01d09ad554b2c8c01262611cf430eed6a657a997b3dd7d2aee7af763ce874339

Sharing

Copy URL Twitter E-mail

General

Target

01d09ad554b2c8c01262611cf430eed6a657a997b3dd7d2aee7af763ce874339
Size

1.5MB
MD5

b4e03086ddcad98b130e403929067131
SHA1

422567bc1dc2b8c0d304f96dce39406382aac97d
SHA256

01d09ad554b2c8c01262611cf430eed6a657a997b3dd7d2aee7af763ce874339
SHA512

9a36e50d9d1a8c727ee5efe263f46e7bde68682030c2deba37d38eccff0b9b9ca43f50df6dd5026cd5ec1b0717d34f5802fa1c9d74ce9a249db02d298e841896
SSDEEP

12288:TKXSMAOe4+/x8J7ct3z5htUcQ1MlhrmQgwwJzt5+7fyZkCtXFiWZF/3o:TKXSWe4+mIJz5IcuMlQHJxrDiSi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01d09ad554b2c8c01262611cf430eed6a657a997b3dd7d2aee7af763ce874339

Files

01d09ad554b2c8c01262611cf430eed6a657a997b3dd7d2aee7af763ce874339
.exe windows:6 windows x64 arch:x64

8e315c7f2caa685f7b104bbd68b3806d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\code\Bin\x64\Release\WebBrowser.pdb

Imports

qt5gui

?fromWinId@QWindow@@SAPEAV1@_K@Z
?setParent@QWindow@@QEAAXPEAV1@@Z

wsap-filmorax

ord3479
ord785
ord1074
ord4967
ord2621
ord3433
ord4116
ord10046
ord3771
ord917
ord7594
ord8414
ord817
ord2832
ord7045
ord2896
ord3815
ord8347
ord10410
ord3163
ord7671
ord3445
ord7250
ord9054
ord2169
ord4795
ord2698
ord6191
ord9806
ord5401
ord3568
ord6728
ord7786
ord1239
ord4933
ord3098
ord2252
ord1676
ord7270
ord2959
ord7206
ord9834
ord10472
ord9107
ord985
ord6894
ord4570
ord3206
ord5555
ord9703
ord3994
ord526
ord9333

fcommonview

??0FIPCWebViewProxy@@QEAA@PEAVIFFIPCTask@@PEAVQWidget@@@Z
?metaObject@FIPCWebViewProxy@@UEBAPEBUQMetaObject@@XZ
?qt_metacall@FIPCWebViewProxy@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@FIPCWebViewProxy@@UEAAPEAXPEBD@Z
?showEvent@FIPCWebViewProxy@@MEAAXPEAVQShowEvent@@@Z
??1FIPCWebViewProxy@@UEAA@XZ

qt5core

?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
??0QVariant@@QEAA@_K@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?shared_null@QListData@@2UData@1@B
?shared_null@QMapDataBase@@2U1@B
??0QString@@QEAA@XZ
??4QString@@QEAAAEAV0@AEBV0@@Z
??0QString@@QEAA@$$QEAV0@@Z
?erase@QListData@@QEAAPEAPEAXPEAPEAX@Z
?append@QListData@@QEAAPEAPEAXAEBU1@@Z
??0QObject@@QEAA@PEAV0@@Z
??1QObject@@UEAA@XZ
?sender@QObject@@IEBAPEAV1@XZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
??0QElapsedTimer@@QEAA@XZ
?start@QElapsedTimer@@QEAAXXZ
?deleteLater@QObject@@QEAAXXZ
??0QTimer@@QEAA@PEAVQObject@@@Z
?setParent@QMapNodeBase@@QEAAXPEAU1@@Z
?setInterval@QTimer@@QEAAXH@Z
?start@QTimer@@QEAAXXZ
?stop@QTimer@@QEAAXXZ
?timeout@QTimer@@QEAAXUQPrivateSignal@1@@Z
?staticMetaObject@QTimer@@2UQMetaObject@@B
?setProperty@QObject@@QEAA_NPEBDAEBVQVariant@@@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@XZ
?dispose@QListData@@SAXPEAUData@1@@Z
??4QString@@QEAAAEAV0@PEBD@Z
??0QString@@QEAA@PEBD@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
?end@QListData@@QEBAPEAPEAXXZ
??YQString@@QEAAAEAV0@AEBV0@@Z
?isEmpty@QString@@QEBA_NXZ
??1QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z
?begin@QListData@@QEBAPEAPEAXXZ
?at@QListData@@QEBAPEAPEAXH@Z
?setColor@QMapNodeBase@@QEAAXW4Color@1@@Z
?color@QMapNodeBase@@QEBA?AW4Color@1@XZ
?nextNode@QMapNodeBase@@QEBAPEBU1@XZ
??1QTimer@@UEAA@XZ
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
?isEmpty@QListData@@QEBA_NXZ
?size@QListData@@QEBAHXZ
?remove@QListData@@QEAAXH@Z
?append@QListData@@QEAAPEAPEAXXZ
?dispose@QListData@@QEAAXXZ
?toBool@QVariant@@QEBA_NXZ
?detach@QListData@@QEAAPEAUData@1@H@Z
?toStdString@QString@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??M@YA_NAEBVQString@@0@Z
??8@YA_NAEBVQString@@0@Z
?number@QString@@SA?AV1@HH@Z
?indexOf@QString@@QEBAHAEBV1@HW4CaseSensitivity@Qt@@@Z
??1Connection@QMetaObject@@QEAA@XZ
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z
?allKeys@QSettings@@QEBA?AVQStringList@@XZ
?endGroup@QSettings@@QEAAXXZ
?beginGroup@QSettings@@QEAAXAEBVQString@@@Z
??1QSettings@@UEAA@XZ
?elapsed@QElapsedTimer@@QEBA_JXZ
??0QSettings@@QEAA@AEBVQString@@W4Format@0@PEAVQObject@@@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z

fcore

?alreadyRun@FApplication@@MEAAXXZ
?initAppLog@FApplication@@MEAAXXZ
?initDirInfo@FApplication@@MEAAXXZ
?runFinished@FApplication@@MEAAXXZ
?isMainApp@FApplication@@MEAA_NXZ
?needBugSplatProxy@FApplication@@MEAA_NXZ
?productName@FApplication@@UEAA?AVQString@@XZ
?productUniqueKey@FApplication@@UEAA?AVQString@@XZ
?networkProxyInfo@FIPCWebBrowserArguments@@QEBA?AUFFIPCNetworkProxyInfo@@XZ
?prepareRun@FApplication@@MEAAXXZ
?init@FApplication@@MEAAXXZ
??1FApplication@@UEAA@XZ
??0FApplication@@QEAA@AEAHPEAPEAD@Z
?initProductInfo@FApplication@@MEAAXXZ
??1FIPCWebBrowserArguments@@UEAA@XZ
?showSplashScreen@FApplication@@MEAAXXZ
?run@FApplication@@QEAAHXZ
?unInit@FApplication@@MEAAXXZ
?createEvent@FIPCEventParser@@MEAAPEAVFFIPCEvent@@G@Z
??1FFIPCWebPageTaskArguments@@UEAA@XZ
?isBackgroundTask@FFIPCWebPageTaskArguments@@QEBA_NXZ
?url@FFIPCWebPageTaskArguments@@QEBA?AVQString@@XZ
??0FFIPCWebPageTaskArguments@@QEAA@AEBVFFIPCArguments@@@Z
?preloadURLList@FIPCWebBrowserArguments@@QEBA?AVQStringList@@XZ
??0FIPCWebBrowserArguments@@QEAA@AEBVFFIPCArguments@@@Z
??1FIPCEventParser@@UEAA@XZ
??0FIPCEventParser@@QEAA@XZ
?unInitAppLog@FApplication@@MEAAXXZ

