22749a3e0e4e94a7a1a83e58b3854fc6d875e469c89964f2ef3b51ca3cb5f363

Sharing

Copy URL Twitter E-mail

General

Target

22749a3e0e4e94a7a1a83e58b3854fc6d875e469c89964f2ef3b51ca3cb5f363
Size

1.7MB
MD5

2333379e809fa3fde8b2abc580df6a36
SHA1

613ed24d56c488a84453cdd6728ec307b86ef4dc
SHA256

22749a3e0e4e94a7a1a83e58b3854fc6d875e469c89964f2ef3b51ca3cb5f363
SHA512

fe7232e4de1327952e7a50990213d4e360ce95ee509024bc6b0035a957124892cdcc56b255913f6838a2c63359a92c9a2f35225881dc1c3fdf4d6f8648a0347b
SSDEEP

24576:dwFIcDkQIasqI1A67d8T+p0fks2GwVI+/TjrzwT9vyrnqzQZmIh:dDcDkqIl58zgGwVIST/zwdykA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22749a3e0e4e94a7a1a83e58b3854fc6d875e469c89964f2ef3b51ca3cb5f363

Files

22749a3e0e4e94a7a1a83e58b3854fc6d875e469c89964f2ef3b51ca3cb5f363
.exe windows:5 windows x86 arch:x86

24651f8132d27dafafaac44dea778469

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\Development\Projects\2017FZQ\C\2017FZQ\NewCopyFZQClient\Release\NewCopyFZQClient.pdb

Imports

hid

HidD_GetHidGuid
HidD_GetAttributes
HidD_GetPreparsedData
HidD_FlushQueue
HidP_GetCaps

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

kernel32

GetModuleFileNameW
GetModuleHandleW
GetTempPathW
GetTempFileNameW
CreateFileW
CopyFileW
CompareStringW
FreeLibrary
GlobalSize
LoadLibraryW
DecodePointer
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
CreateMutexW
LoadLibraryExW
SetThreadLocale
SetThreadUILanguage
OpenProcess
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateThread
SetEvent
Sleep
CreateEventW
CreateProcessW
GetDiskFreeSpaceExW
GetFullPathNameW
SetFileAttributesW
CopyFileExW
GetFileSize
ReadFile
SetFilePointer
OutputDebugStringW
ResetEvent
GetOverlappedResult
GetLogicalDrives
DeviceIoControl
PurgeComm
GetLogicalDriveStringsW
GetDriveTypeW
CancelIo
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetLocalTime
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
GetFileAttributesExW
VirtualQuery
VirtualProtect
GetSystemInfo
InterlockedFlushSList
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
FormatMessageW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
WriteFile
GetProcAddress
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
FindNextFileW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
CloseHandle
FindClose
InitializeCriticalSection
DeleteCriticalSection
SetLastError
GetCurrentThreadId
GetVersionExW
FindResourceExW
FindResourceW
lstrlenW
SizeofResource
LoadResource
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
FreeResource
InterlockedExchange
SetEnvironmentVariableW
OutputDebugStringA
SetStdHandle
FlushFileBuffers
SetFilePointerEx
lstrcmpiW
WriteConsoleW
FindNextFileA

user32

LoadImageW
DestroyIcon
LoadIconW
GetWindow
GetClassNameW
OffsetRect
SetRectEmpty
DrawFocusRect
GetSysColor
MapWindowPoints
InvalidateRgn
ReleaseDC
GetDC
SetForegroundWindow
UpdateWindow
GetSystemMetrics
IsDialogMessageW
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetActiveWindow
CharNextW
GetDlgItem
EndDialog
DialogBoxParamW
SystemParametersInfoW
MonitorFromWindow
GetMonitorInfoW
IsClipboardFormatAvailable
SetParent
UnhookWindowsHookEx
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
RegisterClassW
SendMessageW
DefWindowProcW
CallWindowProcW
GetClassInfoW
FindWindowW
PostThreadMessageW
MsgWaitForMultipleObjects
IsWindowVisible
ClientToScreen
LoadStringW
CharUpperW
DrawIconEx
CreateDialogParamW
IsIconic
EndDeferWindowPos
RegisterDeviceNotificationW
UnregisterDeviceNotification
KillTimer
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetDlgCtrlID
SetFocus
EnableWindow
IsWindowEnabled
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetClientRect
SetCursor
FillRect
SetRect
GetWindowLongW
SetWindowLongW
GetParent
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
PostMessageW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
BeginDeferWindowPos
GetNextDlgTabItem
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetFocus
GetKeyState
CreateCaret
HideCaret
ShowCaret
SetCaretPos
SendNotifyMessageW
MoveWindow
SetScrollPos
GetScrollPos
SetScrollInfo
GetScrollInfo
GetCursorPos
ScreenToClient
PtInRect
GetWindowRect
wsprintfW
TrackMouseEvent
PostQuitMessage
SetWindowPos
DeferWindowPos

gdi32

StretchBlt
SetTextColor
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
GetObjectW
SetViewportOrgEx
SetStretchBltMode
CreateFontIndirectW
Rectangle
GetTextExtentPoint32W
SelectClipRgn
SetBkMode
LineTo
MoveToEx
CreateRectRgn
TextOutW
Polygon
CombineRgn
CreatePatternBrush
GetStockObject
SetBkColor
SetRectRgn
ExtTextOutW
DeleteObject
SelectObject
GetTextMetricsW
RoundRect
DeleteDC
CreateSolidBrush
CreatePen
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
BitBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW

shell32

DragQueryFileW
ShellExecuteW
DragFinish
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
PathStripToRootW
PathFindExtensionW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipAlloc
GdipSetClipPath
GdipDrawImageRectRect
GdipDrawImageRectI
GdipFillRectangleI
GdipCreateFromHDC
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipCreateTexture
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipClosePathFigure

ws2_32

WSASocketW
WSACleanup
closesocket
WSAGetLastError
gethostbyname
WSAStartup
WSAWaitForMultipleEvents
gethostbyaddr
shutdown
setsockopt
send
select
recv
inet_ntoa
inet_addr
htons
getsockopt
ioctlsocket
connect
__WSAFDIsSet

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

LZ4_compress
LZ4_compressBound
LZ4_compress_continue
LZ4_compress_default
LZ4_compress_destSize
LZ4_compress_fast
LZ4_compress_fast_continue
LZ4_compress_fast_extState
LZ4_compress_limitedOutput
LZ4_compress_limitedOutput_continue
LZ4_compress_limitedOutput_withState
LZ4_compress_withState
LZ4_create
LZ4_createStream
LZ4_createStreamDecode
LZ4_decoderRingBufferSize
LZ4_decompress_fast
LZ4_decompress_fast_continue
LZ4_decompress_fast_usingDict
LZ4_decompress_fast_withPrefix64k
LZ4_decompress_safe
LZ4_decompress_safe_continue
LZ4_decompress_safe_partial
LZ4_decompress_safe_usingDict
LZ4_decompress_safe_withPrefix64k
LZ4_freeStream
LZ4_freeStreamDecode
LZ4_initStream
LZ4_loadDict
LZ4_resetStream
LZ4_resetStreamState
LZ4_resetStream_fast
LZ4_saveDict
LZ4_setStreamDecode
LZ4_sizeofState
LZ4_sizeofStreamState
LZ4_slideInputBuffer
LZ4_uncompress
LZ4_uncompress_unknownOutputSize
LZ4_versionNumber
LZ4_versionString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24651f8132d27dafafaac44dea778469

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hid

setupapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

ws2_32

version

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 19KB - Virtual size: 25KB

.rsrc Size: 418KB - Virtual size: 417KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 19KB - Virtual size: 25KB

.rsrc
Size: 418KB - Virtual size: 417KB

.reloc
Size: 48KB - Virtual size: 47KB