b70f874fa720809ec179c1995768e6b571664b01e3ccfa00a2c079090182280e

Sharing

Copy URL Twitter E-mail

General

Target

b70f874fa720809ec179c1995768e6b571664b01e3ccfa00a2c079090182280e
Size

2.7MB
MD5

e0f6cb10a73f625cbec82c6537b233a5
SHA1

cad71e2a6f9b8ad428d418ecabe06f6fb51c23c0
SHA256

b70f874fa720809ec179c1995768e6b571664b01e3ccfa00a2c079090182280e
SHA512

c02a03999bd205f17c69d923d271a80083f41ed1e105c550436fb19a24cfb5811ccb1b136c33279262f4dfe9ed91d677a6b75ad0dd3ec3554714f6f41187fcd6
SSDEEP

49152:cYHVA3WH2uqMuzRLRYItP1JVlZ/KgnLnWspgsLRpdvxJGTlbBGBNh:cYHVA3WH2/dr7lZK8TLKlbBY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b70f874fa720809ec179c1995768e6b571664b01e3ccfa00a2c079090182280e

Files

b70f874fa720809ec179c1995768e6b571664b01e3ccfa00a2c079090182280e
.exe windows:6 windows x86 arch:x86

50bac38c7ea5b373b3ae6d6b961f0d25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Autorun_QtWebEngineProcess.pdb

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

shlwapi

PathRemoveFileSpecW

ws2_32

ntohl
WSACleanup
htonl

kernel32

GetModuleHandleExA
QueryDosDeviceA
GetLogicalDriveStringsA
ReadFile
SetFilePointer
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryW
CreateThread
WaitForSingleObject
CloseHandle
GetExitCodeThread
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
CreateEventA
SetEvent
WaitForSingleObjectEx
FormatMessageW
WideCharToMultiByte
LocalFree
FormatMessageA
GetProcessHeap
HeapAlloc
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetModuleHandleW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
ReleaseSemaphore
HeapFree
GetModuleHandleA
Sleep
ResetEvent
GetSystemInfo
GetLastError
QueryPerformanceCounter
GetCurrentProcessId
OpenEventA
GetCurrentProcess
ReadProcessMemory
VirtualAlloc
VirtualFree
IsWow64Process
LoadLibraryA
GetTempPathA
GetTempFileNameA
CreateFileA
FlushFileBuffers
SetUnhandledExceptionFilter
OpenEventW
VirtualQuery
VirtualProtect
FlushInstructionCache
FreeLibrary
lstrcmpA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetTickCount
DeleteCriticalSection
TerminateProcess
WriteProcessMemory
CreateFileW
WriteFile
CreateProcessW
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
LoadLibraryExW
GetModuleHandleExW
IsBadReadPtr
FindResourceW
LoadResource
SizeofResource
LockResource
SetLastError
GetStdHandle
GetEnvironmentVariableW
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteFiber
ConvertFiberToThread
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
LoadLibraryExA
CreateEventW
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FindFirstFileExW
RaiseException

msvcp140

?_Getname@_Locinfo@std@@QBEPBDXZ
?good@ios_base@std@@QBE_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??0ios_base@std@@IAE@XZ
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
??1_Locinfo@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Id_cnt@id@locale@std@@0HA
??1_Lockit@std@@QAE@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
??0_Locinfo@std@@QAE@HPBD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xruntime_error@std@@YAXPBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?clear@ios_base@std@@QAEXH_N@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z

bcrypt

BCryptGenRandom

vcruntime140

strrchr
strstr
_except_handler4_common
memchr
wcsstr
wcsrchr
_except_handler3
wcschr
memcmp
_purecall
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
memmove
_CxxThrowException
memcpy
__std_terminate
memset
strchr

api-ms-win-crt-string-l1-1-0

isspace
_stricmp
strcpy_s
wcsnlen
_wcsicmp
strcspn
_strnicmp
strspn
strcmp
wcsncpy_s
strncpy
wcslen
strncmp
wcscpy_s
strlen

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-runtime-l1-1-0

terminate
strerror
_invalid_parameter_noinfo_noreturn
_errno
_exit
raise
strerror_s
signal
_controlfp_s
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_crt_atexit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s
_localtime64

api-ms-win-crt-stdio-l1-1-0

ungetc
fgetc
_set_fmode
fputc
__stdio_common_vswprintf_s
ferror
fputs
_fileno
fgets
__p__commode
__acrt_iob_func
fflush
fopen
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vsscanf
__stdio_common_vfprintf
_setmode
ftell
fread
feof
fseek
fclose
fwrite
_wfopen

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstombs
atoi
strtoul
strtol

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr
_fdopen

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

psapi

GetMappedFileNameA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50bac38c7ea5b373b3ae6d6b961f0d25

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

shlwapi

ws2_32

kernel32

msvcp140

bcrypt

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

psapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 393KB - Virtual size: 392KB

.data Size: 12KB - Virtual size: 31KB

.rsrc Size: 1024B - Virtual size: 664B

.reloc Size: 53KB - Virtual size: 52KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 393KB - Virtual size: 392KB

.data
Size: 12KB - Virtual size: 31KB

.rsrc
Size: 1024B - Virtual size: 664B

.reloc
Size: 53KB - Virtual size: 52KB