1ef92364dae89a6bce50e1a01fea9cc0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1ef92364dae89a6bce50e1a01fea9cc0N.exe
Size

443KB
MD5

1ef92364dae89a6bce50e1a01fea9cc0
SHA1

5399d96c635e980d35cdb8248e9fc6819773470c
SHA256

dcb9b5969e73729d4648239436e948041f40128f9100467c6e13af9057f7f7a0
SHA512

22a04723a0d9675f45750933a0487699046e133bad74e7e67df43d34276ce14cfb84a938765f000f28b85a45e4f53f6305bc4a134982ea7854b163a96c9d7c6f
SSDEEP

12288:JI1YZvN9ZjvBSD0OcZyzAB8KwRPVPuEnpa:JICZVbgD0OcZgwwRPVPuMa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ef92364dae89a6bce50e1a01fea9cc0N.exe

Files

1ef92364dae89a6bce50e1a01fea9cc0N.exe
.dll windows:4 windows x64 arch:x64

53ee55d26e9bbd7e3d7b1075029e7e06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

qt5core

_Z5qHashRK7QStringj
_Z9qBadAllocv
_ZN10QArrayData10deallocateEPS_yy
_ZN10QArrayData11shared_nullE
_ZN10QArrayData8allocateEyyy6QFlagsINS_16AllocationOptionEE
_ZN10QByteArray11reallocDataEj6QFlagsIN10QArrayData16AllocationOptionEE
_ZN10QByteArray6appendEc
_ZN10QJsonArray6appendERK10QJsonValue
_ZN10QJsonArray7detach2Ej
_ZN10QJsonArrayC1Ev
_ZN10QJsonArrayD1Ev
_ZN10QJsonValue27stringDataFromQStringHelperERK7QString
_ZN10QJsonValueC1ERK10QJsonArray
_ZN10QJsonValueC1ERK11QJsonObject
_ZN10QJsonValueC1ERK7QString
_ZN10QJsonValueC1ERKS_
_ZN10QJsonValueC1Eb
_ZN10QJsonValueC1Ed
_ZN10QJsonValueC1Ei
_ZN10QJsonValueC1Ex
_ZN10QJsonValueD1Ev
_ZN11QFileDevice5closeEv
_ZN11QJsonObject10initializeEv
_ZN11QJsonObject6insertERK7QStringRK10QJsonValue
_ZN11QJsonObjectC1ERKS_
_ZN11QJsonObjectC1Ev
_ZN11QJsonObjectD1Ev
_ZN11QTextStream8readLineEx
_ZN11QTextStreamC1ERK10QByteArray6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN11QTextStreamD1Ev
_ZN11QTextStreamlsERK7QString
_ZN11QTextStreamlsEc
_ZN12QMapDataBase11shared_nullE
_ZN12QMapDataBase8freeDataEPS_
_ZN12QMapDataBase8freeTreeEP12QMapNodeBasei
_ZN13QJsonDocument8fromJsonERK10QByteArrayP15QJsonParseError
_ZN13QJsonDocumentC1ERK10QJsonArray
_ZN13QJsonDocumentD1Ev
_ZN14QVersionNumber10fromStringERK7QStringPi
_ZN14QVersionNumber7compareERKS_S1_
_ZN18QRegularExpressionC1ERK7QString6QFlagsINS_13PatternOptionEE
_ZN18QRegularExpressionD1Ev
_ZN23QRegularExpressionMatchD1Ev
_ZN5QFile4openE6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN5QFileC1ERK7QString
_ZN5QFileD1Ev
_ZN6QDebugD1Ev
_ZN7QString13toUtf8_helperERKS_
_ZN7QString14compare_helperEPK5QChariPKciN2Qt15CaseSensitivityE
_ZN7QString14toLower_helperERKS_
_ZN7QString15fromUtf8_helperEPKci
_ZN7QString16fromAscii_helperEPKci
_ZN7QString17simplified_helperERKS_
_ZN7QString18toLocal8Bit_helperEPK5QChari
_ZN7QString6appendE5QChar
_ZN7QString6appendERKS_
_ZN7QString6numberEii
_ZN7QString7replaceERKS_S1_N2Qt15CaseSensitivityE
_ZN7QString9fromUtf16EPKti
_ZN7QStringaSERKS_
_ZN8QSysInfo10kernelTypeEv
_ZN8QSysInfo13kernelVersionEv
_ZN8QSysInfo20buildCpuArchitectureEv
_ZN8QVariantC1ERK7QString
_ZN8QVariantC1Eb
_ZN8QVariantC1Ex
_ZN8QVariantD1Ev
_ZN9QHashData11free_helperEPFvPNS_4NodeEE
_ZN9QHashData11shared_nullE
_ZN9QHashData12allocateNodeEi
_ZN9QHashData13detach_helperEPFvPNS_4NodeEPvEPFvS1_Eii
_ZN9QHashData6rehashEi
_ZN9QHashData8nextNodeEPNS_4NodeE
_ZN9QIODevice7readAllEv
_ZN9QListData11detach_growEPii
_ZN9QListData11shared_nullE
_ZN9QListData6appendEv
_ZN9QListData6detachEi
_ZN9QListData7disposeEPNS_4DataE
_ZN9QSettingsC1ERK7QStringNS_6FormatEP7QObject
_ZN9QSettingsD1Ev
_ZN9QtPrivate16QStringList_joinEPK11QStringListPK5QChari
_ZNK10QByteArray5toHexEc
_ZNK10QJsonArray2atEi
_ZNK10QJsonArray4sizeEv
_ZNK10QJsonValue5toIntEi
_ZNK10QJsonValue8toDoubleEd
_ZNK10QJsonValue8toObjectEv
_ZNK10QJsonValue8toStringEv
_ZNK11QJsonObject4sizeEv
_ZNK11QJsonObject5keyAtEi
_ZNK11QJsonObject5valueERK7QString
_ZNK11QJsonObject7valueAtEi
_ZNK11QJsonObject8containsERK7QString
_ZNK11QTextStream5atEndEv
_ZNK13QJsonDocument6objectEv
_ZNK13QJsonDocument6toJsonEv
_ZNK13QJsonValueRef7toValueEv
_ZNK14QMessageLogger5debugEv
_ZNK18QRegularExpression5matchERK7QStringiNS_9MatchTypeE6QFlagsINS_11MatchOptionEE
_ZNK23QRegularExpressionMatch8hasMatchEv
_ZNK7QString10startsWithERKS_N2Qt15CaseSensitivityE
_ZNK7QString3argERKS_i5QChar
_ZNK7QString3argExii5QChar
_ZNK7QString3argEyii5QChar
_ZNK7QString5splitE5QCharNS_13SplitBehaviorEN2Qt15CaseSensitivityE
_ZNK7QString5splitERKS_NS_13SplitBehaviorEN2Qt15CaseSensitivityE
_ZNK7QString8multiArgEiPPKS_
_ZNK8QVariant10toLongLongEPb
_ZNK8QVariant11toJsonArrayEv
_ZNK8QVariant5toIntEPb
_ZNK8QVariant6toBoolEv
_ZNK8QVariant8toDoubleEPb
_ZNK8QVariant8toStringEv
_ZNK9QSettings11childGroupsEv
_ZNK9QSettings5valueERK7QStringRK8QVariant
_ZeqRK7QStringS1_
_ZltRK7QStringS1_

