677ab94935bf0023e8a71238c6ac629b72dd690f003c4282a0199e553727f646

Sharing

Copy URL Twitter E-mail

General

Target

677ab94935bf0023e8a71238c6ac629b72dd690f003c4282a0199e553727f646
Size

661KB
MD5

7ee60b6eda95e38b5409d70a1683d84e
SHA1

ee72d5d7a5f9e081971b4e512bb673a109e4af2e
SHA256

677ab94935bf0023e8a71238c6ac629b72dd690f003c4282a0199e553727f646
SHA512

4cedad759b615c23096f95b3508acad6cc38ef655a4e2f0924536e0998b00f1f4160193fa2afcd0ed565a601bd27fc7c215de680d1c690d7b97e10451934397e
SSDEEP

12288:ibitv29RmvpyR+nuhgnfsc5IJJ13z0hJswkCkdcDnIVLGU6L8Yjl:ibit+9pK03j0RkdcMLI8Yjl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
677ab94935bf0023e8a71238c6ac629b72dd690f003c4282a0199e553727f646

Files

677ab94935bf0023e8a71238c6ac629b72dd690f003c4282a0199e553727f646
.dll windows:4 windows x64 arch:x64

c11ccd16a1dcff9be7e6b8d843a4d5af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libcrypto-1_1-x64

DES_key_sched
DES_ncbc_encrypt
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_new
EVP_DecryptFinal_ex
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DigestFinal
EVP_DigestInit
EVP_DigestUpdate
EVP_EncryptFinal_ex
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_MD_CTX_free
EVP_MD_CTX_new
EVP_aes_128_cfb128
EVP_aes_192_cfb128
EVP_aes_256_cfb128
EVP_md5
EVP_sha1
EVP_sha224
EVP_sha256
EVP_sha384
EVP_sha512

qt5core

_Z9qBadAllocv
_ZN10QArrayData10deallocateEPS_yy
_ZN10QArrayData11shared_nullE
_ZN10QArrayData8allocateEyyy6QFlagsINS_16AllocationOptionEE
_ZN10QByteArray11reallocDataEj6QFlagsIN10QArrayData16AllocationOptionEE
_ZN10QJsonArray6appendERK10QJsonValue
_ZN10QJsonArrayC1Ev
_ZN10QJsonArrayD1Ev
_ZN10QJsonValue27stringDataFromQStringHelperERK7QString
_ZN10QJsonValueC1ERK11QJsonObject
_ZN10QJsonValueC1ERK7QString
_ZN10QJsonValueC1ERKS_
_ZN10QJsonValueD1Ev
_ZN11QJsonObject10initializeEv
_ZN11QJsonObject6insertERK7QStringRK10QJsonValue
_ZN11QJsonObjectD1Ev
_ZN13QJsonDocument8fromJsonERK10QByteArrayP15QJsonParseError
_ZN13QJsonDocumentC1ERK10QJsonArray
_ZN13QJsonDocumentD1Ev
_ZN7QString13toUtf8_helperERKS_
_ZN7QString14compare_helperEPK5QChariPKciN2Qt15CaseSensitivityE
_ZN7QString15fromUtf8_helperEPKci
_ZN7QString15toLatin1_helperERKS_
_ZN7QString16fromAscii_helperEPKci
_ZN7QString18toLocal8Bit_helperEPK5QChari
_ZN7QStringaSERKS_
_ZNK10QJsonArray2atEi
_ZNK10QJsonArray4sizeEv
_ZNK10QJsonArray7isEmptyEv
_ZNK10QJsonValue4typeEv
_ZNK10QJsonValue5toIntEi
_ZNK10QJsonValue7toArrayEv
_ZNK10QJsonValue8toObjectEv
_ZNK10QJsonValue8toStringEv
_ZNK11QJsonObject5valueERK7QString
_ZNK11QJsonObject7isEmptyEv
_ZNK11QJsonObject8containsERK7QString
_ZNK11QJsonObjectixERK7QString
_ZNK13QJsonDocument6objectEv
_ZNK13QJsonDocument6toJsonEv
_ZNK7QString3argERKS_i5QChar
_ZNK7QString3argExii5QChar

libgcc_s_seh-1

_Unwind_Resume

kernel32

CloseHandle
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_ftime
_initterm
_localtime64
_lock
_time64
_unlink
_unlock
abort
atoi
atol
calloc
fclose
fgets
fopen
fputc
fputs
free
fwrite
getenv
isprint
isxdigit
localeconv
malloc
memcmp
memcpy
memset
raise
rand
realloc
rename
signal
srand
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
tolower
vfprintf
wcslen

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
gethostbyaddr
gethostbyname
gethostname
htonl
htons
inet_addr
inet_ntoa
inet_ntop
inet_pton
ntohl
ntohs
recvfrom
select
sendto
setsockopt
socket

libstdc++-6

_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorD1Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEyyPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERyy
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZdaPv
_ZdlPv
_ZdlPvy
_Znay
_Znwy
__cxa_allocate_exception
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_pure_virtual
__cxa_rethrow
__cxa_throw
__cxa_throw_bad_array_new_length
__gxx_personality_seh0

Exports

Exports

createPlugin
pluginName
pluginVersion

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 307B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 157B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c11ccd16a1dcff9be7e6b8d843a4d5af

Headers

File Characteristics

Imports

libcrypto-1_1-x64

qt5core

libgcc_s_seh-1

kernel32

msvcrt

ws2_32

libstdc++-6

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 368KB

.data Size: 1024B - Virtual size: 848B

.rdata Size: 31KB - Virtual size: 31KB

.pdata Size: 11KB - Virtual size: 11KB

.xdata Size: 19KB - Virtual size: 19KB

.bss Size: - Virtual size: 6KB

.edata Size: 512B - Virtual size: 130B

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 80B

/19 Size: 7KB - Virtual size: 7KB

/31 Size: 512B - Virtual size: 307B

/45 Size: 1024B - Virtual size: 546B

/57 Size: 512B - Virtual size: 72B

/70 Size: 512B - Virtual size: 157B

.text
Size: 368KB - Virtual size: 368KB

.data
Size: 1024B - Virtual size: 848B

.rdata
Size: 31KB - Virtual size: 31KB

.pdata
Size: 11KB - Virtual size: 11KB

.xdata
Size: 19KB - Virtual size: 19KB

.bss
Size: - Virtual size: 6KB

.edata
Size: 512B - Virtual size: 130B

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 80B

/19
Size: 7KB - Virtual size: 7KB

/31
Size: 512B - Virtual size: 307B

/45
Size: 1024B - Virtual size: 546B

/57
Size: 512B - Virtual size: 72B

/70
Size: 512B - Virtual size: 157B