlen
tmpfile
kernel32
GetFileSize
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateFileW
ReadFile
CloseHandle
LoadLibraryW
FreeLibrary
Sleep
lstrcmpiW
OpenProcess
lstrcpynW
TerminateProcess
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStdHandle
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
MoveFileW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcessId
lstrcmpW
GetPrivateProfileIntW
SetThreadPriority
ResetEvent
TerminateThread
WaitForMultipleObjects
CreateEventW
GetProcessHeap
GetLastError
HeapAlloc
CreateDirectoryW
IsBadWritePtr
IsBadReadPtr
SetFileAttributesW
CopyFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcatW
GetShortPathNameW
MoveFileExW
InterlockedIncrement
InterlockedDecrement
FormatMessageW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
GetVersionExW
GetDiskFreeSpaceExW
RaiseException
DeleteCriticalSection
SetFilePointer
DeleteFileW
SetEndOfFile
WriteFile
InitializeCriticalSection
EnterCriticalSection
SetEvent
LeaveCriticalSection
GetProcAddress
SetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetComputerNameW
GetModuleFileNameW
lstrlenW
GetWindowsDirectoryW
GetSystemDirectoryW
OpenMutexW
GetTempPathW
MultiByteToWideChar
WritePrivateProfileStringW
HeapFree
GetModuleHandleW
WideCharToMultiByte
GetVersion
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
LoadLibraryA
user32
DrawStateW
GetSysColor
SetCursor
CopyRect
FillRect
DrawFocusRect
GetDC
ReleaseDC
GetMessagePos
LoadCursorW
ScreenToClient
ShowCursor
DestroyIcon
SendMessageTimeoutW
IsWindow
GetWindow
LoadBitmapW
GetKeyState
GetCursorPos
DispatchMessageW
TranslateMessage
WaitMessage
PeekMessageW
PtInRect
KillTimer
SetTimer
InsertMenuW
EnableMenuItem
AdjustWindowRectEx
SetWindowPos
SetForegroundWindow
IsWindowVisible
GetSystemMenu
SetRect
GetWindowLongW
SetWindowLongW
RedrawWindow
LoadImageW
LoadIconW
OffsetRect
GetParent
GetClientRect
GetWindowRect
EnableWindow
PostMessageW
UnregisterClassW
RegisterWindowMessageW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SendMessageW
wsprintfW
InvalidateRect
gdi32
CreateRoundRectRgn
BitBlt
DeleteObject
GetCurrentObject
GetTextMetricsW
CreateCompatibleDC
GetStockObject
CreateSolidBrush
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegFlushKey
RegSetValueExW
RegCreateKeyExW
shell32
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW
comctl32
ImageList_GetIconSize
_TrackMouseEvent
shlwapi
PathFileExistsW
ole32
CoUninitialize
CoInitialize
oleaut32
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
SysFreeString
atl80
ord30
msvcp80
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Xran@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
netapi32
Netbios
Sections
.text Size: 392KB - Virtual size: 390KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 184KB - Virtual size: 181KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 108KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