QHAccount[.]exe

Resubmissions

24/02/2025, 18:33

250224-w68zdaxpv9 10

29/10/2024, 18:04

241029-wn4a6sxfjg 10

02/08/2024, 05:04

240802-fqpmssxdpl 9

Sharing

Copy URL Twitter E-mail

General

Target

QHAccount.exe
Size

2.1MB
MD5

57ebf50902949e13220b379c136db8a7
SHA1

75d55564986c8fb2d24c2f467e9c0cd2196a2055
SHA256

2adcf43d221de2f72ba5088dac3a3193219412882df711d095f04e3f5b40767c
SHA512

77d90317289a247c1bda59e378b9073cf2c1a8d30763bd68c33b8a256f1dc2edb1f380dafd1572a2f762a4400f15d52c9375d4314c07faa3f78ee7011508de33
SSDEEP

49152:6VkETZV9OLiWLunGxHqsEbtNPDLzA7YzminZ:VETAi4EgHqsEpFL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
QHAccount.exe

Files

QHAccount.exe
.exe windows:5 windows x86 arch:x86

884bd03276a9e26e41e62bc147adeb49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\603413\out\Release\QHAccount.pdb

Imports

psapi

GetModuleFileNameExW

ws2_32

ntohl
inet_ntoa
ntohs
htons
htonl

kernel32

SetFilePointer
FlushFileBuffers
SetEndOfFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
OpenMutexW
TerminateProcess
GetTickCount
LocalAlloc
CreateProcessW
GetModuleHandleA
CreateEventA
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
FlushInstructionCache
RaiseException
InterlockedIncrement
GetTempPathW
GetTempFileNameW
CompareFileTime
CompareStringW
ReleaseSemaphore
CreateSemaphoreW
MulDiv
CopyFileW
lstrcpyW
FreeConsole
GlobalFree
GetTimeZoneInformation
SetCurrentDirectoryW
OutputDebugStringW
GetFileAttributesExA
SetFileAttributesA
DeleteFileA
GlobalAlloc
GlobalLock
GlobalUnlock
GetCommandLineW
GetComputerNameExW
SetErrorMode
lstrcmpW
lstrlenA
lstrcmpiA
lstrcmpA
CreateWaitableTimerA
WriteFile
OpenEventA
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemWindowsDirectoryW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
FreeResource
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitProcess
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
GetFileAttributesExW
lstrcmpiW
SetWaitableTimer
GetCurrentThreadId
HeapFree
CloseHandle
FreeLibrary
SystemTimeToFileTime
FindClose
InterlockedExchange
CreateEventW
GetVersionExW
GetProcAddress
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WaitForSingleObject
WaitForMultipleObjects
GetVersion
GetLastError
LocalFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
InterlockedCompareExchange
LoadLibraryW
ReadFile
GetFileSize
GetModuleFileNameW
GetPrivateProfileStringW
CreateThread
ResetEvent
ReadDirectoryChangesW
CreateFileW
GetShortPathNameW
OpenProcess
GetProcessHeap
HeapAlloc
WideCharToMultiByte
GetCurrentProcess
lstrlenW
SetLastError
ProcessIdToSessionId
LoadLibraryA
GetUserDefaultUILanguage
LoadLibraryExW
MultiByteToWideChar
ReleaseMutex
CreateMutexW
GetCurrentProcessId
DeviceIoControl
MoveFileExW
GetFileAttributesW
GetStartupInfoA
DeleteFileW
GetDiskFreeSpaceExW
GetConsoleCP
GetSystemDirectoryW
InterlockedDecrement
FindNextFileW
FindFirstFileW
ResumeThread
SetEvent
InitializeCriticalSectionAndSpinCount

