17a76e9d32f0166d3605ccdaa24b0767b1fa2e370491fe2f6da1fc7184acbd0a[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

17a76e9d32f0166d3605ccdaa24b0767b1fa2e370491fe2f6da1fc7184acbd0a.exe
Size

1.9MB
MD5

0cf3c2568143de22bae4e09c8b1aae10
SHA1

57114227d6cd25a07dca8df1824007ad5f651296
SHA256

17a76e9d32f0166d3605ccdaa24b0767b1fa2e370491fe2f6da1fc7184acbd0a
SHA512

b130dc4760c6f5f465ec7da5714c6e619e3ec53bf1bf0787e08adc634054752ce66312e745406971d714b38b7cdf1b1b7553ecae17a1fbfd1a83badf9b0354f1
SSDEEP

24576:gM0t6niOLd3Y+8KdXT4EXpFMErfH0C7CHZNNxW7yiIjFv0+6U0UIDSvSk0bdiZMy:jmGgR1bnSCQ/NpMT/gWmAn6ki5K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17a76e9d32f0166d3605ccdaa24b0767b1fa2e370491fe2f6da1fc7184acbd0a.exe

Files

17a76e9d32f0166d3605ccdaa24b0767b1fa2e370491fe2f6da1fc7184acbd0a.exe
.exe windows:4 windows x86 arch:x86

38dc58776b0f04451f15d6217872be55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\LiboQD\upgrade\LiboReader\Release\LiboReader.pdb

Imports

rpcrt4

UuidToStringW
UuidCreate
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
NdrConformantArrayBufferSize
NdrConformantArrayMarshall
RpcRaiseException
NdrClientInitializeNew
NdrConformantStringBufferSize
NdrFreeBuffer
NdrGetBuffer
NdrConformantStringMarshall
NdrSendReceive
NdrConvert
NdrPointerUnmarshall

ssleay32

ord43
ord96
ord8
ord108
ord78
ord77
ord87
ord58
ord12
ord110
ord48
ord75

libeay32

ord223
ord227

iphlpapi

GetAdaptersInfo

wininet

InternetQueryDataAvailable

mfc71u

ord5727
ord2255
ord5723
ord6033
ord1270
ord347
ord5829
ord2651
ord3590
ord760
ord658
ord6232
ord2083
ord1632
ord1562
ord4232
ord2952
ord3224
ord1785
ord2860
ord2489
ord5742
ord620
ord1545
ord3189
ord1873
ord2155
ord3676
ord3585
ord3198
ord1271
ord3155
ord4094
ord2085
ord3238
ord1946
ord2365
ord1274
ord266
ord4119
ord2225
ord6140
ord3793
ord2364
ord1555
ord4300
ord4438
ord4437
ord4784
ord4198
ord4775
ord4974
ord4166
ord4175
ord4771
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4858
ord4855
ord3968
ord5147
ord3338
ord1352
ord5170
ord4267
ord756
ord416
ord565
ord651
ord4585
ord4466
ord4465
ord3666
ord3561
ord1079
ord1086
ord2366
ord3734
ord4770
ord4857
ord1351
ord732
ord1155
ord5984
ord6087
ord3345
ord544
ord326
ord4929
ord2028
ord5616
ord4854
ord3342
ord6086
ord5982
ord4463
ord4461
ord3677
ord265
ord5633
ord3176
ord5209
ord1416
ord2868
ord1460
ord1386
ord5638
ord709
ord501
ord2239
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5562
ord2832
ord4475
ord3327
ord757
ord5221
ord5382
ord2147
ord956
ord547
ord4025
ord1049
ord1117
ord1121
ord3824
ord593
ord5113
ord334
ord3639
ord3444
ord4699
ord6227
ord4258
ord4560
ord2608
ord2615
ord6234
ord2007
ord5152
ord5588
ord1370
ord5408
ord4251
ord1913
ord4216
ord3034
ord2762
ord4476
ord368
ord616
ord3070
ord2077
ord4226
ord3158
ord587
ord2089
ord1641
ord1585
ord4237
ord2977
ord3318
ord748
ord1959
ord2788
ord2167
ord1299
ord3642
ord3460
ord595
ord4921
ord4962
ord4259
ord751
ord5161
ord5721
ord6077
ord630
ord2012
ord3050
ord5923
ord3071
ord5855
ord4293
ord1430
ord5319
ord2897
ord629
ord384
ord1908
ord2025
ord508
ord2237
ord1904
ord2609
ord5003
ord5006
ord4129
ord2933
ord4898
ord940
ord5352
ord2419
ord2418
ord4013
ord3939
ord5144
ord5201
ord2164
ord1297
ord4271
ord742
ord635
ord532
ord553
ord395
ord2027
ord1388
ord6262
ord1924
ord1475
ord4093
ord2082
ord1561
ord4231
ord3223
ord657
ord1634
ord1572
ord3286
ord715
ord1784
ord4381
ord5159
ord3395
ord3902
ord3661
ord3546
ord5065
ord5066
ord5064
ord4791
ord4611
ord4861
ord4838
ord4184
ord4207
ord5207
ord4714
ord718
ord516
ord4730
ord5867
ord3662
ord3547
ord1318
ord4577
ord1573
ord5208
ord4274
ord1512
ord4266
ord721
ord977
ord3570
ord2086
ord4234
ord741
ord3281
ord3311
ord3995
ord4117
ord5637
ord1393
ord3599
ord3331
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord3174
ord6058
ord5884
ord5636
ord2254
ord1182
ord1178
ord6013
ord502
ord6284
ord3168
ord747
ord3674
ord1957
ord1589
ord3322
ord754
ord2861
ord4945
ord2361
ord2066
ord4109
ord5609
ord4112
ord5873
ord5621
ord1189
ord313
ord3668
ord6106
ord6104
ord6006
ord2067
ord6138
ord6142
ord2791
ord2826
ord3791
ord2044
ord2043
ord2008
ord944
ord1358
ord5700
ord2423
ord1912
ord1927
ord6098
ord6100
ord1937
ord1725
ord4600
ord5357
ord1735
ord1727
ord1581
ord4715
ord4275
ord3310
ord552
ord740
ord3797
ord5799
ord4391
ord4751
ord3885
ord3633
ord3428
ord5701
ord2424
ord3079
ord596
ord1707
ord5914
ord667
ord5322
ord2901
ord6288
ord432
ord655
ord5913
ord1175
ord3671
ord2259
ord6005
ord1921
ord2869
ord1642
ord1586
ord6010
ord4192
ord3923
ord5351
ord3981
ord1903
ord2072
ord2068
ord2030
ord1343
ord4985
ord1336
ord1342
ord5911
ord6265
ord5198
ord4960
ord5157
ord1953
ord3319
ord562
ord386
ord631
ord1431
ord3925
ord2279
ord3424
ord1026
ord1556
ord4347
ord5489
ord3195
ord380
ord531
ord3781
ord1000
ord5441
ord2265
ord1176
ord723
ord3451
ord379
ord745
ord761
ord573
ord557
ord6004
ord5714
ord6002
ord3249
ord5327
ord6293
ord5316
ord6282
ord1542
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord577
ord283
ord1883
ord870
ord2895
ord2893
ord293
ord280
ord1476
ord1605
ord774
ord5862
ord1118
ord3873
ord1479
ord282
ord2926
ord6111
ord6172
ord6166
ord1058
ord1472
ord1457
ord3990
ord2311
ord899
ord776
ord5558
ord2261
ord5524
ord2878
ord4100
ord4320

msvcr71

wcsstr
ceil
_wsetlocale
strncmp
strncpy
isspace
sscanf
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
sprintf
wcsftime
_iob
exit
mbstowcs
_wtoi
_mktime64
qsort
wcsncmp
ftell
fread
fgetpos
fsetpos
wcsncpy
_waccess
memset
fseek
_localtime64
vswprintf
fwrite
fwprintf
fprintf
fflush
fopen
fclose
_purecall
_resetstkoflw
malloc
swscanf
wcscmp
wcslen
wcstombs
wcscpy
_wmkdir
_time64
free
_except_handler3
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
__CxxFrameHandler
_wcsnicmp
_c_exit
_exit
_XcptFilter
_cexit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__security_error_handler
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
_wfopen
_wcsicmp
_stricmp

