067246eaa1460e28ad19a331cd1c046a8056f32f84a127b4bf5244d0f5e402dc

Sharing

Copy URL

Twitter E-mail

General

Target

067246eaa1460e28ad19a331cd1c046a8056f32f84a127b4bf5244d0f5e402dc
Size

831KB
MD5

faf727d3c9acc13be1e536e575af140b
SHA1

6a9d83a5c73ee1520de5fd25a0b7fde9167e655d
SHA256

067246eaa1460e28ad19a331cd1c046a8056f32f84a127b4bf5244d0f5e402dc
SHA512

f76b8dcd45af725080cc22e8eb8709c05777f69d33c3dfaa36c284aef68dae40f4f42c9982b7aa99746bc63a29a3271c615f736576a35d109c5a0219a14e20c5
SSDEEP

12288:1Uv3S0WA2vC9dkEyoajAFW3uWRHRBRLRiRoRwRRRwOw1swCVBytEY:1Uv1WA2vCl9a8kxPNIayfwMwU1Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
067246eaa1460e28ad19a331cd1c046a8056f32f84a127b4bf5244d0f5e402dc

Files

067246eaa1460e28ad19a331cd1c046a8056f32f84a127b4bf5244d0f5e402dc
.exe windows:6 windows x86 arch:x86

a45e971d919d6a418673e5080d01fb8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-10989746-1\Basic\Output\BinFinal\QQPCAVSetting.pdb

Imports

sqlite

sqlite3_close
sqlite3_open16
sqlite3_finalize
sqlite3_column_count
sqlite3_bind_text16
sqlite3_errmsg
sqlite3_column_int
sqlite3_reset
sqlite3_step
sqlite3_column_int64
sqlite3_column_bytes16
sqlite3_column_text16
sqlite3_prepare
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_prepare16

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile

imm32

ImmDisableIME

common

?ReverseFind@CTXStringW@@QBEH_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
?Append@CTXStringW@@QAEXPB_W@Z
?TXLoadString@@YAPB_WPB_W0@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
??0CTXBSTR@@QAE@PB_W@Z
??7CTXStringW@@QBE_NXZ
??H@YA?AVCTXStringW@@ABV0@0@Z
??0CTXStringW@@QAE@UtagEN@@PBDH@Z
?TXAssert@@YAHPB_W0H@Z
??1CTXStringA@@QAE@XZ
??0CTXStringA@@QAE@XZ
?Format@CTXStringA@@QAAXPBDZZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??M@YA_NABVCTXStringA@@0@Z
??ICTXBSTR@@QAEPAPA_WXZ
??8CTXBSTR@@QBE_NPB_W@Z
??0CFmtString@@QAE@XZ
??1CFmtString@@QAE@XZ
?PropertyStr@CFmtString@@QAEHPB_W0@Z
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?IsEmpty@CTXBSTR@@QAEHXZ
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??0CTXBSTR@@QAE@ABV0@@Z
?Detach@CTXBSTR@@QAEPA_WXZ
??4CTXBSTR@@QAEAAV0@PB_W@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?Copy@CTXBSTR@@QBEPA_WXZ
??MCTXBSTR@@QBE_NABV0@@Z
??OCTXBSTR@@QBE_NABV0@@Z
?NotifyIdle@TXTimer@@YAXXZ
?Empty@CTXStringW@@QAEXXZ
??M@YA_NABVCTXStringW@@0@Z
?TrimLeft@CTXStringW@@QAEAAV1@PB_W@Z
?GetLocalePath@TXI18N@@YA?AVCTXStringW@@PB_W@Z
?SplitQNC@FS@@YAHPB_WAAVCTXStringW@@1@Z
?IsDirectoryExist@FS@@YAHPB_W@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
??0CTXStringW@@QAE@ABV0@@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?Replace@CTXStringW@@QAEHPB_W0@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?Find@CTXStringW@@QBEHPB_WH@Z
?GetString@CTXStringW@@QBEPB_WXZ
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?GetPlatformCore@CoreCenter@Util@@YAHPAPAUITXPlatformCore@@@Z
?GetPlatformTpc@CoreCenter@Util@@YAHPAPAUITXDataRead@@@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?GetLength@CTXStringW@@QBEHXZ
?IsEmpty@CTXStringW@@QBE_NXZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
??BCTXBSTR@@QBEPA_WXZ
?GetParentDir@File@Util@@YA?AVCTXStringW@@ABV3@@Z
?GetFileName@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
?AddFmtString@TXStringBundle@@YAXABVCFmtString@@@Z
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
??1CTXBSTR@@QAE@XZ
??0CTXBSTR@@QAE@XZ
??0CTXStringW@@QAE@PB_W@Z
??1CTXStringW@@QAE@XZ
??BCTXStringW@@QBEPB_WXZ
?GetBuffer@CTXStringW@@QAEPA_WXZ
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@PA_W@Z
?Format@CTXStringW@@QAAXPB_WZZ
??0CTXStringW@@QAE@XZ

