e4653ce1da1a5ffe081b45b615621b56a202196edce2363f3491f9d579ca501d

Sharing

Copy URL

Twitter E-mail

General

Target

e4653ce1da1a5ffe081b45b615621b56a202196edce2363f3491f9d579ca501d
Size

1.2MB
MD5

d6496cd632908373cb264c3758d6dae4
SHA1

882a449e6fb2d4dcd4ad77ea56a4c477951aae29
SHA256

e4653ce1da1a5ffe081b45b615621b56a202196edce2363f3491f9d579ca501d
SHA512

6d26961ead900dfd6a88f0da16ecaa30247596637445f407b9e70a0699e81e527e42ff32b0294395ba1edd6bb3e5c81f43d61dafbdaffc5ff0be0e7c6aa464fd
SSDEEP

24576:mnbpS1t3QlEXNbHn6B0TZLp1H3+zUYJadfvyUPFXrhGrLumVAGiNd3r4:mnlO3QlE9VT+zUYJadHyUPpwJVAGGBs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4653ce1da1a5ffe081b45b615621b56a202196edce2363f3491f9d579ca501d

Files

e4653ce1da1a5ffe081b45b615621b56a202196edce2363f3491f9d579ca501d
.exe windows:6 windows x86 arch:x86

50072f4486e00ba0078edd1cc8f34712

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-10775469-1\app\Windows\output\bin\Release\wwmapp.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
SetDllDirectoryW
LoadLibraryA
LocalFree
LoadLibraryExW
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameW
SetEvent
SetLastError
OutputDebugStringA
SetCurrentDirectoryW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetCurrentProcessId
VirtualProtect
GetCurrentThreadId
GetCurrentThread
TerminateProcess
GetCurrentProcess
OutputDebugStringW
IsDebuggerPresent
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
EncodePointer
LCMapStringEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
HeapSetInformation
SetProcessDEPPolicy
VirtualQueryEx
VirtualAllocEx
CreateIoCompletionPort
CreateThread
GetQueuedCompletionStatus
UnregisterWait
HeapAlloc
TerminateJobObject
PostQueuedCompletionStatus
WaitForSingleObject
DuplicateHandle
SetInformationJobObject
GetUserDefaultLangID
GetUserDefaultLCID
GetUserDefaultLocaleName
EnumSystemLocalesEx
GetTickCount
GetVersionExW
GetProductInfo
GetNativeSystemInfo
IsWow64Process
ProcessIdToSessionId
TryAcquireSRWLockExclusive
UnregisterWaitEx
Sleep
GetThreadId
GetFileType
SetHandleInformation
AssignProcessToJobObject
WriteProcessMemory
GetLongPathNameW
VirtualFree
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
ExpandEnvironmentStringsW
QueryDosDeviceW
VirtualProtectEx
VirtualFreeEx
ReadProcessMemory
GetModuleHandleExW
GetCurrentDirectoryW
GetLocalTime
WriteFile
CreateNamedPipeW
CreateJobObjectW
QueryInformationJobObject
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateMutexW
ReadFile
TlsGetValue
VirtualAlloc
lstrlenW
DebugBreak
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
FindClose
FindNextFileW
FindFirstFileExW
TlsAlloc
TlsFree
TlsSetValue
RtlCaptureStackBackTrace
CreateRemoteThread
SetEnvironmentVariableW
GetSystemInfo
VirtualQuery
GetLogicalProcessorInformation
RtlUnwind
ExitProcess
GetStdHandle
GetACP
GetConsoleCP
GetConsoleMode
SetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
SetEnvironmentVariableA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetCommandLineW
SetThreadAffinityMask
GetFileAttributesW
SwitchToThread
RegisterWaitForSingleObject

user32

CreateDesktopW
CreateWindowStationW
GetProcessWindowStation
GetUserObjectInformationW
CloseWindowStation
CloseDesktop
GetThreadDesktop
wsprintfW
PostThreadMessageW
MessageBoxW
GetDesktopWindow
CallNextHookEx
SetProcessWindowStation
SetWindowsHookExW

ole32

CoCreateInstance
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoInitialize
CoTaskMemFree

oleaut32

SysAllocStringByteLen
VarBstrCmp
SysStringByteLen
SysFreeString
SysAllocString

advapi32

RevertToSelf
SetTokenInformation
OpenProcessToken
GetSecurityDescriptorSacl
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
DuplicateTokenEx
MapGenericMask
AccessCheck
SystemFunction036
FreeSid
ImpersonateLoggedOnUser
RegDisablePredefinedCache
GetNamedSecurityInfoW
IsValidSid
InitializeSid
GetSidSubAuthority
GetLengthSid
CreateWellKnownSid
ConvertStringSidToSidW
ConvertSidToStringSidW
EqualSid
CreateProcessAsUserW
SetThreadToken
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
CreateRestrictedToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityInfo
SetSecurityInfo
BuildTrusteeWithSidW
SetEntriesInAclW
InitializeAcl
AddMandatoryAce
GetSecurityDescriptorDacl
DuplicateToken
GetTokenInformation

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW
wvnsprintfW
PathFindFileNameW

dbghelp

SymSetSearchPathW
SymGetSearchPathW
SymInitialize
SymCleanup
SymSetOptions
SymFromAddr
SymGetLineFromAddr64

ws2_32

WSADuplicateSocketW
WSAGetLastError
closesocket
WSASocketW
WSASetLastError

winmm

timeGetTime

Exports

Exports

GetHandleVerifier
GetMainTargetServices
IsSandboxedProcess

Sections

.text
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

50072f4486e00ba0078edd1cc8f34712

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wintrust

crypt32

kernel32

user32

ole32

oleaut32

advapi32

shlwapi

dbghelp

ws2_32

winmm

Exports

Exports

Sections

.text Size: 717KB - Virtual size: 716KB

.rdata Size: 197KB - Virtual size: 196KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 155KB - Virtual size: 154KB

.reloc Size: 104KB - Virtual size: 104KB

.text
Size: 717KB - Virtual size: 716KB

.rdata
Size: 197KB - Virtual size: 196KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 155KB - Virtual size: 154KB

.reloc
Size: 104KB - Virtual size: 104KB