318be111ecd997021ad7ee45e1ecf2b9a57a16116f0ed3cddc3f197a4caf9894

Sharing

Copy URL Twitter E-mail

General

Target

318be111ecd997021ad7ee45e1ecf2b9a57a16116f0ed3cddc3f197a4caf9894
Size

6.4MB
MD5

2d8b80f6dc6ed2b85a27d8de653ae9ca
SHA1

c6df4391cf37b93873b0060ee0abbbf0840e5eb8
SHA256

318be111ecd997021ad7ee45e1ecf2b9a57a16116f0ed3cddc3f197a4caf9894
SHA512

a892232d65e6556b2cbf1ffd314ef7783de82a2776478eae33781ac533a6ceb24d8e63f5e944b8e4e1da016e951cca4083006f9cf0d16c70adfbaf6783ffdb8e
SSDEEP

196608:2f0DSNJ7gfG/5raPisfWdj2VmLQDtj01D:2f0dfY5ra6GVhBI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
318be111ecd997021ad7ee45e1ecf2b9a57a16116f0ed3cddc3f197a4caf9894

Files

318be111ecd997021ad7ee45e1ecf2b9a57a16116f0ed3cddc3f197a4caf9894
.dll windows:6 windows x64 arch:x64

73a72a04030cc05fedc22d4d8c841790

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\test\sdk\2.3.0\qsec-client-2.3.0\Windows\bin\x64\Release\qsec.pdb

Imports

ws2_32

inet_ntop
freeaddrinfo
getaddrinfo
__WSAFDIsSet
select
closesocket
connect
htons
send
inet_addr
recv
socket
WSAStartup

kernel32

VirtualQueryEx
SetLastError
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
LoadLibraryExW
OutputDebugStringA
GetEnvironmentVariableW
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
OpenProcess
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateFileW
DeviceIoControl
LocalAlloc
LocalFree
SetEnvironmentVariableW
DeleteFileW
MoveFileW
MoveFileExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryA
lstrcmpA
ExpandEnvironmentStringsA
CreateFileA
CreateThread
VirtualProtectEx
GetWindowsDirectoryA
GetModuleHandleA
GetLogicalDriveStringsA
QueryFullProcessImageNameA
QueryDosDeviceA
IsBadReadPtr
K32EnumProcesses
K32EnumProcessModules
GetThreadContext
K32GetModuleInformation
K32EnumDeviceDrivers
K32GetDeviceDriverFileNameA
Thread32First
Thread32Next
GetModuleFileNameA
FormatMessageA
GetSystemInfo
ReleaseMutex
WaitForSingleObject
CreateMutexA
WideCharToMultiByte
Module32First
Module32Next
WriteFile
FlushFileBuffers
HeapAlloc
HeapFree
QueryPerformanceFrequency
CreateProcessW
DuplicateHandle
ReadFile
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
OpenThread
SetThreadContext
TlsGetValue
TlsAlloc
GetACP
IsValidCodePage
CreatePipe
GetExitCodeProcess
GetStdHandle
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
ResumeThread
SuspendThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetLastError
Sleep
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetFileSizeEx
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
OutputDebugStringW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
K32GetModuleFileNameExA
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetTimeZoneInformation
GetFileType
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetEndOfFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
GetTempPathW
AreFileApisANSI
CreateDirectoryExW
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
MultiByteToWideChar
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

user32

DestroyIcon
GetWindowThreadProcessId
GetClassNameA
FindWindowExA
GetWindowLongA
MessageBoxA
GetWindowRect
GetWindowTextA
wsprintfW
GetIconInfo

gdi32

SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectA

shell32

ExtractIconExA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SetErrorInfo
VariantChangeType
CreateErrorInfo
VariantClear
VariantInit
SysFreeString
SysAllocString
GetErrorInfo

advapi32

CloseServiceHandle
OpenSCManagerA
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
GetUserNameA
ControlService
CreateServiceW
DeleteService
StartServiceA

crypt32

CryptMsgOpenToDecode
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptQueryObject

wintrust

CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
WinVerifyTrust

ntdll

NtSetInformationThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQueryInformationProcess

Exports

Exports

GetDataContent
GetDataCount
OO00OOAI2
OO00OOGE1
OO00OOIN1
OO00OOIO1
OO00OOLD1
OO00OOPF1
OO00OORI2
l11l11ll1l
ll11l1l11ll

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nep0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nep2
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73a72a04030cc05fedc22d4d8c841790

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

crypt32

wintrust

ntdll

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 288KB - Virtual size: 287KB

.data Size: 10KB - Virtual size: 44KB

.pdata Size: 122KB - Virtual size: 122KB

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 244B

.nep0 Size: 3.1MB - Virtual size: 3.1MB

.nep1 Size: 4KB - Virtual size: 3KB

.nep2 Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 16KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 288KB - Virtual size: 287KB

.data
Size: 10KB - Virtual size: 44KB

.pdata
Size: 122KB - Virtual size: 122KB

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 244B

.nep0
Size: 3.1MB - Virtual size: 3.1MB

.nep1
Size: 4KB - Virtual size: 3KB

.nep2
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 469B