1b85a0e09d64a5e82060d8d0c4283bfc37279cf8590b21a5d289eb7176015c3e

Sharing

Copy URL Twitter E-mail

General

Target

1b85a0e09d64a5e82060d8d0c4283bfc37279cf8590b21a5d289eb7176015c3e
Size

1.2MB
MD5

3a2c5a3e6b333c9c4b1b652457b2c7ed
SHA1

fce4d5fe6805e77d460cd8cec4ea9bb5e2ae3f32
SHA256

1b85a0e09d64a5e82060d8d0c4283bfc37279cf8590b21a5d289eb7176015c3e
SHA512

7e867eba832bd25e08bb49cd3a2ece4418863d25a28a101f88f974a952152aad09fa7d12b45134da7a04f046e34def417a9939bd55c52ffd9d8f9d73e999dc34
SSDEEP

24576:dnbpS1t3QlEXNbHn6B0TZLp1H3+zUYJadcvyUPFXrhGrLumVA2HMG4:dnlO3QlE9VT+zUYJadOyUPpwJVAH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b85a0e09d64a5e82060d8d0c4283bfc37279cf8590b21a5d289eb7176015c3e

Files

1b85a0e09d64a5e82060d8d0c4283bfc37279cf8590b21a5d289eb7176015c3e
.exe windows:6 windows x86 arch:x86

50072f4486e00ba0078edd1cc8f34712

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-10775469-1\app\Windows\output\bin\Release\wwmapp.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
SetDllDirectoryW
LoadLibraryA
LocalFree
LoadLibraryExW
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameW
SetEvent
SetLastError
OutputDebugStringA
SetCurrentDirectoryW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetCurrentProcessId
VirtualProtect
GetCurrentThreadId
GetCurrentThread
TerminateProcess
GetCurrentProcess
OutputDebugStringW
IsDebuggerPresent
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
EncodePointer
LCMapStringEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
HeapSetInformation
SetProcessDEPPolicy
VirtualQueryEx
VirtualAllocEx
CreateIoCompletionPort
CreateThread
GetQueuedCompletionStatus
UnregisterWait
HeapAlloc
TerminateJobObject
PostQueuedCompletionStatus
WaitForSingleObject
DuplicateHandle
SetInformationJobObject
GetUserDefaultLangID
GetUserDefaultLCID
GetUserDefaultLocaleName
EnumSystemLocalesEx
GetTickCount
GetVersionExW
GetProductInfo
GetNativeSystemInfo
IsWow64Process
ProcessIdToSessionId
TryAcquireSRWLockExclusive
UnregisterWaitEx
Sleep
GetThreadId
GetFileType
SetHandleInformation
AssignProcessToJobObject
WriteProcessMemory
GetLongPathNameW
VirtualFree
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
ExpandEnvironmentStringsW
QueryDosDeviceW
VirtualProtectEx
VirtualFreeEx
ReadProcessMemory
GetModuleHandleExW
GetCurrentDirectoryW
GetLocalTime
WriteFile
CreateNamedPipeW
CreateJobObjectW
QueryInformationJobObject
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateMutexW
ReadFile
TlsGetValue
VirtualAlloc
lstrlenW
DebugBreak
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
FindClose
FindNextFileW
FindFirstFileExW
TlsAlloc
TlsFree
TlsSetValue
RtlCaptureStackBackTrace
CreateRemoteThread
SetEnvironmentVariableW
GetSystemInfo
VirtualQuery
GetLogicalProcessorInformation
RtlUnwind
ExitProcess
GetStdHandle
GetACP
GetConsoleCP
GetConsoleMode
SetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
SetEnvironmentVariableA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetCommandLineW
SetThreadAffinityMask
GetFileAttributesW
SwitchToThread
RegisterWaitForSingleObject

user32

CreateDesktopW
CreateWindowStationW
GetProcessWindowStation
GetUserObjectInformationW
CloseWindowStation
CloseDesktop
GetThreadDesktop
wsprintfW
PostThreadMessageW
MessageBoxW
GetDesktopWindow
CallNextHookEx
SetProcessWindowStation
SetWindowsHookExW

ole32

CoCreateInstance
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoInitialize
CoTaskMemFree

oleaut32

SysAllocStringByteLen
VarBstrCmp
SysStringByteLen
SysFreeString
SysAllocString

advapi32

RevertToSelf
SetTokenInformation
OpenProcessToken
GetSecurityDescriptorSacl
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
DuplicateTokenEx
MapGenericMask
AccessCheck
SystemFunction036
FreeSid
ImpersonateLoggedOnUser
RegDisablePredefinedCache
GetNamedSecurityInfoW
IsValidSid
InitializeSid
GetSidSubAuthority
GetLengthSid
CreateWellKnownSid
ConvertStringSidToSidW
ConvertSidToStringSidW
EqualSid
CreateProcessAsUserW
SetThreadToken
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
CreateRestrictedToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityInfo
SetSecurityInfo
BuildTrusteeWithSidW
SetEntriesInAclW
InitializeAcl
AddMandatoryAce
GetSecurityDescriptorDacl
DuplicateToken
GetTokenInformation

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW
wvnsprintfW
PathFindFileNameW

dbghelp

SymSetSearchPathW
SymGetSearchPathW
SymInitialize
SymCleanup
SymSetOptions
SymFromAddr
SymGetLineFromAddr64

ws2_32

WSADuplicateSocketW
WSAGetLastError
closesocket
WSASocketW
WSASetLastError

winmm

timeGetTime

Exports

Exports

GetHandleVerifier
GetMainTargetServices
IsSandboxedProcess

Sections

.text
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

50072f4486e00ba0078edd1cc8f34712

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wintrust

crypt32

kernel32

user32

ole32

oleaut32

advapi32

shlwapi

dbghelp

ws2_32

winmm

Exports

Exports

Sections

.text Size: 717KB - Virtual size: 716KB

.rdata Size: 197KB - Virtual size: 196KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 155KB - Virtual size: 154KB

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 717KB - Virtual size: 716KB

.rdata
Size: 197KB - Virtual size: 196KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 155KB - Virtual size: 154KB

.reloc
Size: 100KB - Virtual size: 100KB