ffipc

?quit@FFIPCClient@@MEAAXXZ
?qt_metacast@FFIPCClient@@UEAAPEAXPEBD@Z
?hasProcess@FFIPCClient@@QEBA_NXZ
?qt_metacall@FFIPCClient@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@FFIPCClient@@UEBAPEBUQMetaObject@@XZ
registerEventParser
?processName@FFIPCProcessArguments@@QEBA?AVQString@@XZ
??1FFIPCArguments@@UEAA@XZ
??0FFIPCClient@@QEAA@PEAVQCoreApplication@@@Z
??1FFIPCClient@@UEAA@XZ
?baseArguments@FFIPCClient@@QEAAPEAVFFIPCProcessArguments@@XZ

ffwidgets

?qt_metacast@FFWebView@@UEAAPEAXPEBD@Z
?qt_metacall@FFWebView@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?initWebView@FFWebView@@SAXPEAVQCoreApplication@@AEBVQString@@_N@Z
?uninitWebView@FFWebView@@SAXXZ
??0FFWebView@@QEAA@AEBVQString@@PEAVQWidget@@@Z
??1FFWebView@@UEAA@XZ
?webBrowser@FFWebView@@QEBAPEAVIFFWebBrowser@@XZ
??0IFFWebBrowserObserver@@QEAA@XZ
?metaObject@FFWebView@@UEBAPEBUQMetaObject@@XZ
?onDecidePolicyForNavigationAction@IFFWebBrowserObserver@@UEAAXW4FFWebViewNavigationType@@AEBVQString@@AEAW4FFWebViewNavigationActionPolicy@@@Z
?onLoadDomReady@IFFWebBrowserObserver@@UEAAXXZ
?onLoadError@IFFWebBrowserObserver@@UEAAXAEBVQString@@@Z
?onLoadFinished@IFFWebBrowserObserver@@UEAAXAEBVQString@@@Z
?onScriptMessage@IFFWebBrowserObserver@@UEAAXAEBVQString@@0@Z
?onLoadStart@IFFWebBrowserObserver@@UEAAXXZ

ffqcefview

?setProxyInfo@QCefView@@SAXHAEBVQString@@00@Z

fffilmoracore

?getInstance@IFFAppInfo@@SAPEAV1@XZ

ffcore

?should_log_@FFBaseLogger@FFBaseLog@@AEAA_NW4LogLevel@2@@Z
?externData@FFObject@@QEBA?AV?$weak_ptr@D@std@@XZ
?defaultLogger@FFBaseLog@@YAPEAVFFBaseLogger@1@XZ
?initHighDPI@FFApplication@@SAXH@Z
?log_@FFBaseLogger@FFBaseLog@@AEAAXAEBUlog_data@2@_N@Z
?name@FFBaseLogger@FFBaseLog@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?qt_metacast@FFApplication@@UEAAPEAXPEBD@Z
?qt_metacall@FFApplication@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?metaObject@FFApplication@@UEBAPEBUQMetaObject@@XZ
?checkDir@FFDir@@SA?AVQString@@AEBV2@_N@Z
?releaseAll@FFLazySingletonManager@@QEAAXXZ
?instance@?$FFSingleton@VFFLazySingletonManager@@@@SAPEAVFFLazySingletonManager@@XZ

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetCurrentThreadId
GetCommandLineW
LocalFree
WideCharToMultiByte
InitializeSListHead

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Xtime_get_ticks

vcruntime140

__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
__C_specific_handler
__RTDynamicCast
_purecall
memset
memmove
memcpy
_CxxThrowException
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_seh_filter_dll
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
terminate
_exit
exit
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_crt_at_quick_exit
_set_app_type
_seh_filter_exe
_cexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__p__commode
_set_fmode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

shell32

CommandLineToArgvW

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8e315c7f2caa685f7b104bbd68b3806d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5gui

wsap-filmorax

fcommonview

qt5core

fcore

ffipc

ffwidgets

ffqcefview

fffilmoracore

ffcore

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

shell32

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 192KB - Virtual size: 191KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 192KB - Virtual size: 191KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB