312048d10438d1948c39e45deb4489cd3c81850d0cdee0096bf64711fd344ae4

Sharing

Copy URL Twitter E-mail

General

Target

312048d10438d1948c39e45deb4489cd3c81850d0cdee0096bf64711fd344ae4
Size

2.7MB
MD5

8118ab89d67c8eda4e56a7ada2cf319c
SHA1

06a5768ca1ee35f8d46e8e4e7e8a401ac81e97bc
SHA256

312048d10438d1948c39e45deb4489cd3c81850d0cdee0096bf64711fd344ae4
SHA512

0c6c0d95ed749bf72869d118aaae160716795ee82edf4c4681d119164ef13d4937a9b5ecd8e77c81a5278630ca76c0b42090d89167eb0a0c71d13052559cb337
SSDEEP

24576:Vd+KpPsGSyOdKE2oRzkXprzWT3TrU/mTIPGtBL2UnRuIm1c7sCRBVWZ8/IX3cl8J:z7o1kXdzErU8IwVZS9Z2yEtaTPR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
312048d10438d1948c39e45deb4489cd3c81850d0cdee0096bf64711fd344ae4

Files

312048d10438d1948c39e45deb4489cd3c81850d0cdee0096bf64711fd344ae4
.dll windows:6 windows x86 arch:x86

7ab8f36b579089fe7e349a83094b533d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\WorkSpace\crashsight-tqm-client\clientX64\TQM_Release\spy\GbSpy.pdb

Imports

iphlpapi

GetAdaptersInfo

shell32

SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListA
CommandLineToArgvW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

PathFileExistsA

dbghelp

MiniDumpWriteDump

kernel32

GetFileSize
GetTickCount
SetUnhandledExceptionFilter
TryEnterCriticalSection
Process32First
EnterCriticalSection
GetCommandLineW
Module32Next
LeaveCriticalSection
InitializeCriticalSection
Module32First
DuplicateHandle
OpenProcess
Process32Next
CreateProcessW
CreateEventA
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetCurrentDirectoryW
OutputDebugStringA
lstrlenA
SystemTimeToFileTime
GetSystemTime
DebugBreak
GetFileTime
CreateDirectoryA
OpenEventA
MoveFileA
FindFirstFileA
SetFileTime
FindNextFileA
FindClose
SetEvent
WideCharToMultiByte
GetSystemTimeAsFileTime
K32GetProcessImageFileNameA
GetTempPathA
CopyFileA
LocalFree
GetExitCodeProcess
GetVersionExA
GetSystemInfo
CreateFileMappingW
LoadLibraryW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
AddVectoredExceptionHandler
DeleteFiber
CreateFiber
GetModuleHandleExW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
TerminateProcess
FreeLibrary
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
VirtualProtect
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
SwitchToThread
GetThreadContext
SetThreadContext
RtlMoveMemory
VirtualAlloc
VirtualFree
VirtualQuery
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
CreateThread
GetCurrentThread
LoadLibraryA
Sleep
WaitForSingleObject
RemoveVectoredExceptionHandler
ReadFile
CreateDirectoryW
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
OpenThread
FormatMessageA
CloseHandle
DeleteFileW
DeleteFileA
CreateFileA
MultiByteToWideChar
CreateToolhelp32Snapshot
GetModuleHandleA
ResumeThread
SuspendThread
GetCurrentThreadId
CreateFileW
Thread32First
Thread32Next
GetModuleFileNameW
GetCurrentProcess
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
GetModuleFileNameA
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetProcAddress
SwitchToFiber
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
UnregisterWaitEx
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes

user32

DrawIcon
GetCursorInfo
CopyRect
GetWindowTextA
LoadStringA
GetMonitorInfoA
IntersectRect
PtInRect
GetCursorPos
GetIconInfo
EnumWindows
GetWindowThreadProcessId
CharNextA
GetSystemMetrics
GetWindowRect
GetProcessWindowStation
IsWindowVisible
EnumDisplayMonitors
GetUserObjectInformationW
MessageBoxW
GetWindowLongA

gdi32

CreateDCA
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
DeleteObject
DeleteDC
GetDIBits

advapi32

RegQueryInfoKeyA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumKeyA
RegCloseKey
RegOpenKeyA

ole32

CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
CoInitializeEx

oleaut32

SysAllocString
VariantClear
SysFreeString

ws2_32

setsockopt
getnameinfo
ioctlsocket
freeaddrinfo
WSAGetLastError
WSAStartup
htons
htonl
WSACleanup
getsockopt
recv
connect
ntohs
socket
send
getpeername
WSASetLastError
inet_addr
getaddrinfo
inet_pton
WSASocketW
shutdown
__WSAFDIsSet
closesocket
select

