67b3986597d1f9417fe6f92a33e3ad17d350c9094335f96bb1243ca3ceafa10b

Sharing

Copy URL Twitter E-mail

General

Target

67b3986597d1f9417fe6f92a33e3ad17d350c9094335f96bb1243ca3ceafa10b
Size

665KB
MD5

ac7052297e2780d00391a36c115f2ea4
SHA1

da84b1fd32005d944048abd89c5feb3464b75907
SHA256

67b3986597d1f9417fe6f92a33e3ad17d350c9094335f96bb1243ca3ceafa10b
SHA512

3d90373783bac3962a293a1bffb470f833105cb60db5fee89e3acfb166325e67a41761bdee377845587a1e4795affd0f40e8b5277bea6d84bb872fdf0b171a93
SSDEEP

12288:tsg7E8RDwJpN3GrYjUiBrn2tapACZM9haCGpeP:2g7EJH3GrrKpCCZQGpeP

Score

1^/10

Malware Config

Signatures

Files

67b3986597d1f9417fe6f92a33e3ad17d350c9094335f96bb1243ca3ceafa10b
.dll windows:4 windows x64 arch:x64

a262d5c5d6e63e7b491ecce32b7f2a68

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:e9:57:9a:ab:76:3e:72:07:99:89:c6:89:d2:b4:2d
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

18/09/2017, 00:00

Not After

24/11/2020, 23:59

Subject

CN=The Qt Company Oy,O=The Qt Company Oy,L=Oulu,ST=Oulu,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ec:7c:58:41:51:2f:02:45:6c:9f:5d:32:bd:12:de:eb:9e:5e:ed:f1
Signer

Actual PE Digest

ec:7c:58:41:51:2f:02:45:6c:9f:5d:32:bd:12:de:eb:9e:5e:ed:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__iob_func
__setusermatherr
_amsg_exit
_errno
_exit
_initterm
_lock
_snwprintf
_unlock
_vsnprintf
abort
bsearch
calloc
fprintf
free
fwprintf
fwrite
log10
malloc
memcmp
memcpy
memmove
memset
qsort
raise
realloc
signal
strcmp
strlen
strncmp
vfprintf
wcscpy

user32

MessageBoxW

libstdc++-6

_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZdlPv
_ZdlPvy
_Znwy
__cxa_guard_acquire
__cxa_guard_release

qt5core

_Z7qstrcmpRK10QByteArrayPKc
_ZN10QArrayData10deallocateEPS_yy
_ZN10QArrayData11shared_nullE
_ZN10QByteArray11fromRawDataEPKci
_ZN11QTextStreamlsERK7QString
_ZN11QTextStreamlsEc
_ZN11QTextStreamlsEi
_ZN15QtSharedPointer20ExternalRefCountData9getAndRefEPK7QObject
_ZN6QDebugD1Ev
_ZN7QObject10childEventEP11QChildEvent
_ZN7QObject10timerEventEP11QTimerEvent
_ZN7QObject11customEventEP6QEvent
_ZN7QObject11eventFilterEPS_P6QEvent
_ZN7QObject13connectNotifyERK11QMetaMethod
_ZN7QObject16disconnectNotifyERK11QMetaMethod
_ZN7QObject5eventEP6QEvent
_ZN7QString15fromUtf8_helperEPKci
_ZN8QVariantC1ERK5QSize
_ZN8QVariantC1Ei
_ZN9QIODevice4peekEx
_ZN9QIODevice5writeEPKcx
_ZN9QIODevice7readAllEv
_ZNK10QByteArray10startsWithEPKc
_ZNK10QByteArray8endsWithEPKc
_ZNK11QObjectData17dynamicMetaObjectEv
_ZNK14QMessageLogger7warningEPKcz
_ZNK14QMessageLogger7warningEv
_ZNK8QVariant5toIntEPb
_ZNK9QIODevice10isReadableEv
_ZNK9QIODevice10isWritableEv
_ZNK9QIODevice6isOpenEv
_Zls6QDebugRK5QSize

