QCC8Hb7fxfyMa9MJF6Dnw0V3Irf3JHWxMJUZl3rqCwM[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

QCC8Hb7fxfyMa9MJF6Dnw0V3Irf3JHWxMJUZl3rqCwM.bin
Size

3.3MB
MD5

ae77043c7be20528e604eb21283ccaad
SHA1

2ec38c04a0cb1ea83d091a681ebf61b021217152
SHA256

4020bc1dbedfc5fc8c6bd30917a0e7c3457722b7f72475b1309519977aea0b03
SHA512

7e24e999cc5a30f1242eaae68be8cba4f4b533d27ce4181b209bc07728885233e7f222b0127372e025bd11cb9b6f3af030278f41db686fe24bd69796a870718a
SSDEEP

49152:QYukzxb7g1wuoraQho6MEpzzKCnX9TLxJOKEe4iuhaN7qZWdGX6+YSQrim:Zh1ahYeSTLxJOK7T9ZqZGm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
QCC8Hb7fxfyMa9MJF6Dnw0V3Irf3JHWxMJUZl3rqCwM.bin

Files

QCC8Hb7fxfyMa9MJF6Dnw0V3Irf3JHWxMJUZl3rqCwM.bin
.exe windows:4 windows x86 arch:x86

e0e494e8e36a02bd4fc488caf4aa698b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
wcscmp
memmove
wcslen
wcscpy
wcscat
strlen
sprintf
malloc
free
_wstat
_wcsdup
strcmp
memcpy
_CIcos
_CIpow
_wfopen
_setjmp3
fclose
longjmp
strncpy
strcpy
_wcsicmp
tolower
floor
toupper
strstr
wcsncpy
_snwprintf
localtime
mktime
_wcsnicmp
_itow
gmtime
fseek
ftell
fread
pow
??3@YAXPAX@Z
wcsstr
_isnan
_close
calloc
_lseeki64
_errno
realloc
_snprintf
abort
_wopen
_setmode
exit
wcschr
_open_osfhandle
_strdup
setlocale
strrchr
strncmp
wctomb
_get_osfhandle
_open
mbstowcs
strchr
__p__iob
fprintf
fwrite
fflush
ferror
getenv
sscanf
strtol
strtoul
strerror
qsort
fopen
fputs
strpbrk
_access
_read
_write
atoi
memchr
fputc
fgets
strspn
strcspn
isupper
_msize
_beginthreadex
_endthreadex
_stati64
time
_ftime
_vsnwprintf
cos
fmod
sin
abs
ceil

kernel32

GetModuleHandleW
HeapCreate
CreateMutexW
GetLastError
HeapDestroy
ExitProcess
SetErrorMode
GetFileAttributesW
SetLastError
GetBinaryTypeW
GetTickCount
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
GetLogicalDrives
GetDriveTypeW
OpenProcess
TerminateProcess
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateThread
GetModuleFileNameW
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
PeekNamedPipe
ReadFile
HeapReAlloc
WriteFile
CreateFileW
GetFileSize
DeleteFileW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
FreeLibrary
MultiByteToWideChar
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemInfo
GlobalMemoryStatusEx
GetVersionExW
SetFilePointer
WideCharToMultiByte
MulDiv
SetCurrentDirectoryW
GetTempPathW
FindFirstFileW
FindClose
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
CopyFileW
GetLocalTime
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
GetFileSizeEx
AreFileApisANSI
CreateFileMappingA
CreateFileMappingW
DeleteFileA
FlushFileBuffers
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesExW
GetFullPathNameA
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetVersionExA
HeapValidate
HeapCompact
LocalFree
LockFile
LockFileEx
MapViewOfFile
SetEndOfFile
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
TryEnterCriticalSection
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

SetWindowsHookExW
GetDesktopWindow
GetDC
ReleaseDC
GetForegroundWindow
GetWindowTextW
GetLastInputInfo
SendMessageW
FindWindowW
GetWindowTextLengthW
GetAsyncKeyState
GetKeyState
CallNextHookEx
GetWindow
SetActiveWindow
DestroyWindow
DestroyIcon
LoadIconW
LoadCursorW
GetPropW
RegisterClassW
AdjustWindowRectEx
CreateWindowExW
SetPropW
ShowWindow
UnregisterClassW
CreateAcceleratorTableW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DefFrameProcW
DefWindowProcW
GetParent
SetFocus
GetFocus
RemovePropW
DestroyAcceleratorTable
SetRect
GetWindowLongW
EnumChildWindows
PostMessageW
GetWindowRect
GetSystemMetrics
SetWindowPos
IsWindowEnabled
IsWindowVisible
GetWindowThreadProcessId
GetClassNameW
IsChild
SystemParametersInfoW
CallWindowProcW
SetWindowLongW
RegisterWindowMessageW
EnumDisplaySettingsW
FillRect
CharLowerW
GetIconInfo
DrawIconEx

gdi32

BitBlt
DeleteObject
GetDeviceCaps
GetStockObject
CreateFontIndirectW
CreateDCW
DeleteDC
GetObjectType
GetObjectW
CreateCompatibleDC
SelectObject
CreateSolidBrush
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
CreateBitmap
SetPixel
GetDIBits
GetTextExtentPoint32W
SetBkMode
SetTextAlign
SetBkColor
SetTextColor
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetTextMetricsW
CreateCompatibleBitmap
GetPixel

advapi32

RegCreateKeyW
RegSetValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

ole32

RevokeDragDrop
CoTaskMemFree

shell32

ShellExecuteW
ord680
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

ws2_32

closesocket
WSACleanup
WSAStartup
gethostname
send
sendto
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recvfrom
recv
WSAGetLastError
ntohs
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
WSAIoctl
getaddrinfo
freeaddrinfo
htonl
listen
accept
ntohl

crypt32

CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertGetNameStringA

winmm

timeBeginPeriod

psapi

GetProcessMemoryInfo

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

comctl32

InitCommonControlsEx

Sections

.code
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e0e494e8e36a02bd4fc488caf4aa698b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

ws2_32

crypt32

winmm

psapi

gdiplus

comctl32

Sections

.code Size: 67KB - Virtual size: 66KB

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 1.7MB - Virtual size: 1.7MB

.code
Size: 67KB - Virtual size: 66KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 1.7MB - Virtual size: 1.7MB