6d382cf47da8689912cf8c308bdc3f3afc81d21abaab34c020939f29d90373b8

Sharing

Copy URL Twitter E-mail

General

Target

6d382cf47da8689912cf8c308bdc3f3afc81d21abaab34c020939f29d90373b8
Size

581KB
MD5

851b6a43fb30f1a25e564b866f011820
SHA1

5d9efeded2684aaba147405306be5edc47657ee2
SHA256

6d382cf47da8689912cf8c308bdc3f3afc81d21abaab34c020939f29d90373b8
SHA512

5ff144afe426764a59a687f649be0040d9818e1a82881f16dbb4dc3b708abc58ba222bac75b379823d8e6a35555eb1b40e79e79f4a6d2c3b555ada81b6554788
SSDEEP

12288:wY6oJmEo+BZFVWI5GbNyYyzGtwQoojFSxoSxJ9uTSD4l+hSIpOhFL:wYf3PzGtwQVFSi8YKGASIQhFL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d382cf47da8689912cf8c308bdc3f3afc81d21abaab34c020939f29d90373b8

Files

6d382cf47da8689912cf8c308bdc3f3afc81d21abaab34c020939f29d90373b8
.exe windows:6 windows x86 arch:x86

24e4f34a4b3a8b7c8a8368a4cd9cd697

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\data\landun\workspace\QQInstaller\Setup3\build\Release\Uninstall.pdb

Imports

msi

ord195

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
recv
WSACleanup
closesocket
gethostbyname
WSAStartup
inet_addr
send
socket
connect
inet_ntoa

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
CreateDirectoryW
GetLongPathNameW
GetTempPathW
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
MoveFileExW
GetTickCount
MoveFileW
GetLastError
CreateMutexW
LoadLibraryW
GetProcAddress
GetVersionExW
WideCharToMultiByte
QueryDosDeviceW
lstrlenW
K32GetModuleFileNameExW
WaitForSingleObject
K32GetProcessImageFileNameW
OpenProcess
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
Process32NextW
lstrcatW
Process32FirstW
CloseHandle
GetCurrentProcessId
CreateProcessW
lstrcpyW
lstrcmpiW
TerminateProcess
K32EnumProcessModules
MultiByteToWideChar
SizeofResource
FindFirstFileW
WriteFile
FindClose
CreateFileW
LoadResource
FindResourceW
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
CreateEventW
ReadFile
SetLastError
FindNextFileW
GetCurrentProcess
GetFileAttributesExW
GetCurrentDirectoryW
OutputDebugStringA
GetModuleFileNameW
SetFilePointer
ReleaseMutex
HeapAlloc
AssignProcessToJobObject
ResumeThread
GetModuleHandleW
GetSystemTimeAsFileTime
GetCommandLineW
LocalFree
GetNativeSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
HeapSize
GetCurrentThreadId
Sleep
RaiseException
CreateThread
GetSystemDirectoryW
GetWindowsDirectoryW
SetEvent
ExitProcess
FreeResource
LockResource
SetStdHandle
GetModuleHandleExW
GetConsoleMode
GetConsoleOutputCP
GetFullPathNameW
LoadLibraryExW
FreeLibrary
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
HeapFree
GetDriveTypeW
GetTimeZoneInformation
ReadConsoleW
GetFileSizeEx
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
GetStdHandle
IsDebuggerPresent

user32

PostQuitMessage
MessageBoxW
KillTimer
TranslateMessage
GetQueueStatus
CallMsgFilterW
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
RegisterClassExW
DefWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
UnregisterClassW
WaitMessage

advapi32

CreateProcessAsUserW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHChangeNotify
SHFileOperationW

ole32

CLSIDFromProgID
CoTaskMemFree
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
StringFromCLSID

shlwapi

PathStripToRootW
wnsprintfW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24e4f34a4b3a8b7c8a8368a4cd9cd697

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

userenv

winmm

Sections

.text Size: 429KB - Virtual size: 428KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 429KB - Virtual size: 428KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 20KB - Virtual size: 19KB