gf

?UnscaleSIZE@DPI@GF@Util@@YAXPAUtagSIZE@@@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z
?UnscaleY@DPI@GF@Util@@YAHH@Z
?UnscaleX@DPI@GF@Util@@YAHH@Z
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
??1CDPIScaleIgnoreResetHelper@@QAE@XZ
?TransMd2GFElement@Metadata@Util@@YAJPAUITXData@@PAPAUIGFElement@@PA_W@Z
?Get@Metadata@Util@@YAJPAUITXData@@PADPAH@Z
?Get@Metadata@Util@@YAJPAUITXData@@PADPAK@Z
?Get@Metadata@Util@@YAJPAUITXData@@PADPATtagARGB@@@Z
?ScreenPoint2ClientPoint@GF@Util@@YAXPAUIGFFrame@@AAUtagPOINT@@@Z
?ScaleSIZE@DPI@GF@Util@@YAXPAUtagSIZE@@@Z
??0CDPIScaleIgnoreResetHelper@@QAE@XZ
?UnscaleLONG@DPI@GF@Util@@YAXPAJ@Z
?IsScaleIgnore@DPI@GF@Util@@YA_NXZ
?HandleMessageScale@DPI@GF@Util@@YAXPAUtagBaseArg@@@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@PAUITXCore@@H@Z
?DispatchFrameMsg@GF@Util@@YAJPAUIGFFrame@@PAUtagBaseArg@@PAHPAJH@Z
?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z

xgraphic32

SetCanvasFilter
BlendCanvas
FillSolidRectEx
DeleteCanvas
CanvasScroll
CreateCanvas

kernel32

MoveFileW
GetCurrentThreadId
OutputDebugStringW
GetCurrentProcess
CreateEventW
SetEvent
GetFileSize
GetVersionExW
LoadLibraryExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MapViewOfFileEx
CreateMutexW
ReleaseMutex
WaitForSingleObjectEx
SetFilePointerEx
LocalFree
GetCurrentThread
GetSystemInfo
ResetEvent
FindFirstFileExW
lstrcpynW
UnhandledExceptionFilter
SetThreadPriority
GetThreadPriority
GetSystemDirectoryW
GetFullPathNameW
GetTickCount
RaiseException
lstrcmpiW
IsBadReadPtr
IsBadWritePtr
TerminateProcess
IsDebuggerPresent
SetDllDirectoryW
GetCommandLineW
DuplicateHandle
InitializeCriticalSectionAndSpinCount
SwitchToThread
GetModuleHandleExW
GetCurrentProcessId
WaitForMultipleObjects
InitializeCriticalSection
ProcessIdToSessionId
GetFileAttributesExW
FileTimeToLocalFileTime
OpenMutexW
SystemTimeToTzSpecificLocalTime
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
lstrlenW
GetSystemDefaultLangID
GetSystemPowerStatus
LoadLibraryA
SetErrorMode
SearchPathW
SetUnhandledExceptionFilter
WriteProcessMemory
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
ExpandEnvironmentStringsW
GetTempPathW
GetLocalTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionEx
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
DeleteFileW
OpenProcess
CreateProcessW
GetModuleFileNameW
Sleep
WaitForSingleObject
CloseHandle
GetLastError
GetProcAddress
LoadLibraryW
SetLastError
MoveFileExW
SetFileAttributesW
ReadFile
SetFilePointer
FileTimeToSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
VirtualQuery
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetFileAttributesW
WideCharToMultiByte
GetTickCount64
GetNativeSystemInfo
GetModuleHandleW
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
GetSystemTimeAsFileTime
WriteFile

user32

LoadImageW
SetWindowLongW
DestroyIcon
CallWindowProcW
PostMessageW
PostThreadMessageW
CharNextW
SendMessageW
FindWindowW
GetWindowLongW
GetCursorPos
PtInRect
CopyRect
IntersectRect
SubtractRect
OffsetRect
SetForegroundWindow
ShowWindow
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
DefWindowProcW
RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
RegisterWindowMessageW
UpdateWindow
SetCursorPos
TranslateMessage
WaitMessage
GetMessageW
SetWindowPos

