315f81f9c59ef2fa51e048d0560476bff62643e1fa66a10cadd4260866802553

Sharing

Copy URL Twitter E-mail

General

Target

315f81f9c59ef2fa51e048d0560476bff62643e1fa66a10cadd4260866802553
Size

683KB
MD5

b505ec00276c6bc4697e8fd5c1352629
SHA1

6897d1fcfa8ac0c39bf30a1bd31023d742f4f8f0
SHA256

315f81f9c59ef2fa51e048d0560476bff62643e1fa66a10cadd4260866802553
SHA512

2370e06c96cdd7e1bd8cc98fff837a04230b830bd59705c3bd44dcabe984fe146e1a5242e6152b0aa7522e9c43793a54eac296487031ee63237ce8c0f541b89e
SSDEEP

12288:Fc3SLalVF81K8EhgHQQGikYNU1z2bvNeAerwmfxRID1PCg1gHWNioM7KkWKOoCAf:+XF8GgHHGrjKPQPDDc1gASWrKKWbGDbm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
315f81f9c59ef2fa51e048d0560476bff62643e1fa66a10cadd4260866802553

Files

315f81f9c59ef2fa51e048d0560476bff62643e1fa66a10cadd4260866802553
.exe windows:5 windows x86 arch:x86

7e153233cea0244fd61dcaa7a8a0dbb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-1199246-1\Misc\Setup3\build\Release\Uninstall.pdb

Imports

msi

ord195
ord70

psapi

EnumProcessModules
GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

htons
recv
inet_ntoa
WSACleanup
closesocket
gethostbyname
WSAStartup
inet_addr
send
socket
connect

kernel32

GetACP
CreateDirectoryW
GetLongPathNameW
GetTempPathW
GetFileAttributesW
DeleteFileW
WaitForSingleObject
GetVersionExW
Sleep
GetLastError
GetProcAddress
GetModuleHandleW
RemoveDirectoryW
MoveFileExW
GetTickCount
MoveFileW
CreateMutexW
LoadLibraryW
WideCharToMultiByte
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
GetCurrentProcessId
CreateProcessW
lstrcmpiW
GetExitCodeProcess
TerminateProcess
MultiByteToWideChar
SizeofResource
FindFirstFileW
WriteFile
FindClose
CreateFileW
LoadResource
FindResourceW
InterlockedExchangeAdd
SetUnhandledExceptionFilter
ReadFile
GetCurrentProcess
GetStdHandle
AssignProcessToJobObject
ResumeThread
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CreateEventW
InterlockedCompareExchange
GetNativeSystemInfo
SetLastError
OutputDebugStringA
GetModuleFileNameW
SetFilePointer
ReleaseMutex
FindNextFileW
GetFileAttributesExW
GetCurrentDirectoryW
CopyFileW
GetCommandLineW
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
IsDebuggerPresent
GetCurrentThreadId
RaiseException
CreateThread
SetEndOfFile
SetFilePointerEx
IsValidLocale
GetSystemDirectoryW
GetWindowsDirectoryW
SetEvent
InterlockedIncrement
ExitProcess
FreeResource
LockResource
GetUserDefaultLCID
GetFullPathNameW
GetConsoleMode
GetConsoleCP
GetFileType
SetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EnumSystemLocalesW
HeapAlloc
HeapFree
GetTimeZoneInformation
WriteConsoleW
GetDriveTypeW
ReadConsoleW
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
EncodePointer
SwitchToThread
SetEnvironmentVariableA
GetProcessHeap
HeapSize
FlushFileBuffers

user32

KillTimer
TranslateMessage
GetQueueStatus
GetWindowThreadProcessId
GetShellWindow
MessageBoxW
SendMessageW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
FindWindowW
DispatchMessageW
PostQuitMessage
RegisterClassExW
DefWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
UnregisterClassW
WaitMessage

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
CreateProcessAsUserW
RegSetValueExW
OpenProcessToken
RegDeleteValueW
GetUserNameW
RegCloseKey
RegOpenKeyW
DeleteService
ControlService
RegQueryInfoKeyW
RegDeleteKeyW
ConvertStringSidToSidW
IsValidSid
LookupAccountSidW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
OpenServiceW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHFileOperationW
CommandLineToArgvW
SHChangeNotify
SHGetPathFromIDListW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
StringFromCLSID
CLSIDFromProgID
CoTaskMemFree
CoInitialize

oleaut32

SysAllocString
SysFreeString

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathStripToRootW
wnsprintfW
SHDeleteKeyW
PathCanonicalizeW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e153233cea0244fd61dcaa7a8a0dbb1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

psapi

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

userenv

shlwapi

winmm

Sections

.text Size: 487KB - Virtual size: 486KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 487KB - Virtual size: 486KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 27KB - Virtual size: 27KB