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext

urlmon

URLDownloadToCacheFileA

bcrypt

BCryptGenRandom

vcruntime140

__AdjustPointer
__CxxFrameHandler3
__std_terminate
strstr
strchr
strrchr
__std_exception_destroy
__std_exception_copy
_purecall
_get_purecall_handler
_set_purecall_handler
wcsrchr
memcpy
memset
memmove
memchr
wcsstr
_local_unwind4
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list
__uncaught_exception
memcmp
longjmp
__processing_throw
__current_exception
__CxxLongjmpUnwind
__RTDynamicCast
_setjmp3

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
calloc
free
malloc

api-ms-win-crt-stdio-l1-1-0

_lseeki64
_ftelli64
_write
_close
_wfsopen
_fsopen
fclose
__stdio_common_vsprintf_s
fgets
_getcwd
__stdio_common_vswprintf_s
fputc
__acrt_iob_func
fflush
fgetc
fwrite
__stdio_common_vsprintf
fgetpos
setvbuf
ungetc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
_wfopen
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
tmpfile
ftell
fseek
feof
__stdio_common_vsscanf
fputs
rewind
__stdio_common_vswprintf
_setmode
fopen_s
_wopen
ferror
_fileno
fopen

api-ms-win-crt-string-l1-1-0

tolower
isupper
wcscat_s
strspn
strcmp
strncpy
isdigit
strncpy_s
strncmp
_strnicmp
_strupr_s
strncat
_wcsdup
toupper
strcpy_s
islower
strtok_s
isalpha
wcsncpy
_strdup
strcspn
_stricmp
isxdigit
wcscpy_s
strnlen
strtok
strcat_s
isspace
__strncnt

api-ms-win-crt-filesystem-l1-1-0

_findfirst64i32
_lock_file
_unlock_file
_wstat64i32
_findclose
_findnext64i32
_stat64i32
_mkdir
_access

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
asctime_s
_localtime64_s
_gmtime64_s
_time64

api-ms-win-crt-runtime-l1-1-0

strerror
exit
strerror_s
_invalid_parameter_noinfo_noreturn
signal
_beginthreadex
abort
_wassert
_get_invalid_parameter_handler
terminate
_set_invalid_parameter_handler
raise
_errno
_exit
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

strtod
_wtoi64_l
atol
mbstowcs
wcstombs
strtol
atoi
strtoul
atof

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
localeconv
__pctype_func
___lc_collate_cp_func
_unlock_locales
setlocale
___lc_locale_name_func
_lock_locales

api-ms-win-crt-math-l1-1-0

_CIexp
frexp
_except1
_CIsqrt

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr
_ismbcdigit

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

Finalize
GbCollectorCheckFirstGameExist
GbCollectorCheckGameExist
GbCollectorCheckGameExistTime
GbCollectorGetListCount
GbCollectorGetListIndex
GbCollectorGetMSG
GbCollectorGetQQUid
GbCollectorInit
GbCollectorIsDeleteDump
GbCollectorListRemove
GbCollectorLog
GbCollectorSetDeleteDump
GbCollectorSetProcess
GbCollectorSetQQListIndex
GbCollectorTerm
GbCollectorTermSimple
PrintLog
SetCrashCallback
SetExtraHandler
SetInitializedCallback
SetSteamID
SetTQMConfig
SetUserId
SetUserValue
SetVehEnable
UploadGivenPathDump
reportException

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 533KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 22.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ab8f36b579089fe7e349a83094b533d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

shell32

version

shlwapi

dbghelp

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

crypt32

urlmon

bcrypt

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 533KB - Virtual size: 532KB

.data Size: 100KB - Virtual size: 22.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 86KB - Virtual size: 85KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 533KB - Virtual size: 532KB

.data
Size: 100KB - Virtual size: 22.6MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 86KB - Virtual size: 85KB