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExW
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountNameW
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
GetAce
OpenThreadToken
GetSecurityInfo
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegFlushKey
RegEnumValueW
RegNotifyChangeKeyValue
RegGetKeySecurity
RegSetKeySecurity
CopySid

shell32

SHBrowseForFolderW
CommandLineToArgvW
SHGetFileInfoW
SHGetMalloc
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

OleInitialize
CoTaskMemAlloc
CoTaskMemRealloc
OleSaveToStream
WriteClassStm
ReadClassStm
StringFromCLSID
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayDestroy
LoadRegTypeLi
SafeArrayLock
SafeArrayGetUBound
SafeArrayUnlock
VariantInit
VariantClear
SysStringLen
SysFreeString
SafeArrayGetLBound
LoadTypeLi
VarUI4FromStr
SysAllocString
VarCmp
SafeArrayGetVartype
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringByteLen

shlwapi

StrFormatByteSizeW
StrFormatKBSizeW
StrFromTimeIntervalW
PathMakePrettyW
PathCombineW
PathStripPathW
PathAppendW
StrStrIW
PathRenameExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW
PathFindFileNameW
PathFileExistsW
SHGetValueW
PathAddBackslashW

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

psapi

GetProcessMemoryInfo
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcesses
EnumProcessModules

dbghelp

ImageDirectoryEntryToData

vcruntime140

strrchr
_except_handler4_common
__current_exception_context
__std_type_info_compare
__std_type_info_name
memcmp
_CxxThrowException
_set_purecall_handler
_purecall
__current_exception
wcschr
wcsstr
__RTDynamicCast
__CxxFrameHandler3
__std_terminate
memcpy
__std_exception_copy
__std_exception_destroy
memmove
memset
wcsrchr

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo
_errno
_resetstkoflw
_set_invalid_parameter_handler
set_terminate
_get_wide_winmain_command_line
_beginthreadex
__p___argc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s
_wfopen_s
__acrt_iob_func
__p__commode
__stdio_common_vfwprintf
fclose
fputws
fflush
_wfopen
__stdio_common_vswscanf
_set_fmode
fwrite
__stdio_common_vsprintf
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

wcscpy_s
wmemcpy_s
_wcsicmp
wcscspn
wcslen
wcsncpy_s
wcsncpy
wcscat_s
wcsncat_s
strlen
_wcsnicmp
wcsncmp
wcsspn
_wcsupr_s
wcsnlen
iswspace
strncpy_s
wcscmp
_wcslwr_s
strnlen

api-ms-win-crt-time-l1-1-0

_time32
_mktime64
_time64
_localtime64_s

api-ms-win-crt-convert-l1-1-0

wcstol
wcstoul
_wtol
_wtoi

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-heap-l1-1-0

calloc
_recalloc
malloc
_set_new_mode
free
_callnewh
realloc

api-ms-win-crt-utility-l1-1-0

abs
srand
labs
_byteswap_ushort
rand
_byteswap_ulong

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_wsetlocale
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
fabs

comctl32

InitCommonControlsEx

Exports

Exports

?_4bytesDecryptAFrame@@YAXPAF0@Z
?_4bytesEncryptAFrame@@YAXPAF0@Z
?oi_symmetry_decrypt2@@YAHPBEH0PAEPAH@Z
?oi_symmetry_decrypt@@YAHPBEH0PAEPAH@Z
?oi_symmetry_encrypt2@@YAXPBEH0PAEPAH@Z
?oi_symmetry_encrypt2_len@@YAHH@Z
?oi_symmetry_encrypt@@YAXPBEH0PAEPAH@Z

Sections

.text
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a45e971d919d6a418673e5080d01fb8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sqlite

version

userenv

imm32

common

gf

xgraphic32

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

psapi

dbghelp

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

comctl32

Exports

Exports

Sections

.text Size: 482KB - Virtual size: 481KB

.rdata Size: 205KB - Virtual size: 205KB

.data Size: 60KB - Virtual size: 63KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 482KB - Virtual size: 481KB

.rdata
Size: 205KB - Virtual size: 205KB

.data
Size: 60KB - Virtual size: 63KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 54KB - Virtual size: 54KB