88ba1b56151c5ae35ec555a37db70ec3734fbfd6e1b76a1c2c53b1e2f8203b43

Sharing

Copy URL Twitter E-mail

General

Target

88ba1b56151c5ae35ec555a37db70ec3734fbfd6e1b76a1c2c53b1e2f8203b43
Size

1012KB
MD5

c6754415c6cf116c9d588b42d9b53932
SHA1

a8e845a34ade1430669b9fe0592fb0586bb51e77
SHA256

88ba1b56151c5ae35ec555a37db70ec3734fbfd6e1b76a1c2c53b1e2f8203b43
SHA512

d7f57f3b89cdd4d1ec334e900948e3dba4b0880830de91aabd3309a8c32aceac493d8462ce96a6e2d5f0535a567972803feeb8054a90a4e90a9118a1e8541929
SSDEEP

12288:OPppN1nwJrIWXoFQnUCcf7VxFssV8Uc2KD0fTMFz8eYwlfA2CdWxjFP7dxljI8wL:OrzmuV71TMFYOlfpfFPhxljI8w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88ba1b56151c5ae35ec555a37db70ec3734fbfd6e1b76a1c2c53b1e2f8203b43

Files

88ba1b56151c5ae35ec555a37db70ec3734fbfd6e1b76a1c2c53b1e2f8203b43
.exe windows:5 windows x86 arch:x86

ca4bb0dc7b1cc864d469a530631df28f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qci_workspace\root-workspaces\__qci-pipeline-15729-2\src\Setup\Basic\Output\bin\QQPCUninst\QQPCUninst.pdb

Imports

kernel32

GetCommandLineW
SetErrorMode
CreateEventW
VirtualAllocEx
SetUnhandledExceptionFilter
LocalAlloc
GetLogicalDriveStringsW
LocalFree
GetLocalTime
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
DeleteFileW
GetTempFileNameW
ReleaseMutex
DeviceIoControl
FreeResource
GetTempPathW
SetLastError
SearchPathW
LoadLibraryExW
lstrcmpiW
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetDriveTypeW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
InterlockedIncrement
GetACP
ExitProcess
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFullPathNameW
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
IsProcessorFeaturePresent
InterlockedPushEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetLocaleInfoW
DuplicateHandle
CreatePipe
GetStdHandle
MoveFileExW
RemoveDirectoryW
GetCommandLineA
MoveFileW
SetFileAttributesW
GetCurrentThreadId
CreateMutexW
InterlockedDecrement
CreateProcessW
GetCurrentProcessId
Process32FirstW
OutputDebugStringW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
TerminateProcess
GetCurrentProcess
QueryDosDeviceW
GetTickCount
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
GetSystemDirectoryW
CreateDirectoryW
GetVersion
lstrcpynW
FindResourceW
LoadResource
HeapFree
FindResourceExW
LockResource
SizeofResource
ReadFile
MapViewOfFileEx
CreateFileMappingW
WriteProcessMemory
GetFileSize
CloseHandle
UnmapViewOfFile
CreateFileW
WriteFile
MultiByteToWideChar
GetCPInfo
VirtualQuery
GetSystemInfo
Sleep
GetSystemDefaultLangID
GetVersionExW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
WideCharToMultiByte
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
SetEvent
LoadLibraryA
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount

user32

LoadCursorW
CharNextW
IsWindow
ShowWindow
RegisterClassExW
SendMessageW
CreateWindowExW
FindWindowExW
SendMessageTimeoutW
FindWindowW
GetWindowThreadProcessId
MessageBoxW
AttachThreadInput
GetForegroundWindow
LoadIconW
PostQuitMessage
SetForegroundWindow
SystemParametersInfoW
DefWindowProcW
PostMessageW
SetWindowPos

gdi32

DeleteObject

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetSpecialFolderPathW
SHChangeNotify

ole32

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
VariantInit
VariantClear
SysAllocString

shlwapi

SHDeleteKeyW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFileExistsW
wnsprintfW

ws2_32

htons
htonl

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

crypt32

CertFindCertificateInStore
CryptQueryObject
CryptMsgGetParam
CertGetNameStringW

netapi32

Netbios

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca4bb0dc7b1cc864d469a530631df28f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

psapi

crypt32

netapi32

Sections

.text Size: 310KB - Virtual size: 309KB

.rdata Size: 247KB - Virtual size: 247KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 433KB - Virtual size: 432KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 310KB - Virtual size: 309KB

.rdata
Size: 247KB - Virtual size: 247KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 433KB - Virtual size: 432KB

.reloc
Size: 16KB - Virtual size: 15KB