qt5network

_ZN12QHostAddressC1ERK7QString
_ZN12QHostAddressD1Ev
_ZN17QNetworkInterface12allAddressesEv
_ZN17QNetworkInterface13allInterfacesEv
_ZN17QNetworkInterfaceC1ERKS_
_ZN17QNetworkInterfaceD1Ev
_ZN20QNetworkAddressEntryD1Ev
_ZN9QHostInfo8fromNameERK7QString
_ZN9QHostInfoD1Ev
_ZNK12QHostAddress8protocolEv
_ZNK12QHostAddress8toStringEv
_ZNK17QNetworkInterface14addressEntriesEv
_ZNK17QNetworkInterface15hardwareAddressEv
_ZNK17QNetworkInterface17humanReadableNameEv
_ZNK17QNetworkInterface4nameEv
_ZNK17QNetworkInterface4typeEv
_ZNK20QNetworkAddressEntry12prefixLengthEv
_ZNK20QNetworkAddressEntry2ipEv
_ZNK9QHostInfo8hostNameEv

advapi32

AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
OpenProcessToken

libgcc_s_seh-1

_Unwind_Resume

iphlpapi

SendARP

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
__setusermatherr
_amsg_exit
_errno
_initterm
_lock
_unlock
abort
calloc
fprintf
fputc
free
fwrite
getenv
localeconv
malloc
memcpy
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

oleaut32

SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysFreeString
VariantClear
VariantInit

user32

EnumDisplayMonitors
EnumDisplaySettingsExW
GetMonitorInfoW

ws2_32

inet_addr

libstdc++-6

_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorD1Ev
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEyyPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6resizeEyw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_createERyy
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZTTNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZdlPv
_ZdlPvy
_Znwy
__cxa_allocate_exception
__cxa_begin_catch
__cxa_call_unexpected
__cxa_end_catch
__cxa_free_exception
__cxa_pure_virtual
__cxa_rethrow
__cxa_throw
__gxx_personality_seh0

Exports

Exports

createPlugin
minAgentVersion
pluginName
pluginVersion

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 307B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 157B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53ee55d26e9bbd7e3d7b1075029e7e06

Headers

File Characteristics

Imports

qt5core

qt5network

advapi32

libgcc_s_seh-1

iphlpapi

kernel32

msvcrt

ole32

oleaut32

user32

ws2_32

libstdc++-6

Exports

Exports

Sections

.text Size: 269KB - Virtual size: 269KB

.data Size: 512B - Virtual size: 208B

.rdata Size: 18KB - Virtual size: 18KB

.pdata Size: 3KB - Virtual size: 2KB

.xdata Size: 20KB - Virtual size: 19KB

.bss Size: - Virtual size: 4KB

.edata Size: 512B - Virtual size: 151B

.idata Size: 13KB - Virtual size: 13KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 172B

/4 Size: 512B - Virtual size: 80B

/19 Size: 7KB - Virtual size: 7KB

/31 Size: 512B - Virtual size: 307B

/45 Size: 1024B - Virtual size: 546B

/57 Size: 512B - Virtual size: 72B

/70 Size: 512B - Virtual size: 157B

.text
Size: 269KB - Virtual size: 269KB

.data
Size: 512B - Virtual size: 208B

.rdata
Size: 18KB - Virtual size: 18KB

.pdata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 20KB - Virtual size: 19KB

.bss
Size: - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 151B

.idata
Size: 13KB - Virtual size: 13KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 172B

/4
Size: 512B - Virtual size: 80B

/19
Size: 7KB - Virtual size: 7KB

/31
Size: 512B - Virtual size: 307B

/45
Size: 1024B - Virtual size: 546B

/57
Size: 512B - Virtual size: 72B

/70
Size: 512B - Virtual size: 157B