3baeba3434c611707fda5e1a6aaad4a4c81f657744d3c57fcb822ced9779ee44

Sharing

Copy URL Twitter E-mail

General

Target

3baeba3434c611707fda5e1a6aaad4a4c81f657744d3c57fcb822ced9779ee44
Size

1.5MB
MD5

358b168908005faa581614db2a56f82d
SHA1

6eeb9aa11108909c40bb24b90b6ef439dfe3d5d1
SHA256

3baeba3434c611707fda5e1a6aaad4a4c81f657744d3c57fcb822ced9779ee44
SHA512

1ec52c8f2b03740bd0d8d0109714303f9e26062bfa9dcacc149a2380d8822bc8f7cab7a4b339933d34e6865e8e43ff4f6f1f8e85d9e2edf8b2840174d50f57d1
SSDEEP

12288:/MAO44+/x8J7ct3z5htUcQ1MlhrmQgwwJzt5+7fyZkCtXFiWZF/3o:/W44+mIJz5IcuMlQHJxrDiSi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3baeba3434c611707fda5e1a6aaad4a4c81f657744d3c57fcb822ced9779ee44

Files

3baeba3434c611707fda5e1a6aaad4a4c81f657744d3c57fcb822ced9779ee44
.exe windows:6 windows x64 arch:x64

9e29f6bdd1cf83726b65c2172da30257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\code\Bin\x64\Release\FilmStockService.pdb

Imports

wsap-filmorax

ord10193
ord9766
ord5401
ord6191
ord2698
ord9806
ord338

fcommonview

?setUrl@FFilmStockServiceDialog@@QEAAXAEBVQString@@@Z
?presenter@FFilmStockServiceDialog@@QEBAPEAVFFilmStockServicePresenter@@XZ
?create@FFilmStockServiceDialog@@SAPEAV1@PEAVQWidget@@@Z
?instance@FFilmStockServiceDialog@@SAPEAV1@XZ
?popup@FFilmStockServiceDialog@@SAXPEAVQWidget@@@Z
?notifyMainAppLogin@FFilmStockServicePresenter@@QEAAXAEBVQStringList@@@Z

qt5core

?willGrow@QHashData@@QEAA_NXZ
?rehash@QHashData@@QEAAXH@Z
?begin@QListData@@QEBAPEAPEAXXZ
?at@QListData@@QEBAPEAPEAXH@Z
?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z
?append@QListData@@QEAAPEAPEAXXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?dispose@QListData@@QEAAXXZ
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
??0QVariant@@QEAA@XZ
?toStdString@QString@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??4QString@@QEAAAEAV0@PEBD@Z
??0QString@@QEAA@PEBD@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
??YQString@@QEAAAEAV0@AEBV0@@Z
?endsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?left@QString@@QEBA?AV1@H@Z
?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z
?arg@QString@@QEBA?AV1@HHHVQChar@@@Z
?isEmpty@QString@@QEBA_NXZ
?length@QString@@QEBAHXZ
??4QString@@QEAAAEAV0@$$QEAV0@@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
??1QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
??0QString@@QEAA@XZ
??0QChar@@QEAA@UQLatin1Char@@@Z
??1Connection@QMetaObject@@QEAA@XZ
??0QVariant@@QEAA@_N@Z
?toBool@QVariant@@QEBA_NXZ
?toString@QVariant@@QEBA?AVQString@@XZ
?arguments@QCoreApplication@@SA?AVQStringList@@XZ
?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z
?setApplicationVersion@QCoreApplication@@SAXAEBVQString@@@Z
?applicationVersion@QCoreApplication@@SA?AVQString@@XZ
?instance@QCoreApplication@@SAPEAV1@XZ
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?allocateNode@QHashData@@QEAAPEAXH@Z
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
??1QVariant@@QEAA@XZ
?end@QListData@@QEBAPEAPEAXXZ
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?shared_null@QListData@@2UData@1@B
?shared_null@QHashData@@2U1@B
?detach@QListData@@QEAAPEAUData@1@H@Z

fcore

?prepareRun@FApplication@@MEAAXXZ
?unInit@FApplication@@MEAAXXZ
?init@FApplication@@MEAAXXZ
?getEffectInstallAppName@FApplication@@SA?AVQString@@XZ
??1FApplication@@UEAA@XZ
?initDirInfo@FApplication@@MEAAXXZ
?runFinished@FApplication@@MEAAXXZ
?appProgramDataDir@FApplication@@IEAA?AVQString@@XZ
?initAppLog@FApplication@@MEAAXXZ
?getFilmoraProgramDataDir@@YA?AVQString@@XZ
?alreadyRun@FApplication@@MEAAXXZ
?canRun@FApplication@@MEAA_NXZ
?initProductInfo@FApplication@@MEAAXXZ
?isMainApp@FApplication@@MEAA_NXZ
?needBugSplatProxy@FApplication@@MEAA_NXZ
?needInitSkin@FApplication@@MEAA_NXZ
?productName@FApplication@@UEAA?AVQString@@XZ
?productUniqueKey@FApplication@@UEAA?AVQString@@XZ
?showSplashScreen@FApplication@@MEAAXXZ
??0FApplication@@QEAA@AEAHPEAPEAD@Z