kernel32

WaitForMultipleObjects
SetFileAttributesW
GetLogicalDrives
HeapAlloc
GetProcessHeap
MultiByteToWideChar
GetProcAddress
LoadLibraryW
FreeLibrary
LocalFree
FormatMessageW
lstrcpynW
SetLastError
lstrlenA
ReadFile
GetFileSize
CreateFileW
GetTimeZoneInformation
InterlockedIncrement
LocalAlloc
Sleep
GetModuleHandleA
GetVersionExA
QueryPerformanceCounter
GetStartupInfoW
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetDriveTypeW
GetTempPathW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
CreateThread
ResumeThread
CloseHandle
CopyFileW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
WideCharToMultiByte
DeleteCriticalSection
InterlockedDecrement
GetTickCount
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
HeapFree
InitializeCriticalSection

user32

GetSysColor
SendMessageW
DrawTextExW
GrayStringW
IntersectRect
GetSystemMetrics
DrawFocusRect
FrameRect
InflateRect
CopyRect
EnableWindow
GetKeyState
DrawStateW
GetParent
IsWindow
LoadBitmapW
GetSubMenu
LoadMenuW
MapWindowPoints
ScreenToClient
SetTimer
KillTimer
GetCursorPos
FillRect
EnableMenuItem
PostMessageW
GetWindowRect
DrawIconEx
RedrawWindow
SetParent
GetFocus
DestroyIcon
PtInRect
UpdateWindow
LoadImageW
CreatePopupMenu
AppendMenuW
SystemParametersInfoW
ModifyMenuW
GetMenu
SetMenu
IsWindowVisible
OpenClipboard
LoadIconW
CloseClipboard
SetClipboardData
EmptyClipboard
ReleaseDC
GetDC
OffsetRect
TabbedTextOutW
ClientToScreen
InvalidateRect
SetCapture
GetDesktopWindow
PostQuitMessage
DefWindowProcW
ReleaseCapture
LoadCursorW
SetCursor
GetClientRect
wsprintfW
GetSysColorBrush
DrawTextW

gdi32

GetBkColor
GetMapMode
GetViewportExtEx
GetWindowExtEx
DPtoLP
LPtoDP
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateBitmap
CreateCompatibleBitmap
CreatePen
EnumFontsW
DeleteDC
EndDoc
StartDocW
EndPage
GetTextColor
Arc
SelectObject
SetDIBColorTable
CreateDIBSection
DeleteObject
MaskBlt
Ellipse
GetDeviceCaps
StartPage
BitBlt
CreateCompatibleDC
SetPixel
GetTextExtentPoint32W
GetTextMetricsW
CreatePatternBrush
SetBrushOrgEx
GetObjectW
CreateFontW
CreateFontIndirectW
StretchBlt
GetStockObject
GetWindowOrgEx

winspool.drv

OpenPrinterW
GetPrinterW
EnumJobsW

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptHashData
CryptCreateHash
CryptDestroyHash
CryptGetHashParam

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
DragAcceptFiles

comctl32

ImageList_AddMasked
ord17
ImageList_GetIcon

shlwapi

PathFindExtensionW

ole32

CoUninitialize
OleRun
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysAllocStringByteLen
VarCmp
GetErrorInfo
SysStringByteLen
SysFreeString
VariantCopy
VariantInit
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysAllocString

msvcp71

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusShutdown
GdipCloneImage
GdipAlloc
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFree
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize

ws2_32

select
socket
send
recv
connect
htons
inet_addr
htonl
bind
WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup
WSAGetLastError
closesocket

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38dc58776b0f04451f15d6217872be55

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

ssleay32

libeay32

iphlpapi

wininet

mfc71u

msvcr71

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp71

gdiplus

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 272KB - Virtual size: 270KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 428KB - Virtual size: 426KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 272KB - Virtual size: 270KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 428KB - Virtual size: 426KB