ad8577c94bd1fabbb11698dd91532b60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ad8577c94bd1fabbb11698dd91532b60.exe
Size

1.7MB
MD5

ad8577c94bd1fabbb11698dd91532b60
SHA1

6d796a9522e90791a5569a7f7840bdc41217d333
SHA256

494c62aa05e07ff9d6d74d9541dfedfecba5ff0b35d2f9ea034dddd54f3ab87d
SHA512

3f716c97ff34e5763e927f21e0c356e2c8690bc3ed9cee8b094748a8023d4a2dae93ff508003535b11748154333cab09351567152d162e410b2f061a74f569e7
SSDEEP

12288:rB2u6M5oU1Vh5vVclGIMmA5VxqG1wuPASUDvpg6iuLmt42bL7ZYjk2Daa8EHCL2D:t2KLUDvpg6AtlbniXHhHwp7Dp/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad8577c94bd1fabbb11698dd91532b60.exe

Files

ad8577c94bd1fabbb11698dd91532b60.exe
.exe windows:6 windows x64 arch:x64

130a97be8a53b81b53c761882e88e6f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

qt5core

?staticMetaObject@QObject@@2UQMetaObject@@B
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z
?staticMetaObject@QThread@@2UQMetaObject@@B
??0QMutexLocker@@QEAA@PEAVQBasicMutex@@@Z
??1QMutexLocker@@QEAA@XZ
??8@YA_NAEBVQString@@0@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QRunnable@@QEAA@XZ
??1QRunnable@@UEAA@XZ
??0QFutureInterfaceBase@@QEAA@W4State@0@@Z
??0QFutureInterfaceBase@@QEAA@AEBV0@@Z
??1QFutureInterfaceBase@@UEAA@XZ
?reportStarted@QFutureInterfaceBase@@QEAAXXZ
?reportFinished@QFutureInterfaceBase@@QEAAXXZ
?reportException@QFutureInterfaceBase@@QEAAXAEBVQException@@@Z
?setRunnable@QFutureInterfaceBase@@QEAAXPEAVQRunnable@@@Z
?setThreadPool@QFutureInterfaceBase@@QEAAXPEAVQThreadPool@@@Z
?isCanceled@QFutureInterfaceBase@@QEBA_NXZ
?waitForFinished@QFutureInterfaceBase@@QEAAXXZ
?globalInstance@QThreadPool@@SAPEAV1@XZ
?start@QThreadPool@@QEAAXPEAVQRunnable@@H@Z
??_7QUnhandledException@@6B@
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?shared_null@QListData@@2UData@1@B
??1QWaitCondition@@QEAA@XZ
??0QWaitCondition@@QEAA@XZ
?msleep@QThread@@SAXK@Z
??1QMutex@@QEAA@XZ
??0QMutex@@QEAA@W4RecursionMode@0@@Z
?separator@QDir@@SA?AVQChar@@XZ
?exists@QDir@@QEBA_NXZ
?mkpath@QDir@@QEBA_NAEBVQString@@@Z
?toNativeSeparators@QDir@@SA?AVQString@@AEBV2@@Z
??1QDir@@QEAA@XZ
??0QDir@@QEAA@AEBVQString@@@Z
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z
?arg@QString@@QEBA?AV1@VQChar@@H0@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??0QChar@@QEAA@UQLatin1Char@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?quit@QCoreApplication@@SAXXZ
?instance@QCoreApplication@@SAPEAV1@XZ
?keys@QJsonObject@@QEBA?AVQStringList@@XZ
?toVariantMap@QJsonObject@@QEBA?AV?$QMap@VQString@@VQVariant@@@@XZ
??1QJsonObject@@QEAA@XZ
?object@QJsonDocument@@QEBA?AVQJsonObject@@XZ
?fromJson@QJsonDocument@@SA?AV1@AEBVQByteArray@@PEAUQJsonParseError@@@Z
??1QJsonDocument@@QEAA@XZ
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??6QDebug@@QEAAAEAV0@PEBD@Z
??1QDebug@@QEAA@XZ
?toString@QVariant@@QEBA?AVQString@@XZ
?type@QVariant@@QEBA?AW4Type@1@XZ
??0QVariant@@QEAA@_N@Z
??0QVariant@@QEAA@AEBV0@@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z
?setParent@QMapNodeBase@@QEAAXPEAU1@@Z
?setColor@QMapNodeBase@@QEAAXW4Color@1@@Z
?color@QMapNodeBase@@QEBA?AW4Color@1@XZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
??1QObject@@UEAA@XZ
??0QObject@@QEAA@PEAV0@@Z
?end@QListData@@QEBAPEAPEAXXZ
?begin@QListData@@QEBAPEAPEAXXZ
?at@QListData@@QEBAPEAPEAXH@Z
?isEmpty@QListData@@QEBA_NXZ
?size@QListData@@QEBAHXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?dispose@QListData@@QEAAXXZ
?detach@QListData@@QEAAPEAUData@1@H@Z
??0QString@@QEAA@PEBD@Z
??M@YA_NAEBVQString@@0@Z
?number@QString@@SA?AV1@HH@Z
?toInt@QString@@QEBAHPEA_NH@Z
?toUtf8@QString@@QEBA?AVQByteArray@@XZ
?split@QString@@QEBA?AVQStringList@@AEBV1@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
?contains@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
??1QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
?length@QByteArray@@QEBAHXZ
?constData@QByteArray@@QEBAPEBDXZ
?data@QByteArray@@QEAAPEADXZ
??1QByteArray@@QEAA@XZ
??1Connection@QMetaObject@@QEAA@XZ
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
??1QUnhandledException@@UEAA@XZ
??0QMessageLogger@@QEAA@PEBDH0@Z

qt5widgets

?exec@QApplication@@SAHXZ
??1QApplication@@UEAA@XZ
??0QApplication@@QEAA@AEAHPEAPEADH@Z

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
LocalFree
GetCommandLineW
GetSystemTimeAsFileTime
WinExec
DecodePointer
EncodePointer
WideCharToMultiByte

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0id@locale@std@@QEAA@_K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z

msvcr120

_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
__setusermatherr
_lock
memmove
??0exception@std@@QEAA@XZ
_purecall
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
malloc
free
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_initterm_e
__crt_debugger_hook
_acmdln
_fmode
_commode
_unlock
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
_initterm
??_V@YAXPEAX@Z

commonlib

?ReleseGlobalLogInstance@@YAXXZ
?GetGlobalLogInstance@@YAPEAVBaseLog@@XZ

fcommonlib

?sigRecveMsg@CommunicatorClient@@QEAAXVQString@@@Z
?sigServerClosed@CommunicatorClient@@QEAAXXZ
?Release@TAccountModel@@SAXXZ
?FInitLog@@YAXAEBVQString@@@Z
?Release@OneApplication@@QEAAXXZ
?IsOneApp@OneApplication@@QEAA_NXZ
??1OneApplication@@QEAA@XZ
??0OneApplication@@QEAA@VQString@@@Z
?FGetFilmoraDirectory@@YA?AVQString@@XZ
?staticMetaObject@CommunicatorClient@@2UQMetaObject@@B
?qt_metacast@CommunicatorClient@@UEAAPEAXPEBD@Z
?qt_metacall@CommunicatorClient@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@CommunicatorClient@@UEBAPEBUQMetaObject@@XZ
?SetAppValue@FConfig@@QEAAXAEBVQString@@0AEBVQVariant@@_N@Z
?Instance@FConfig@@SAAEAV1@XZ
?GetAccountInfo@TAccountModel@@QEBAAEBUAccountInfo@@XZ
?GetInstance@TAccountModel@@SAPEAV1@XZ
?SendMsg@CommunicatorClient@@QEAAXVQString@@VQStringList@@_N@Z
?StopReConnectToServer@CommunicatorClient@@QEAAXXZ
?ConnectToServer@CommunicatorClient@@QEAAXVQString@@@Z
??1CommunicatorClient@@UEAA@XZ
??0CommunicatorClient@@QEAA@PEAVQObject@@@Z

watracker

TrackWAData
SetTrackerLink
DestroyAnalyticsTracker
CreateAnalyticsTracker

shell32

CommandLineToArgvW

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

130a97be8a53b81b53c761882e88e6f2

Headers

DLL Characteristics

File Characteristics

Imports

qt5core

qt5widgets

kernel32

msvcp120

msvcr120

commonlib

fcommonlib

watracker

shell32

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 423KB - Virtual size: 422KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 423KB - Virtual size: 422KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB