0dba2897a2558bf1b3ccce30f203aa345730ecf38777de6ef00285c326d27110

Sharing

Copy URL Twitter E-mail

General

Target

0dba2897a2558bf1b3ccce30f203aa345730ecf38777de6ef00285c326d27110
Size

92KB
MD5

1ca198d9a1059a1e962b276e58cbc023
SHA1

e06af04d65a9d204d12844be1f0f42e25211ac32
SHA256

0dba2897a2558bf1b3ccce30f203aa345730ecf38777de6ef00285c326d27110
SHA512

164ed34b964d4e0e02f9fd90ffd3534b5bbbcbad9121285bb1495503a024a5f58e0ae83cfc4edf7e7af279de622ef15eb5504196714d14ab914feb620b705716
SSDEEP

1536:Yay9n2lPko9fuKYDdZYtxhksysi1vDNG73G0EXJig6Vq:vyBaPkkrYGnDysiBY73G0ci1Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dba2897a2558bf1b3ccce30f203aa345730ecf38777de6ef00285c326d27110

Files

0dba2897a2558bf1b3ccce30f203aa345730ecf38777de6ef00285c326d27110
.exe windows:5 windows x86 arch:x86

0736aafbcda79cc82f9b1810b639e5cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qci_workspace\root-workspaces\__qci-pipeline-358491-1\Basic\Output\BinFinal\QQPCTray.pdb

Imports

zlib

zlibVersion

shlwapi

PathAppendW
PathRemoveFileSpecW
StrStrIW
PathAddBackslashW
PathCombineA
PathFileExistsW
PathCombineW

kernel32

GetCurrentProcessId
GetModuleHandleW
WTSGetActiveConsoleSessionId
OpenMutexW
InterlockedCompareExchange
InterlockedExchange
Sleep
FreeLibrary
SetDllDirectoryW
GetVersionExW
HeapCreate
CreateEventW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileA
ResetEvent
ReadFileEx
WaitForSingleObjectEx
GetProcessWorkingSetSize
GetCurrentProcess
SetProcessWorkingSetSize
VirtualLock
VirtualUnlock
SetCurrentDirectoryA
LoadLibraryExA
SetEvent
MultiByteToWideChar
SetFilePointer
WriteFile
TerminateProcess
LoadLibraryExW
IsDebuggerPresent
OpenEventW
GetSystemTimeAsFileTime
ReadFile
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleHandleExW
ProcessIdToSessionId
QueryPerformanceCounter
SwitchToThread
GetCurrentThreadId
GetPrivateProfileIntW
WaitForSingleObject
UnhandledExceptionFilter
OpenProcess
lstrcmpiW
GetModuleFileNameA
VirtualQuery
HeapFree
HeapAlloc
HeapDestroy
SetLastError
GetLastError
CloseHandle
CreateProcessW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
ReleaseMutex
CreateMutexW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
OutputDebugStringW
GetTempPathW

advapi32

GetTraceLoggerHandle
GetTraceEnableLevel
TraceEvent
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
LsaNtStatusToWinError
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

secur32

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

vcruntime140

memset
__std_exception_copy
__std_exception_destroy
_except_handler4_common
__CxxFrameHandler3
wcsrchr
memmove
_CxxThrowException
__std_terminate
memcpy

api-ms-win-crt-runtime-l1-1-0

terminate
_controlfp_s
__p___argc
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__p___wargv
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vswprintf_s
__p__commode
__stdio_common_vsprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcsncmp
strncpy_s
wcsncpy_s
_wcsicmp
_wcsnicmp
wcsncat

api-ms-win-crt-convert-l1-1-0

_wtol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0736aafbcda79cc82f9b1810b639e5cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

zlib

shlwapi

kernel32

advapi32

msvcp140

secur32

psapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 88B

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 88B

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 3KB - Virtual size: 3KB