88fbbae7828fb79c92d70dde95b76c5aef650685cf967f4717ebd957a8f868fd

Sharing

Copy URL Twitter E-mail

General

Target

88fbbae7828fb79c92d70dde95b76c5aef650685cf967f4717ebd957a8f868fd
Size

140KB
MD5

856670eefd187b4b5a12eee632a8b8d0
SHA1

942737da78205d388482223bc3c3fd2f5e2ca3c0
SHA256

88fbbae7828fb79c92d70dde95b76c5aef650685cf967f4717ebd957a8f868fd
SHA512

2931b6043b3b2b31673c35be86d138748e2e225d7119b40927117decfdd553f7f2e5523df5187ebb82b635cdfb3f2c7bf9d7ebf33a4e921dca894a260f18fc01
SSDEEP

3072:OHJPWzOQawXSEOGYNNgfI+PqjVaJMr7R4HMviQa:OH5WzJawXSNR8x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88fbbae7828fb79c92d70dde95b76c5aef650685cf967f4717ebd957a8f868fd

Files

88fbbae7828fb79c92d70dde95b76c5aef650685cf967f4717ebd957a8f868fd
.exe windows:6 windows x86 arch:x86

3f8c8e302942fb5897904ae23503165d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-10989746-1\Basic\Output\BinFinal\QMLspPing.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htonl
htons

kernel32

OpenProcess
lstrcpynW
GetCurrentProcessId
SetErrorMode
InitializeCriticalSection
SearchPathW
WaitForMultipleObjects
SetUnhandledExceptionFilter
WriteProcessMemory
GetCommandLineW
InitializeCriticalSectionAndSpinCount
SwitchToThread
UnmapViewOfFile
CreateFileMappingW
GetFileAttributesW
GetCurrentProcess
WriteFile
GetTempPathW
UnhandledExceptionFilter
GetVersionExW
VirtualQuery
lstrlenW
MapViewOfFileEx
GetTickCount64
GetSystemDefaultLangID
GetNativeSystemInfo
GetSystemPowerStatus
LoadLibraryA
lstrcmpiW
FreeLibrary
GetModuleFileNameW
LoadLibraryW
ResetEvent
WaitForSingleObjectEx
GetExitCodeProcess
SetFilePointer
TerminateProcess
CreateProcessW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
SetEvent
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetProcessHeap
HeapAlloc
GetCurrentThreadId
Sleep
SetLastError
ReadFile
GetFileSize
CreateFileW
GetLastError
CloseHandle
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW

user32

GetWindowDC
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
ReleaseDC

gdi32

GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegCreateKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegFlushKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

ole32

CoInitialize
CoUninitialize

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertGetNameStringW
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertCreateCertificateContext

shlwapi

PathAppendW
PathFileExistsW
SHGetValueW
PathRemoveFileSpecW
StrStrIW

imm32

ImmDisableIME

psapi

GetModuleFileNameExW
EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules

vcruntime140

__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
wcsrchr
wcschr
_set_purecall_handler
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
memset
memmove
memcpy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_set_invalid_parameter_handler
set_terminate
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_controlfp_s
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsnwprintf_s
__p__commode
__stdio_common_vswscanf

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_set_new_mode
_callnewh
_recalloc
free

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcscpy_s
wcsncmp
_wcsnicmp
wcsncpy_s

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

_wtol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f8c8e302942fb5897904ae23503165d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

gdi32

advapi32

ole32

msvcp140

crypt32

shlwapi

imm32

psapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 5KB - Virtual size: 5KB