ed6e7946be4c16cb885c9fe9088378400f3da9fff564d2b681bdbf80f2e6d43f

Sharing

Copy URL

Twitter E-mail

General

Target

ed6e7946be4c16cb885c9fe9088378400f3da9fff564d2b681bdbf80f2e6d43f
Size

468KB
MD5

1ca1627e27f77001f0360b17a76b520d
SHA1

97bddf8169a87cefdc30422b9ceb99b0d237175c
SHA256

ed6e7946be4c16cb885c9fe9088378400f3da9fff564d2b681bdbf80f2e6d43f
SHA512

474d3bdd879278ded31cb847a0485812b27490ff5d96ae534c20cfafa363cbfc7555292cc8a1d88ea6607f913b7977906dcc15836c070782eee244f3184cac78
SSDEEP

6144:l5x0R+HCEPo7B/QZ087TUFN/BjIuZ/ebmC0xPkOYOxqxnMKR0Zz:B0cHpg7B/Qb7TUFAqPP+OM/i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed6e7946be4c16cb885c9fe9088378400f3da9fff564d2b681bdbf80f2e6d43f

Files

ed6e7946be4c16cb885c9fe9088378400f3da9fff564d2b681bdbf80f2e6d43f
.exe windows:4 windows x86 arch:x86

e3422b6b6618247a1625a300febdf589

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\svn\rtd\release\QLink.pdb

Imports

kernel32

ReleaseMutex
OpenMutexA
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
FormatMessageA
LocalFree
ResetEvent
CreateEventA
WaitForSingleObject
CreateThread
TerminateThread
GetThreadLocale
GetVersion
GetVersionExA
CreateMutexA
GetLastError
OpenEventA
CloseHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetTimeZoneInformation
GetCurrentProcessId
GetTickCount
GetCurrentDirectoryA
GetFileTime
GetModuleFileNameA
GetFileAttributesA
FileTimeToSystemTime
CreateFileA
ReadFile
GetFileSize
WriteFile
SetFilePointerEx
CreateDirectoryA
DeleteFileA
GetFileSizeEx
MoveFileA
SetEvent
WaitForMultipleObjects
GetPrivateProfileStringA
CreateProcessA
OpenProcess
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter

user32

SetWindowPos
PostQuitMessage
GetDlgItem
ShowWindow
EnableWindow
GetWindowRect
CreateWindowExA
DestroyMenu
SendMessageA
IsWindowVisible
wsprintfA
GetWindowTextA
GetWindowTextLengthA
CreateDialogParamA
LoadBitmapA
DialogBoxParamA
EndDialog
GetSysColor
TranslateMessage
DispatchMessageA
IsDialogMessageA
GetMessageA
ReleaseDC
GetDC
SetWindowTextA
CreateIconIndirect
WaitForInputIdle
RegisterClassExA
DefWindowProcA
RegisterWindowMessageA
TrackPopupMenu
GetCursorPos
GetMenuItemID
KillTimer
LoadIconA
SetFocus
MessageBoxA
PostMessageA
GetSubMenu
SetForegroundWindow
DestroyWindow
SetMenuDefaultItem
LoadMenuA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetFolderPathA

dbcapi

ord8
ord19
ord18
ord72
ord10
ord11
ord125
ord2
ord64
ord4
ord3
ord20

shlwapi

PathFindFileNameA
PathCombineA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

gdi32

SetPixel
CreateCompatibleDC
GetObjectA
SelectObject
DeleteDC
DeleteObject
GetPixel
CreateCompatibleBitmap

wininet

HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: 368KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3422b6b6618247a1625a300febdf589

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

shell32

dbcapi

shlwapi

psapi

gdi32

wininet

advapi32

oleaut32

Sections

.text Size: 368KB - Virtual size: 364KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 8KB - Virtual size: 30KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 368KB - Virtual size: 364KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 8KB - Virtual size: 30KB

.rsrc
Size: 28KB - Virtual size: 26KB