QwordSetup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

QwordSetup.exe
Size

652KB
MD5

fd849b7581a78a10294e2ad800f641e3
SHA1

7f0ad03faacc6f91d8e64130b1c6bdad23851b67
SHA256

97e189dfa9b9b0fbf0c1eaf0f24e40b4c275d056b0e7b5a2033f7326392090f9
SHA512

d3966624b7ed013eaff137567c54c91f178f87fba48bba9b05a0532de8fe4493e9776898e01f88c9a22beb5f64e54b35cc38f1e883e581192075e8458591394b
SSDEEP

12288:ejBtOxOHQjfwFsU5vN5MDJSkQFG3BmkifU8SmVR99Y8/D0:iPO7oGNdp3BmkJg59lo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
QwordSetup.exe

Files

QwordSetup.exe
.exe windows:4 windows x86 arch:x86

2a1348b50ac8ca83b0a0a664309c8716

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetThreadLocale
ReadFile
GetTempPathW
DeleteFileW
RaiseException
FindResourceExW
GetTempFileNameW
FindResourceW
GetModuleFileNameW
CreateDirectoryW
SizeofResource
CreateFileW
LocalFree
LoadResource
FormatMessageW
LockResource
GetVersionExW
lstrlenW
RemoveDirectoryW
SetFilePointerEx
CloseHandle
CreateProcessW
GetStartupInfoW
GetExitCodeProcess
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
SetFilePointer

shlwapi

PathQuoteSpacesW

ole32

CoUninitialize
CoInitializeEx

user32

UnregisterClassA
CharLowerBuffW
MessageBoxW
wvsprintfW

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a1348b50ac8ca83b0a0a664309c8716

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

ole32

user32

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 578KB - Virtual size: 577KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 578KB - Virtual size: 577KB

.reloc
Size: 5KB - Virtual size: 5KB