1a3bb6093a1d9c0b3a29dad07856e8a8646d89587656e90f333771fe4d99290c

Sharing

Copy URL Twitter E-mail

General

Target

1a3bb6093a1d9c0b3a29dad07856e8a8646d89587656e90f333771fe4d99290c
Size

650KB
MD5

5ba68f8c7099a47a36888fb9a32f9db8
SHA1

f71f6b34a218486c080665b5df85dd46b0f4d5a5
SHA256

1a3bb6093a1d9c0b3a29dad07856e8a8646d89587656e90f333771fe4d99290c
SHA512

dffa302d15a57712d923dae73656308332f81fc37aa0fd692c1e510ef7fa96edf6428f78bf67c5fa6e3926d1faf4dede0ada8910f5726d6cf1363ce80a3c030e
SSDEEP

12288:Rz89e7TVkw7xkkPlUOy7ufbQiHvxb4OJbJIcHaqMCz:Rx7xk4lnJbJ6qMCz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a3bb6093a1d9c0b3a29dad07856e8a8646d89587656e90f333771fe4d99290c

Files

1a3bb6093a1d9c0b3a29dad07856e8a8646d89587656e90f333771fe4d99290c
.exe windows:6 windows x86 arch:x86

ec1891168cf61357486ac27cad618e2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-10989746-1\Basic\Output\BinFinal\bugreport.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbghelp

SymCleanup
SymLoadModule
SymFunctionTableAccess
SymInitialize
SymGetModuleInfoW
SymSetOptions
SymGetModuleInfo
StackWalk

wininet

HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetReadFile
HttpSendRequestA

psapi

GetModuleFileNameExA
EnumDeviceDrivers
GetModuleBaseNameW
EnumProcesses
GetDeviceDriverBaseNameW
GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcessModules
GetDeviceDriverFileNameW

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create

shlwapi

PathAppendW
StrStrIW
PathFileExistsA
StrStrIA
StrStrW
SHGetValueW
PathIsDirectoryW
StrChrW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW

ws2_32

htons
htonl

kernel32

SetFilePointer
CreateDirectoryW
SizeofResource
FindFirstFileW
WriteProcessMemory
HeapFree
SetLastError
FindNextFileW
GetCurrentProcess
GetTempPathW
InitializeCriticalSectionEx
FindClose
HeapSize
MultiByteToWideChar
Sleep
CreateFileA
FileTimeToSystemTime
LockResource
DeleteFileW
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
FileTimeToLocalFileTime
HeapDestroy
GetProcAddress
DeleteCriticalSection
ReadProcessMemory
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
GetTickCount
GetFileTime
OpenThread
VirtualQueryEx
GetCommandLineW
WriteFile
TerminateProcess
GetVersionExW
OpenProcess
SetEvent
SetCurrentDirectoryW
CreateProcessW
CopyFileW
SetDllDirectoryW
IsDebuggerPresent
SetUnhandledExceptionFilter
WaitForSingleObject
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
CreateEventW
ResetEvent
EnterCriticalSection
VirtualFree
LeaveCriticalSection
OutputDebugStringW
GetCurrentProcessId
SetThreadPriority
GetThreadPriority
UnhandledExceptionFilter
lstrcpynW
CloseHandle
GetCurrentThreadId
VirtualQuery
FreeLibrary
GetFileAttributesW
GetLocalTime
GetSystemDefaultUILanguage
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrlenW
LoadLibraryW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
LocalFree
SwitchToThread
UnmapViewOfFile
CreateFileMappingW
ProcessIdToSessionId
QueryPerformanceCounter
MapViewOfFileEx
InitializeCriticalSection
GetTickCount64
GetSystemDefaultLangID
GetNativeSystemInfo
GetSystemPowerStatus
LoadLibraryA
lstrcmpiW
GetPrivateProfileStringA
GetFileAttributesExA
GetSystemTimeAsFileTime
InitializeSListHead
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetLastError
GetModuleFileNameW
ReadFile
GetFileSize
CreateFileW
GetStartupInfoW

user32

MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
GetMenuItemCount
CreatePopupMenu
TrackPopupMenu
DestroyMenu
SendMessageTimeoutW
FindWindowW
GetWindowTextLengthW
RegisterClipboardFormatW
GetKeyState
CallWindowProcW
GetWindow
GetWindowRect
SetWindowPos
SendMessageW
EndDialog
SetWindowTextW
ShowWindow
OpenClipboard
ClientToScreen
CloseClipboard
EmptyClipboard
MapWindowPoints
SendDlgItemMessageW
LoadIconW
SetClipboardData
MapDialogRect
SetWindowLongW
GetClientRect
GetDlgItem
DrawIconEx
LoadImageW
InvalidateRect
GetWindowThreadProcessId
FindWindowExW
EnumChildWindows
EnumWindows
GetClassNameW
DialogBoxParamW
GetAncestor
GetWindowTextW
SetDlgItemTextW
GetWindowLongW

gdi32

DeleteObject
GetStockObject
SetTextColor

advapi32

RegFlushKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegNotifyChangeKeyValue
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
OpenProcessToken

shell32

SHGetDesktopFolder
SHBindToParent
ord155
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
CoCreateGuid
DoDragDrop
CoRegisterClassObject
OleUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoLoadLibrary

oleaut32

VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Xlength_error@std@@YAXPBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

wintrust

WinVerifyTrust

vcruntime140

wcsstr
strrchr
_purecall
wcschr
strstr
__std_type_info_compare
__std_type_info_name
strchr
_CxxThrowException
__std_exception_destroy
memchr
wcsrchr
__std_terminate
__current_exception_context
__current_exception
_except_handler4_common
memset
memmove
memcpy
__std_exception_copy
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

wcsncpy_s
iswalnum
iswalpha
_wcslwr_s
strnlen
wcscpy_s
strcpy_s
wcsncat_s
wcsncpy
iswspace
wcsncmp
wcsnlen
wcscat_s
wmemcpy_s
strncmp
_wcsicmp
iswdigit

api-ms-win-crt-runtime-l1-1-0

__p___argc
_initterm
_get_wide_winmain_command_line
_beginthreadex
_initialize_wide_environment
_configure_wide_argv
_controlfp_s
_set_app_type
_seh_filter_exe
terminate
_cexit
_initterm_e
_exit
_c_exit
_invalid_parameter_noinfo
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit
_errno
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
__p___wargv

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
_callnewh
_aligned_malloc
_aligned_free
malloc
_recalloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswscanf
__stdio_common_vsnwprintf_s
fwrite
__stdio_common_vsprintf_s
_wfopen
fgets
__p__commode
__stdio_common_vsprintf
fclose
fread
_set_fmode
__stdio_common_vswprintf_s

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp
_mbscmp
_mbslwr_s

api-ms-win-crt-time-l1-1-0

_time64
_gmtime32

api-ms-win-crt-convert-l1-1-0

wcstoul
atoi
_i64tow_s
_itow_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec1891168cf61357486ac27cad618e2e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

dbghelp

wininet

psapi

comctl32

shlwapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

wintrust

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 301KB - Virtual size: 301KB

.rdata Size: 294KB - Virtual size: 294KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 301KB - Virtual size: 301KB

.rdata
Size: 294KB - Virtual size: 294KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 20KB - Virtual size: 19KB