D:\qci_workspace\root-workspaces\__qci-pipeline-10989746-1\Basic\Output\BinFinal\QMDL.pdb
Static task
static1
Behavioral task
behavioral1
Sample
e0643ea7e781bf373b15a1b1a93a0c66f074536c9d1a350ef0eed26dccc477df.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
e0643ea7e781bf373b15a1b1a93a0c66f074536c9d1a350ef0eed26dccc477df.exe
Resource
win10v2004-20240802-en
General
-
Target
e0643ea7e781bf373b15a1b1a93a0c66f074536c9d1a350ef0eed26dccc477df
-
Size
740KB
-
MD5
faa61eaf6577bdb1d3fc5a98136a67ad
-
SHA1
048e88b507bd0f3dc74a56fc60b10cad93bf2827
-
SHA256
e0643ea7e781bf373b15a1b1a93a0c66f074536c9d1a350ef0eed26dccc477df
-
SHA512
340abdd19dc35e1077c2690c4bcae299a5942c6be8b95d5c63d9c679940c646879f874810f63329eccdacf586e3b23e8912cee43f1804cd948a74b43815ccf4b
-
SSDEEP
12288:jgAAb9QLbpY3d0rOdIwDTmnESKm7r4A6KQCRr826ryQJn9H63R/aDdwWJw+PNN:MAAb9QLbp/uIwnmTJ7r4A57qnE3R8++H
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e0643ea7e781bf373b15a1b1a93a0c66f074536c9d1a350ef0eed26dccc477df
Files
-
e0643ea7e781bf373b15a1b1a93a0c66f074536c9d1a350ef0eed26dccc477df.exe windows:6 windows x86 arch:x86
b061a6adfe8135e3446a57172882bfe0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ws2_32
htonl
WSAStartup
gethostbyname
inet_ntoa
WSACleanup
htons
ntohl
ntohs
kernel32
IsBadReadPtr
FreeLibrary
TerminateProcess
LoadLibraryExW
IsDebuggerPresent
GetCurrentProcess
CreateMutexW
GetTickCount64
OpenProcess
GetExitCodeProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
RaiseException
AreFileApisANSI
ReadFile
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateFileW
GetVersionExW
UnmapViewOfFile
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
CreateFileA
LoadLibraryA
DeleteFileA
DeleteFileW
GetSystemInfo
UnlockFile
LocalFree
LockFileEx
GetFileSize
GetCurrentProcessId
GetSystemTimeAsFileTime
WaitForSingleObject
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
lstrcpynW
GetCurrentThreadId
SetErrorMode
SearchPathW
SetUnhandledExceptionFilter
WriteProcessMemory
GetModuleFileNameW
GetCommandLineW
SwitchToThread
GetModuleHandleExW
UnhandledExceptionFilter
ProcessIdToSessionId
lstrlenW
MapViewOfFileEx
GetSystemDefaultLangID
GetNativeSystemInfo
VirtualQuery
GetSystemPowerStatus
lstrcmpiW
GetFileAttributesW
FlushFileBuffers
CreateProcessW
GetTickCount
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
SetLastError
Sleep
GetModuleHandleW
GetProcAddress
LoadLibraryW
WideCharToMultiByte
WaitForMultipleObjects
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
TerminateThread
OpenMutexW
SetEvent
CreateEventW
CloseHandle
GetSystemTime
user32
DestroyWindow
DefWindowProcW
GetWindowLongW
CreateWindowExW
IsWindow
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
KillTimer
PostQuitMessage
SetTimer
SetWindowLongW
RegisterClassExW
advapi32
RegNotifyChangeKeyValue
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegFlushKey
RegEnumKeyExW
RegEnumValueW
RegGetKeySecurity
RegSetKeySecurity
RegQueryInfoKeyW
shell32
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ole32
CLSIDFromProgID
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysAllocStringByteLen
SysFreeString
shlwapi
PathAppendW
PathAddBackslashW
StrStrIW
SHGetValueW
PathFileExistsW
PathRemoveFileSpecW
wnsprintfW
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
imm32
ImmDisableIME
psapi
EnumProcessModules
GetModuleFileNameExW
EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
vcruntime140
memchr
_set_purecall_handler
memcpy
memmove
wcsstr
wcschr
memset
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
wcsrchr
__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
api-ms-win-crt-runtime-l1-1-0
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
_crt_atexit
set_terminate
_set_invalid_parameter_handler
_invalid_parameter_noinfo
_get_wide_winmain_command_line
_errno
_beginthreadex
_initialize_wide_environment
_controlfp_s
_configure_wide_argv
_exit
_set_app_type
_seh_filter_exe
terminate
_cexit
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
_initialize_onexit_table
_register_onexit_function
exit
api-ms-win-crt-time-l1-1-0
_difftime64
_time64
_localtime64_s
api-ms-win-crt-string-l1-1-0
wcsnlen
_wcsnicmp
wcscpy_s
wcsncpy_s
_wcsicmp
wmemcpy_s
strncmp
wcsncmp
strncpy_s
api-ms-win-crt-convert-l1-1-0
_ultow_s
_wtol
_wtoi
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__p__commode
_set_fmode
__stdio_common_vswscanf
__stdio_common_vsnwprintf_s
api-ms-win-crt-heap-l1-1-0
_callnewh
_set_new_mode
malloc
realloc
free
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-filesystem-l1-1-0
_wsplitpath_s
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 589KB - Virtual size: 588KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 85KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