2d9c4e8763ff13d6e2ce4acf0476c24206e8ec1f46940323fe57510263922843

Sharing

Copy URL Twitter E-mail

General

Target

2d9c4e8763ff13d6e2ce4acf0476c24206e8ec1f46940323fe57510263922843
Size

45KB
MD5

2e3185850e0f51b7442cd3b373c4a9c8
SHA1

765e350b1e950248c65d3648b776ff7c340d70a9
SHA256

2d9c4e8763ff13d6e2ce4acf0476c24206e8ec1f46940323fe57510263922843
SHA512

d106749430a0716d1f7bb264114e036f1c0006df176e88b61018da9205628b0e7c4557ef143ebe3ec2a2b8417c287838e44f7644369add95de955ca1654026c4
SSDEEP

768:VRAjRCYqAxNidlINnhfFbNiZQnZGkqiAurqpt6Z5VGg8MfhFph:jECY9fblFbNiZQAd1urJVGS3

Score

1^/10

Malware Config

Signatures

Files

2d9c4e8763ff13d6e2ce4acf0476c24206e8ec1f46940323fe57510263922843
.dll windows:6 windows x64 arch:x64

0a0ba6659ba07f4674dde952d982ddfe

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:91:15:ff:16:39:3a:39:ec:4d:b6:7d:1e:f5:25:8e
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

01/02/2021, 06:47

Not After

01/02/2022, 06:47

Subject

CN=Open Source Developer\, Akash Mozumdar,O=Open Source Developer,L=Albuquerque,ST=New Mexico,C=US,1.2.840.113549.1.9.1=#0c17616b6173686d6f7a756d64617240676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d9:62:19:48:f9:ae:35:a0:ae:54:f9:42:76:04:48:d3:e5:50:27:76:84:00:96:5f:8e:17:52:01:af:bf:92:78
Signer

Actual PE Digest

d9:62:19:48:f9:ae:35:a0:ae:54:f9:42:76:04:48:d3:e5:50:27:76:84:00:96:5f:8e:17:52:01:af:bf:92:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

qt5widgets

?setPlainText@QPlainTextEdit@@QEAAXAEBVQString@@@Z
?toPlainText@QPlainTextEdit@@QEBA?AVQString@@XZ
??1QPlainTextEdit@@UEAA@XZ
??0QPlainTextEdit@@QEAA@AEBVQString@@PEAVQWidget@@@Z
??1QPushButton@@UEAA@XZ
??0QPushButton@@QEAA@AEBVQString@@PEAVQWidget@@@Z
?clicked@QAbstractButton@@QEAAX_N@Z
??1QHBoxLayout@@UEAA@XZ
??0QHBoxLayout@@QEAA@PEAVQWidget@@@Z
?addWidget@QBoxLayout@@QEAAXPEAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z
?setStyleSheet@QApplication@@QEAAXAEBVQString@@@Z
??1QDialog@@UEAA@XZ
??0QDialog@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z
?resize@QWidget@@QEAAXHH@Z
?show@QWidget@@QEAAXXZ
?setWindowTitle@QWidget@@QEAAXAEBVQString@@@Z
?focusNextPrevChild@QWidget@@MEAA_N_N@Z
?metaObject@QDialog@@UEBAPEBUQMetaObject@@XZ
?qt_metacast@QDialog@@UEAAPEAXPEBD@Z
?qt_metacall@QDialog@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?event@QWidget@@MEAA_NPEAVQEvent@@@Z
?eventFilter@QDialog@@MEAA_NPEAVQObject@@PEAVQEvent@@@Z
?setVisible@QDialog@@UEAAX_N@Z
?sizeHint@QDialog@@UEBA?AVQSize@@XZ
?minimumSizeHint@QDialog@@UEBA?AVQSize@@XZ
?heightForWidth@QWidget@@UEBAHH@Z
?hasHeightForWidth@QWidget@@UEBA_NXZ
?mousePressEvent@QWidget@@MEAAXPEAVQMouseEvent@@@Z
?mouseReleaseEvent@QWidget@@MEAAXPEAVQMouseEvent@@@Z
?mouseDoubleClickEvent@QWidget@@MEAAXPEAVQMouseEvent@@@Z
?mouseMoveEvent@QWidget@@MEAAXPEAVQMouseEvent@@@Z
?wheelEvent@QWidget@@MEAAXPEAVQWheelEvent@@@Z
?keyPressEvent@QDialog@@MEAAXPEAVQKeyEvent@@@Z
?keyReleaseEvent@QWidget@@MEAAXPEAVQKeyEvent@@@Z
?focusInEvent@QWidget@@MEAAXPEAVQFocusEvent@@@Z
?focusOutEvent@QWidget@@MEAAXPEAVQFocusEvent@@@Z
?enterEvent@QWidget@@MEAAXPEAVQEvent@@@Z
?leaveEvent@QWidget@@MEAAXPEAVQEvent@@@Z
?paintEvent@QWidget@@MEAAXPEAVQPaintEvent@@@Z
?moveEvent@QWidget@@MEAAXPEAVQMoveEvent@@@Z
?showEvent@QDialog@@MEAAXPEAVQShowEvent@@@Z
?resizeEvent@QDialog@@MEAAXPEAVQResizeEvent@@@Z
?closeEvent@QDialog@@MEAAXPEAVQCloseEvent@@@Z
?contextMenuEvent@QDialog@@MEAAXPEAVQContextMenuEvent@@@Z
?tabletEvent@QWidget@@MEAAXPEAVQTabletEvent@@@Z
?actionEvent@QWidget@@MEAAXPEAVQActionEvent@@@Z
?dragEnterEvent@QWidget@@MEAAXPEAVQDragEnterEvent@@@Z
?dragMoveEvent@QWidget@@MEAAXPEAVQDragMoveEvent@@@Z
?dragLeaveEvent@QWidget@@MEAAXPEAVQDragLeaveEvent@@@Z
?dropEvent@QWidget@@MEAAXPEAVQDropEvent@@@Z
?staticMetaObject@QAbstractButton@@2UQMetaObject@@B
?sharedPainter@QWidget@@MEBAPEAVQPainter@@XZ
?redirected@QWidget@@MEBAPEAVQPaintDevice@@PEAVQPoint@@@Z
?initPainter@QWidget@@MEBAXPEAVQPainter@@@Z
?metric@QWidget@@MEBAHW4PaintDeviceMetric@QPaintDevice@@@Z
?paintEngine@QWidget@@UEBAPEAVQPaintEngine@@XZ
?devType@QWidget@@UEBAHXZ
?reject@QDialog@@UEAAXXZ
?accept@QDialog@@UEAAXXZ
?done@QDialog@@UEAAXH@Z
?exec@QDialog@@UEAAHXZ
?open@QDialog@@UEAAXXZ
?inputMethodQuery@QWidget@@UEBA?AVQVariant@@W4InputMethodQuery@Qt@@@Z
?inputMethodEvent@QWidget@@MEAAXPEAVQInputMethodEvent@@@Z
?changeEvent@QWidget@@MEAAXPEAVQEvent@@@Z
?nativeEvent@QWidget@@MEAA_NAEBVQByteArray@@PEAXPEAJ@Z
?hideEvent@QWidget@@MEAAXPEAVQHideEvent@@@Z

qt5core

?instance@QCoreApplication@@SAPEAV1@XZ
??1QFile@@UEAA@XZ
??0QFile@@QEAA@AEBVQString@@@Z
?write@QIODevice@@QEAA_JAEBVQByteArray@@@Z
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
??1Connection@QMetaObject@@QEAA@XZ
?invokeMethodImpl@QMetaObject@@CA_NPEAVQObject@@PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEAX@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
??0QString@@QEAA@AEBVQByteArray@@@Z
?toUtf8@QString@@QEHAA?AVQByteArray@@XZ
??1QString@@QEAA@XZ
??1QByteArray@@QEAA@XZ
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?metaObject@QFile@@UEBAPEBUQMetaObject@@XZ
?qt_metacast@QFile@@UEAAPEAXPEBD@Z
?qt_metacall@QFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?isSequential@QFileDevice@@UEBA_NXZ
?close@QFileDevice@@UEAAXXZ
?pos@QFileDevice@@UEBA_JXZ
?size@QFile@@UEBA_JXZ
?seek@QFileDevice@@UEAA_N_J@Z
?atEnd@QFileDevice@@UEBA_NXZ
?reset@QIODevice@@UEAA_NXZ
?bytesAvailable@QIODevice@@UEBA_JXZ
?bytesToWrite@QIODevice@@UEBA_JXZ
?canReadLine@QIODevice@@UEBA_NXZ
?waitForReadyRead@QIODevice@@UEAA_NH@Z
?waitForBytesWritten@QIODevice@@UEAA_NH@Z
?readData@QFileDevice@@MEAA_JPEAD_J@Z
?readLineData@QFileDevice@@MEAA_JPEAD_J@Z
?writeData@QFileDevice@@MEAA_JPEBD_J@Z
?fileName@QFile@@UEBA?AVQString@@XZ
?resize@QFile@@UEAA_N_J@Z
?setPermissions@QFile@@UEAA_NV?$QFlags@W4Permission@QFileDevice@@@@@Z
?permissions@QFile@@UEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcessHeap
HeapReAlloc

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__std_type_info_destroy_list
memcpy
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_seh_filter_dll
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-string-l1-1-0

wcscpy_s

Exports

Exports

OnNewSentence

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a0ba6659ba07f4674dde952d982ddfe

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

60:91:15:ff:16:39:3a:39:ec:4d:b6:7d:1e:f5:25:8eCertificate

Extended Key Usages

Key Usages

d9:62:19:48:f9:ae:35:a0:ae:54:f9:42:76:04:48:d3:e5:50:27:76:84:00:96:5f:8e:17:52:01:af:bf:92:78Signer

Headers

DLL Characteristics

File Characteristics

Imports

qt5widgets

qt5core

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 720B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 580B

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

60:91:15:ff:16:39:3a:39:ec:4d:b6:7d:1e:f5:25:8e
Certificate

d9:62:19:48:f9:ae:35:a0:ae:54:f9:42:76:04:48:d3:e5:50:27:76:84:00:96:5f:8e:17:52:01:af:bf:92:78
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 720B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 580B