ffappsettings

?Release@FFAppSettings@@SAXXZ
?GetInstance@FFAppSettings@@SAPEAV1@XZ

ffapplicense

getLicense
releaseLicense

ffvblmodel

?getInstance@IFFEnvManager@@SAPEAV1@XZ
?initVblLog@IFFVBLLoggerManager@@SAXAEBVQString@@W4ChannelType@1@H@Z
?uninitVblLog@IFFVBLLoggerManager@@SAXXZ

ffwidgets

?uninitWebView@FFWebView@@SAXXZ
?initWebView@FFWebView@@SAXPEAVQCoreApplication@@AEBVQString@@_N@Z

fffilmoracore

?staticMetaObject@FFLocale@@2UQMetaObject@@B
?instance@?$FFLazySingleton@VFFNetworkProxyInfo@@@@SAPEAVFFNetworkProxyInfo@@XZ
?loadProxyInfo@FFNetworkProxyInfo@@QEAAXXZ
??1FFSingleApplication@@QEAA@XZ
?isRunning@FFSingleApplication@@QEAA_NXZ
?getInstance@IFFAppInfo@@SAPEAV1@XZ
??0FFSingleApplication@@QEAA@AEBVQString@@@Z
?instance@?$FFSingleton@VFFLocale@@@@SAPEAVFFLocale@@XZ
?isMainProcessRunning@FFUtility@@SA_NXZ
?Instance@FFConfig@@SAAEAV1@XZ
?GetAppValue@FFConfig@@QEBA?AVQVariant@@AEBVQString@@0V2@@Z
?GetCBSUrl@FFConfig@@QEAA?AVQString@@AEBV2@@Z
?GetInstance@FFCustomProductInfo@@SAPEAV1@XZ
?Release@FFCustomProductInfo@@SAXXZ
?FGetCustomMainPID@FFCustomProductInfo@@QEAA?AVQString@@XZ
?sigLanguageTypeChanged@FFLocale@@QEAAXW4FFLanguageType@1@@Z

ffcore

?ConnectToServer@FFCommunicatorClient@@QEAAXAEBVQString@@@Z
??1FFCommunicatorClient@@UEAA@XZ
?ReleaseManeger@FFNetwork@@SAXXZ
?Release@FFCommunicatorServer@@SAXXZ
?checkDir@FFDir@@SA?AVQString@@AEBV2@_N@Z
?slash@FFDir@@SA?AVQString@@AEBV2@@Z
?metaObject@FFApplication@@UEBAPEBUQMetaObject@@XZ
?qt_metacall@FFApplication@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@FFApplication@@UEAAPEAXPEBD@Z
?SendMsg@FFCommunicatorClient@@QEAAHVQString@@VQStringList@@_N@Z
?initHighDPI@FFApplication@@SAXH@Z
??0FFCommunicatorClient@@QEAA@PEAVQObject@@@Z
?log_@FFBaseLogger@FFBaseLog@@AEAAXAEBUlog_data@2@_N@Z
?defaultLogger@FFBaseLog@@YAPEAVFFBaseLogger@1@XZ
?name@FFBaseLogger@FFBaseLog@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?should_log_@FFBaseLogger@FFBaseLog@@AEAA_NW4LogLevel@2@@Z

kernel32

GetCurrentThreadId
GetCurrentProcessId
RtlVirtualUnwind
WideCharToMultiByte
LocalFree
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
TerminateProcess
GetModuleHandleW
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCommandLineW
RtlCaptureContext

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
_Xtime_get_ticks

vcruntime140

memmove
__std_type_info_destroy_list
__std_exception_destroy
__std_terminate
_CxxThrowException
__CxxFrameHandler3
memcpy
__C_specific_handler
memset
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

terminate
_set_app_type
_register_thread_local_exe_atexit_callback
_get_narrow_winmain_command_line
_invalid_parameter_noinfo_noreturn
_c_exit
_seh_filter_exe
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_exit
exit
_initterm_e

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf
__p__commode

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

shell32

CommandLineToArgvW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e29f6bdd1cf83726b65c2172da30257

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsap-filmorax

fcommonview

qt5core

fcore

ffappsettings

ffapplicense

ffvblmodel

ffwidgets

fffilmoracore

ffcore

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

shell32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 192KB - Virtual size: 191KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 192KB - Virtual size: 191KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB