407a7ef36d5180c39f4557ffd35d044b9337ce1cc018f6ccbd1a036ea2d221f9

Sharing

Copy URL Twitter E-mail

General

Target

407a7ef36d5180c39f4557ffd35d044b9337ce1cc018f6ccbd1a036ea2d221f9
Size

1.0MB
MD5

6e17fce865d8114b526b677d52c03564
SHA1

e81c3ea44978c36e694c86c0a94f44ff7e63183f
SHA256

407a7ef36d5180c39f4557ffd35d044b9337ce1cc018f6ccbd1a036ea2d221f9
SHA512

e1243109c0efb553ed3c7a3d2db0f027f50af945d4e26cf615d7f6ebb8ee868c51ceee42f0d5d99816b05b358f3f16c75cde27905ea0f7e3fcd5e72435f60909
SSDEEP

24576:UzkQHyYJFedQerU5R2LoHw5jU53qXShIJkbjBxumVEysF2N:UzhFedQNQ5bX9wDVEysu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
407a7ef36d5180c39f4557ffd35d044b9337ce1cc018f6ccbd1a036ea2d221f9

Files

407a7ef36d5180c39f4557ffd35d044b9337ce1cc018f6ccbd1a036ea2d221f9
.exe windows:6 windows x86 arch:x86

fc100ecd0e2bab5da69e6bd29ceabd9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-1148322-1\app\Windows\output\bin\Release\wwmapp.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
OutputDebugStringA
GetFileSize
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
VirtualProtect
GetCurrentThread
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
FreeLibrary
SetDllDirectoryW
LoadLibraryW
LoadLibraryA
GetCurrentProcessId
LocalFree
LoadLibraryExW
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
EncodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
GetModuleHandleA
HeapSetInformation
SetProcessDEPPolicy
VirtualQueryEx
VirtualAllocEx
CreateIoCompletionPort
CreateThread
GetQueuedCompletionStatus
UnregisterWait
GetLastError
TerminateJobObject
PostQueuedCompletionStatus
WaitForSingleObject
DuplicateHandle
SetInformationJobObject
GetUserDefaultLangID
GetUserDefaultLCID
GetUserDefaultLocaleName
EnumSystemLocalesEx
GetTickCount
GetVersionExW
GetProductInfo
GetNativeSystemInfo
IsWow64Process
ProcessIdToSessionId
TryAcquireSRWLockExclusive
UnregisterWaitEx
Sleep
GetThreadId
GetFileType
SetHandleInformation
AssignProcessToJobObject
WriteProcessMemory
GetFileAttributesW
VirtualFree
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
ExpandEnvironmentStringsW
QueryDosDeviceW
VirtualProtectEx
VirtualFreeEx
ReadProcessMemory
GetModuleHandleExW
GetCurrentDirectoryW
GetLocalTime
WriteFile
CreateNamedPipeW
CreateJobObjectW
QueryInformationJobObject
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateMutexW
ReadFile
TlsGetValue
VirtualAlloc
lstrlenW
DebugBreak
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
FindClose
FindNextFileW
FindFirstFileExW
TlsAlloc
TlsFree
TlsSetValue
RtlCaptureStackBackTrace
CreateRemoteThread
GetSystemInfo
VirtualQuery
GetLogicalProcessorInformation
RtlUnwind
ExitProcess
GetStdHandle
GetACP
GetConsoleCP
GetConsoleMode
SetStdHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
RaiseException
DecodePointer
OutputDebugStringW
SetCurrentDirectoryW
GetCommandLineW
SetThreadAffinityMask
GetLongPathNameW
SwitchToThread
RegisterWaitForSingleObject

user32

CreateDesktopW
CreateWindowStationW
GetProcessWindowStation
GetUserObjectInformationW
CloseWindowStation
CloseDesktop
GetThreadDesktop
SetWindowsHookExW
CallNextHookEx
wsprintfW
PostThreadMessageW
GetDesktopWindow
SetProcessWindowStation
MessageBoxW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemFree

oleaut32

SysAllocStringByteLen
VarBstrCmp
SysStringByteLen
SysAllocString
SysFreeString

advapi32

RevertToSelf
SetTokenInformation
OpenProcessToken
GetSecurityDescriptorSacl
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
DuplicateTokenEx
MapGenericMask
AccessCheck
SystemFunction036
FreeSid
ImpersonateLoggedOnUser
RegDisablePredefinedCache
GetNamedSecurityInfoW
IsValidSid
InitializeSid
GetSidSubAuthority
GetLengthSid
CreateWellKnownSid
ConvertStringSidToSidW
ConvertSidToStringSidW
EqualSid
CreateProcessAsUserW
SetThreadToken
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
CreateRestrictedToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityInfo
SetSecurityInfo
BuildTrusteeWithSidW
SetEntriesInAclW
InitializeAcl
AddMandatoryAce
GetSecurityDescriptorDacl
DuplicateToken
GetTokenInformation

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
wvnsprintfW

dbghelp

SymSetSearchPathW
SymGetSearchPathW
SymInitialize
SymCleanup
SymSetOptions
SymFromAddr
SymGetLineFromAddr64

ws2_32

WSADuplicateSocketW
WSAGetLastError
closesocket
WSASocketW
WSASetLastError

winmm

timeGetTime

Exports

Exports

GetHandleVerifier
GetMainTargetServices
IsSandboxedProcess

Sections

.text
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc100ecd0e2bab5da69e6bd29ceabd9f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wintrust

crypt32

kernel32

user32

ole32

oleaut32

advapi32

shlwapi

dbghelp

ws2_32

winmm

Exports

Exports

Sections

.text Size: 600KB - Virtual size: 600KB

.rdata Size: 182KB - Virtual size: 181KB

.data Size: 9KB - Virtual size: 22KB

.rsrc Size: 155KB - Virtual size: 154KB

.reloc Size: 99KB - Virtual size: 100KB

.text
Size: 600KB - Virtual size: 600KB

.rdata
Size: 182KB - Virtual size: 181KB

.data
Size: 9KB - Virtual size: 22KB

.rsrc
Size: 155KB - Virtual size: 154KB

.reloc
Size: 99KB - Virtual size: 100KB