TQAnp[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TQAnp.dll
Size

1.4MB
MD5

e3066568e9cab38f413ed447ac787b7e
SHA1

63192de9357fe402895c90840c9ba1e0e7cbc438
SHA256

05294b7a0b549db29b6697bab0a28678f31439eef68f0db149873b409fe3dc34
SHA512

39f12ddad0b67ab3010d56589dc733af63821f9693282b04789044c4b1b028329673ca8cb78e31f1aebe0a1f202d5c8e6e2a63bbfa1ef81859d081c4c95a5629
SSDEEP

24576:9J9/TVCb2kmBk6PRMMBGfyjPugDmEVPzmoUww0izEq5n9HPF+pjW:zCbqBk+WGuZCzm5fYq9+pjW

Score

1^/10

Malware Config

Signatures

Files

TQAnp.dll
.dll windows:5 windows x86 arch:x86

b535c2411e27a57e0627e1c2b6c1d1ce

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:0b:8c:79:06:b9:18:cb:6f:26:78:1a:97:8c:71:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/05/2011, 00:00

Not After

23/05/2013, 23:59

Subject

CN=Fujian NetDragon Computer Network Information Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Fujian NetDragon Computer Network Information Technology Co.\,Ltd,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:50:e7:12:a8:3f:26:79:bb:1b:ee:63:27:e2:3f:89:ab:63:69:44
Signer

Actual PE Digest

44:50:e7:12:a8:3f:26:79:bb:1b:ee:63:27:e2:3f:89:ab:63:69:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket
select
connect
htons
ioctlsocket
socket

user32

GetClassNameA
GetDesktopWindow
GetWindow
FindWindowExA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kernel32

GetConsoleOutputCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
WriteConsoleW
FlushFileBuffers
WriteConsoleA
IsValidCodePage
GetTickCount
ExitProcess
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
IsDebuggerPresent
VirtualProtect
GetVersionExA
CreateFileA
DeviceIoControl
CloseHandle
GetComputerNameA
GetVolumeInformationW
VerSetConditionMask
VerifyVersionInfoA
GetFileSize
ReadFile
OpenProcess
GetCurrentProcessId
Sleep
OpenMutexA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode

Exports

Exports

?bin@@YA_NPAD0H@Z
?dsk2@@YA_NPAD0KH@Z
?dsk@@YA_NPAD0KH@Z
?ec@@YA_NKW4ENCRY_TYPE_DLL@@PAD1H@Z
?eccver@@YAXAAHAADKGAAG@Z
?edw2@@YAKAAK@Z
?edw@@YAKAAK@Z
?getcalc@@YAKDD@Z
?getdl@@YAKXZ
?geteasy@@YAKKK@Z
?getpn2@@YAXKAAU_PC_CRC_DATA@@@Z
?getpn@@YAKPADHHAAK@Z
?getrc2@@YAKPADD@Z
?getrc2@@YAKPADDHH@Z
?getrc@@YAXAAY0L@K@Z
?m_cCSD@@YADXZ
?m_cCSD@@YAXD@Z
?setgid@@YAXD@Z
?sinit@@YAXKKG@Z
?sinits@@YAXKG@Z

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rs0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b535c2411e27a57e0627e1c2b6c1d1ce

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

10:0b:8c:79:06:b9:18:cb:6f:26:78:1a:97:8c:71:64Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

44:50:e7:12:a8:3f:26:79:bb:1b:ee:63:27:e2:3f:89:ab:63:69:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 81KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 10KB - Virtual size: 40KB

.rs0 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 434B

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

10:0b:8c:79:06:b9:18:cb:6f:26:78:1a:97:8c:71:64
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:50:e7:12:a8:3f:26:79:bb:1b:ee:63:27:e2:3f:89:ab:63:69:44
Signer

.text
Size: 82KB - Virtual size: 81KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 10KB - Virtual size: 40KB

.rs0
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 434B