user32

CloseClipboard
EmptyClipboard
OpenClipboard
PostThreadMessageW
SetClassLongW
GetClassLongW
ReleaseCapture
SetCapture
EndPaint
BeginPaint
GetWindowDC
SetScrollInfo
GetScrollInfo
SetScrollPos
GetKeyState
GetDlgCtrlID
SetCursor
GetClipboardData
LoadImageW
PostQuitMessage
BringWindowToTop
SwitchToThisWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SetTimer
KillTimer
IsWindowVisible
GetWindowThreadProcessId
GetSystemMetrics
LoadStringW
PostMessageW
IsWindow
UnregisterClassA
CreatePopupMenu
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CharNextW
PeekMessageW
DestroyAcceleratorTable
InvalidateRgn
FillRect
CreateAcceleratorTableW
RedrawWindow
GetSysColor
GetClassNameW
IsChild
SetClipboardData
HideCaret
GetWindowTextW
GetWindowTextLengthW
DestroyWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetRectEmpty
IsRectEmpty
FindWindowW
SendMessageTimeoutW
GetWindowPlacement
ShowWindow
EnableWindow
GetParent
SendMessageW
SetWindowPos
SetFocus
IsWindowEnabled
RegisterWindowMessageW
GetDC
ReleaseDC
GetFocus
CopyRect
OffsetRect
ClientToScreen
GetMessagePos
PtInRect
ScreenToClient
IntersectRect
SetForegroundWindow
GetWindowRect
MoveWindow
UpdateLayeredWindow
FindWindowExW
MonitorFromPoint
GetMonitorInfoW
AllowSetForegroundWindow
GetForegroundWindow
AttachThreadInput
SetActiveWindow
GetKeyboardState
keybd_event
GetDesktopWindow
MonitorFromRect
InvalidateRect
UpdateWindow
MessageBoxW
GetActiveWindow
GetClientRect
IsDialogMessageW
MapWindowPoints
MonitorFromWindow
GetWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgItem
SetWindowTextW
DrawTextW
SetRect
InflateRect

gdi32

SetBkColor
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
GetObjectA
SetTextColor
GetObjectW
CreateRectRgnIndirect
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps
CreateFontW
GetPixel
CreateCompatibleBitmap
SetViewportOrgEx
BitBlt
CreateDIBSection
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

ConvertSidToStringSidW
GetSidSubAuthority
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
GetTokenInformation
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
CryptGenRandom
RegCreateKeyA

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ord680
ord165
SHGetFolderPathW

ole32

CoTaskMemRealloc
CreateStreamOnHGlobal
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc

oleaut32

VariantClear
SysFreeString
SysAllocString
DispCallFunc
SafeArrayGetVartype
SafeArrayCopy
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
VarBstrCmp
SysStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
VariantInit

shlwapi

SHGetValueA
SHDeleteValueA
SHSetValueA
ord437
PathStripPathW
PathCompactPathW
PathFileExistsA
PathCombineA
ColorRGBToHLS
ColorHLSToRGB
StrStrIA
PathAppendW
SHGetValueW
wnsprintfW
PathRemoveFileSpecW
StrStrIW
PathFileExistsW
PathCombineW
StrCmpIW
PathFindFileNameW
PathFindExtensionW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipAddPathLine2
GdipGetPathWorldBoundsI
GdipAddPathPie
GdipAddPathLine
GdipAddPathArc
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetPathGradientCenterPoint
GdipCreateBitmapFromStream
GdipDrawImagePointRectI
GdipCreateFromHWND
GdipGetFontHeight
GdipResetWorldTransform
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipSetPathGradientGammaCorrection
GdipSetInterpolationMode
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipDrawImageRectRectI
GdipResetClip
GdipSetClipRectI
GdipSetTextRenderingHint
GdipCreateFont
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDrawLine
GdipSetLinePresetBlend
GdipCreatePen2
GdipDrawRectangleI
GdipCreateLineBrushFromRect
GdipAddPathRectangleI
GdipGetPixelOffsetMode
GdipDrawEllipseI
GdipSetPenDashOffset
GdipAddPathLineI
GdipSetPixelOffsetMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDrawPath
GdipFillPath
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDeletePath
GdipCreatePath
GdipFillRectangleI
GdipCreateLineBrushFromRectI
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipDrawString
GdipMeasureString
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangle
GdipDrawLineI
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCloneImage
GdipDisposeImage
GdipFillRectangle
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathEllipseI
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipDeleteFontFamily
GdipSetPenWidth

wininet

HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetGetConnectedState
InternetCrackUrlA
DeleteUrlCacheEntryW
InternetSetOptionW
InternetOpenW
InternetReadFile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

GetUserProfileDirectoryW

dnsapi

DnsQuery_A
DnsFree

imm32

ImmDisableIME

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

884bd03276a9e26e41e62bc147adeb49

Headers

File Characteristics

PDB Paths

Imports

psapi

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

version

userenv

dnsapi

imm32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 280KB - Virtual size: 280KB

.data Size: 38KB - Virtual size: 63KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 215KB - Virtual size: 215KB

.reloc Size: 95KB - Virtual size: 94KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 280KB - Virtual size: 280KB

.data
Size: 38KB - Virtual size: 63KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 215KB - Virtual size: 215KB

.reloc
Size: 95KB - Virtual size: 94KB