qt5gui

_ZN11QColorSpace14fromIccProfileERK10QByteArray
_ZN11QColorSpaceC1Ev
_ZN11QColorSpaceD1Ev
_ZN14QImageIOPlugin11qt_metacallEN11QMetaObject4CallEiPPv
_ZN14QImageIOPlugin11qt_metacastEPKc
_ZN14QImageIOPlugin16staticMetaObjectE
_ZN14QImageIOPluginC2EP7QObject
_ZN14QImageIOPluginD2Ev
_ZN15QImageIOHandler11jumpToImageEi
_ZN15QImageIOHandler15jumpToNextImageEv
_ZN15QImageIOHandler9setDeviceEP9QIODevice
_ZN15QImageIOHandler9setFormatERK10QByteArray
_ZN15QImageIOHandler9setOptionENS_11ImageOptionERK8QVariant
_ZN15QImageIOHandlerC2Ev
_ZN15QImageIOHandlerD2Ev
_ZN6QColor8fromRgbaEj
_ZN6QColorC1EN2Qt11GlobalColorE
_ZN6QImage13setColorSpaceERK11QColorSpace
_ZN6QImage4bitsEv
_ZN6QImage4fillEN2Qt11GlobalColorE
_ZN6QImageC1ERKS_
_ZN6QImageC1EiiNS_6FormatE
_ZN6QImageD1Ev
_ZN6QImageaSERKS_
_ZN8QPainter18setCompositionModeENS_15CompositionModeE
_ZN8QPainter8fillRectERK5QRectRK6QColor
_ZN8QPainter9drawImageERK6QRectFRK6QImageS2_6QFlagsIN2Qt19ImageConversionFlagEE
_ZN8QPainterC1EP12QPaintDevice
_ZN8QPainterD1Ev
_ZNK11QColorSpace10iccProfileEv
_ZNK11QColorSpace7isValidEv
_ZNK15QImageIOHandler6deviceEv
_ZNK15QImageIOHandler9setFormatERK10QByteArray
_ZNK6QColorcv8QVariantEv
_ZNK6QImage10colorSpaceEv
_ZNK6QImage11sizeInBytesEv
_ZNK6QImage12bytesPerLineEv
_ZNK6QImage15hasAlphaChannelEv
_ZNK6QImage22convertToFormat_helperENS_6FormatE6QFlagsIN2Qt19ImageConversionFlagEE
_ZNK6QImage4sizeEv
_ZNK6QImage5widthEv
_ZNK6QImage6formatEv
_ZNK6QImage6heightEv
_ZNK6QImage6isNullEv

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/16
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a262d5c5d6e63e7b491ecce32b7f2a68

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:e9:57:9a:ab:76:3e:72:07:99:89:c6:89:d2:b4:2dCertificate

Extended Key Usages

Key Usages

ec:7c:58:41:51:2f:02:45:6c:9f:5d:32:bd:12:de:eb:9e:5e:ed:f1Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

libstdc++-6

qt5core

qt5gui

Exports

Exports

Sections

.text Size: 409KB - Virtual size: 408KB

.data Size: 512B - Virtual size: 448B

.rdata Size: 81KB - Virtual size: 81KB

/4 Size: 512B - Virtual size: 128B

.pdata Size: 12KB - Virtual size: 12KB

.xdata Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 10KB

.edata Size: 512B - Virtual size: 114B

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 1024B - Virtual size: 560B

/16 Size: 512B - Virtual size: 20B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:e9:57:9a:ab:76:3e:72:07:99:89:c6:89:d2:b4:2d
Certificate

ec:7c:58:41:51:2f:02:45:6c:9f:5d:32:bd:12:de:eb:9e:5e:ed:f1
Signer

.text
Size: 409KB - Virtual size: 408KB

.data
Size: 512B - Virtual size: 448B

.rdata
Size: 81KB - Virtual size: 81KB

/4
Size: 512B - Virtual size: 128B

.pdata
Size: 12KB - Virtual size: 12KB

.xdata
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 114B

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 1024B - Virtual size: 560B

/16
Size: 512B - Virtual size: 20B