62493f1f914c0e361972dd332ac99c8eb404d74164cb5d93003af93e7888d81d

Sharing

Copy URL Twitter E-mail

General

Target

62493f1f914c0e361972dd332ac99c8eb404d74164cb5d93003af93e7888d81d
Size

396KB
MD5

db5081183762061fda5e0125dd23195e
SHA1

76ee38719e831dd3b52e309a9d165f9724bbfbb0
SHA256

62493f1f914c0e361972dd332ac99c8eb404d74164cb5d93003af93e7888d81d
SHA512

b6086c49c4efb21ebdcca22570f771b551690248874ad627a2e9e179dd9e65d5f306a4994457e72e2cd2b2a2ccb55e7dd2a53d316357c8f42dc471b38cd82944
SSDEEP

6144:8lnHS+qtadwkd8vzf8ZZaiLUqxCo8ND9loFZe8ZN/ADY10mD46QFCEkUP6r8xlP8:8lnHxxdsT8Z5xaYsrKa/6nOjcPX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62493f1f914c0e361972dd332ac99c8eb404d74164cb5d93003af93e7888d81d

Files

62493f1f914c0e361972dd332ac99c8eb404d74164cb5d93003af93e7888d81d
.exe windows:6 windows x86 arch:x86

87d7080fd9d91ff2e5f03efb45e3cfcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\qci_workspace\root-workspaces\__qci-pipeline-67756-1\build\windows\hw_check\win\Release\xnnexternal.pdb

Imports

xnn

XNNMediaDecoderGetFrameInfo
XNNMediaDecoderCreate
XNNMediaDecoderDestroy
XNNMediaDecoderSetHWDecode

xnn_core

?SetGpuBlockList@xnn@@YAXABV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
XNNSetKeyValueReport
XNNSetKVConfig
XNNSetLogFuncSimple
XNNGetQCIBuildNum
XNNGetQCIBuild
XNNGetQCIJob
?SplitString@xnn@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@@Z
?GetFileExtName@xnn@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?IsSupportD3DInner@XNNDevInfo@xnn@@SA_NPAW4XNNUnsupportedCode_@@_N@Z
XNNIsSupportDecoderHwaccels
?XNNLogImpl@xnn@@YAXPBD0H00HZZ

kernel32

WaitForSingleObjectEx
CreateEventW
OutputDebugStringW
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
ResetEvent
GetStdHandle
CreateFileW
WriteFile
CloseHandle
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
MultiByteToWideChar
SearchPathW
CreateFileA
DuplicateHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
WaitForMultipleObjects
TerminateProcess
OpenThread
SuspendThread
CreateProcessW
GetTickCount
VirtualQuery
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
FindResourceExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileMappingA
WideCharToMultiByte
CreateToolhelp32Snapshot
Thread32First
Thread32Next
Module32First
Module32Next
TlsAlloc
TlsSetValue
TlsFree
GetProcessId
LoadLibraryW
OpenFileMappingA
SetEvent
WaitForSingleObject
InitializeSListHead

user32

RegisterClassA
PostQuitMessage
PostMessageA
DispatchMessageA
CreateWindowExA
GetMessageA
DefWindowProcA
SendMessageTimeoutA
TranslateMessage

advapi32

RegCreateKeyExW
RegDeleteValueW
RegFlushKey
RegOpenKeyExW
RegSetValueExW
RegCloseKey

msvcp140

_Cnd_destroy
_Cnd_init
_Mtx_destroy
_Mtx_init
_Thrd_start
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Cnd_signal
_Cnd_do_broadcast_at_thread_exit
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Cnd_wait
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
_Xtime_get_ticks
_Thrd_sleep
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Thrd_id
?id@?$ctype@D@std@@2V0locale@2@A

shlwapi

PathFileExistsW

dbghelp

MiniDumpWriteDump

vcruntime140

memmove
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
memset
memcpy
__RTDynamicCast
__CxxFrameHandler3
_CxxThrowException
_purecall
__std_terminate
memchr
strchr
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_initterm
_invalid_parameter_noinfo
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_crt_atexit
_register_onexit_function
__pxcptinfoptrs
signal
_initialize_onexit_table
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
terminate
_controlfp_s
exit
_cexit
_invalid_parameter_noinfo_noreturn
_set_app_type

api-ms-win-crt-string-l1-1-0

strpbrk
strnlen
strcpy_s
tolower
wcsncpy
wcsnlen
wcscpy_s
wcscat_s
strncmp

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_callnewh
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atoi
strtoull
strtol

api-ms-win-crt-time-l1-1-0

_time64
asctime
_gmtime64
strftime

api-ms-win-crt-multibyte-l1-1-0

_mbslwr_s
_mbscmp
_mbslwr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vswprintf
_set_fmode
__p__commode
__stdio_common_vfprintf

api-ms-win-crt-math-l1-1-0

_dtest
modf
_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

?AddExtraMem@TXBugReport@@YAHKI@Z
?AddExtraMem@TXBugReport@@YAHPAXI@Z
?AddIgnoreHookCheckModule@TXBugReport@@YAXPBD@Z
?AddReleaseMonitorPoint@TXBugReport@@YAXPAJ@Z
?DoBugReport@TXBugReport@@YAJPAU_EXCEPTION_POINTERS@@PBD@Z
?GetBugReportFlag@TXBugReport@@YAKXZ
?GetBugReportInfo@TXBugReport@@YAPAUtagBugReportInfo@1@XZ
?GetCustomFiltFunc@TXBugReport@@YAP6AHPAU_EXCEPTION_POINTERS@@@ZXZ
?InitBugReport@TXBugReport@@YAXPBD000GGKHHKKP6GHPAUtagBugReportInfo@1@0000PAPAXPAKPAX@Z@Z
?InitBugReportEx@TXBugReport@@YAXPBD000GGKHHKKP6GHPAUtagBugReportInfo@1@0000PAPAXPAKPAX@ZH@Z
?RaiseSelfFatalException@TXBugReport@@YAXW4SelfException@1@@Z
?RecordCallStackIfNeed@TXBugReport@@YAXPAJ@Z
?SetAbnormalThirdModuleFlag@TXBugReport@@YAXXZ
?SetBugReportAccount@TXBugReport@@YAXPB_WH@Z
?SetBugReportFlag@TXBugReport@@YAHK@Z
?SetBugReportPath@TXBugReport@@YAHPBD@Z
?SetBugReportUin@TXBugReport@@YAXKH@Z
?SetCustomFiltFunc@TXBugReport@@YAXP6AHPAU_EXCEPTION_POINTERS@@@Z@Z
?SetDispName@TXBugReport@@YAXPB_W@Z
?SetExtDisplayText@TXBugReport@@YAHPBD@Z
?SetExtInfo@TXBugReport@@YAHKKPBD@Z
?SetExtRptFilePath@TXBugReport@@YAHPBD0@Z
?SetLcid@TXBugReport@@YAXK@Z
?SetLogFileMd5Dir@TXBugReport@@YAHPBD00@Z
?UninitBugReport@TXBugReport@@YAXXZ
?ValidateBugReport@TXBugReport@@YAXXZ
?pfPostBugReport@TXBugReport@@3P6AXXZA
?pfPreBugReport@TXBugReport@@3P6AXXZA

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

87d7080fd9d91ff2e5f03efb45e3cfcc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xnn

xnn_core

kernel32

user32

advapi32

msvcp140

shlwapi

dbghelp

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 3KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 92B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 84KB - Virtual size: 88KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 3KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 84KB - Virtual size: 88KB