0fb522c9697386f1f0774087cf661970N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0fb522c9697386f1f0774087cf661970N.exe
Size

373KB
MD5

0fb522c9697386f1f0774087cf661970
SHA1

a5a1d5570717271d4992766633896c189d157ba3
SHA256

e1b1e77d94bc2f6aa3c2334a6f1fd871aff2760ad6819614447ae8cb74d8e41f
SHA512

abecf6584c2accd259e3476cde1730dd1cbd6580b4b7c7b8c85a5292187ecd8d42de5c86f68b967df4dfb8c1812a98d0b97a5ad67139b9f2be91612c6c547a4b
SSDEEP

6144:1R4jNtDu8eAcOizUDcaJEPjzmRBQanLmLxWbQRsKSEprPZeMbeGW:vmu8eXCLELKRvniLo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fb522c9697386f1f0774087cf661970N.exe

Files

0fb522c9697386f1f0774087cf661970N.exe
.dll windows:4 windows x64 arch:x64

a78cd326a5e22e9d0ef70bc23d9c1054

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

qt5core

_ZN10QArrayData10deallocateEPS_yy
_ZN10QArrayData11shared_nullE
_ZN10QJsonArray10initializeEv
_ZN10QJsonArray6appendERK10QJsonValue
_ZN10QJsonArrayC1Ev
_ZN10QJsonArrayD1Ev
_ZN10QJsonValue27stringDataFromQStringHelperERK7QString
_ZN10QJsonValueC1ERK10QJsonArray
_ZN10QJsonValueC1ERK11QJsonObject
_ZN10QJsonValueC1ERK7QString
_ZN10QJsonValueC1ERKS_
_ZN10QJsonValueC1Eb
_ZN10QJsonValueC1Ed
_ZN10QJsonValueC1Ei
_ZN10QJsonValueC1Ex
_ZN10QJsonValueD1Ev
_ZN11QJsonObject10initializeEv
_ZN11QJsonObject6insertERK7QStringRK10QJsonValue
_ZN11QJsonObjectC1ERKS_
_ZN11QJsonObjectC1Ev
_ZN11QJsonObjectD1Ev
_ZN13QJsonDocument8fromJsonERK10QByteArrayP15QJsonParseError
_ZN13QJsonDocumentC1ERK11QJsonObject
_ZN13QJsonDocumentD1Ev
_ZN14QVersionNumber10fromStringERK7QStringPi
_ZN14QVersionNumber7compareERKS_S1_
_ZN7QString13toUtf8_helperERKS_
_ZN7QString14compare_helperEPK5QChariPKciN2Qt15CaseSensitivityE
_ZN7QString14toLower_helperERKS_
_ZN7QString15fromUtf8_helperEPKci
_ZN7QString16fromAscii_helperEPKci
_ZN7QString17simplified_helperERS_
_ZN7QString6appendE5QChar
_ZN7QString9fromUtf16EPKti
_ZN8QProcess14waitForStartedEi
_ZN8QProcess15waitForFinishedEi
_ZN8QProcess5startERK7QStringRK11QStringList6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN8QProcessC1EP7QObject
_ZN8QProcessD1Ev
_ZN8QSysInfo10kernelTypeEv
_ZN8QSysInfo13kernelVersionEv
_ZN8QSysInfo15machineHostNameEv
_ZN8QVariantC1ERK7QString
_ZN8QVariantC1Eb
_ZN8QVariantC1Ex
_ZN8QVariantD1Ev
_ZN9QIODevice7readAllEv
_ZN9QListData11detach_growEPii
_ZN9QListData11shared_nullE
_ZN9QListData6appendEv
_ZN9QListData6detachEi
_ZN9QListData7disposeEPNS_4DataE
_ZN9QListData7reallocEi
_ZN9QtPrivate16QStringList_joinEPK11QStringListPK5QChari
_ZNK10QJsonArray2atEi
_ZNK10QJsonArray4sizeEv
_ZNK10QJsonArray5firstEv
_ZNK10QJsonArray7isEmptyEv
_ZNK10QJsonValue5toIntEi
_ZNK10QJsonValue7toArrayEv
_ZNK10QJsonValue8toDoubleEd
_ZNK10QJsonValue8toObjectEv
_ZNK10QJsonValue8toStringEv
_ZNK11QJsonObject5valueERK7QString
_ZNK13QJsonDocument6objectEv
_ZNK13QJsonDocument6toJsonEv
_ZNK7QString3argERKS_i5QChar
_ZNK7QString3argExii5QChar
_ZNK7QString3argEyii5QChar
_ZNK7QString7indexOfERKS_iN2Qt15CaseSensitivityE
_ZNK7QString8multiArgEiPPKS_
_ZNK8QVariant10toLongLongEPb
_ZNK8QVariant5toIntEPb
_ZNK8QVariant6toBoolEv
_ZNK8QVariant8toDoubleEPb
_ZNK8QVariant8toStringEv
_ZeqRK7QStringS1_
_ZltRK7QStringS1_

advapi32

GetTokenInformation
OpenProcessToken

libgcc_s_seh-1

_Unwind_Resume

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_lock
_unlock
abort
calloc
fputc
free
fwrite
getenv
localeconv
malloc
memcpy
realloc
signal
strcpy
strerror
strlen
strncmp
vfprintf
wcslen

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

oleaut32

SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysFreeString
VariantClear
VariantInit

libstdc++-6

_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorD1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEyyPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6resizeEyw
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZdlPv
_ZdlPvy
_Znwy
__cxa_allocate_exception
__cxa_begin_catch
__cxa_call_unexpected
__cxa_end_catch
__cxa_free_exception
__cxa_pure_virtual
__cxa_rethrow
__cxa_throw
__gxx_personality_seh0

Exports

Exports

createPlugin
pluginName
pluginVersion

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 307B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 157B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a78cd326a5e22e9d0ef70bc23d9c1054

Headers

File Characteristics

Imports

qt5core

advapi32

libgcc_s_seh-1

kernel32

msvcrt

ole32

oleaut32

libstdc++-6

Exports

Exports

Sections

.text Size: 230KB - Virtual size: 230KB

.data Size: 512B - Virtual size: 208B

.rdata Size: 19KB - Virtual size: 19KB

.pdata Size: 2KB - Virtual size: 2KB

.xdata Size: 17KB - Virtual size: 17KB

.bss Size: - Virtual size: 4KB

.edata Size: 512B - Virtual size: 133B

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 192B

/4 Size: 512B - Virtual size: 80B

/19 Size: 7KB - Virtual size: 7KB

/31 Size: 512B - Virtual size: 307B

/45 Size: 1024B - Virtual size: 546B

/57 Size: 512B - Virtual size: 72B

/70 Size: 512B - Virtual size: 157B

.text
Size: 230KB - Virtual size: 230KB

.data
Size: 512B - Virtual size: 208B

.rdata
Size: 19KB - Virtual size: 19KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 17KB - Virtual size: 17KB

.bss
Size: - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 133B

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 192B

/4
Size: 512B - Virtual size: 80B

/19
Size: 7KB - Virtual size: 7KB

/31
Size: 512B - Virtual size: 307B

/45
Size: 1024B - Virtual size: 546B

/57
Size: 512B - Virtual size: 72B

/70
Size: 512B - Virtual size: 157B