9af7601b0de136b3d9550311b196320804cf031ae64c1fe80a52992dcc9b870d

Sharing

Copy URL Twitter E-mail

General

Target

9af7601b0de136b3d9550311b196320804cf031ae64c1fe80a52992dcc9b870d
Size

598KB
MD5

49fc0452f9b251da1c08cfb9c8b776ec
SHA1

0a3b0990446ccecf9b74abdd6c42c1673e1e65d7
SHA256

9af7601b0de136b3d9550311b196320804cf031ae64c1fe80a52992dcc9b870d
SHA512

5f0a9ddf3dcc65f86994b67bc124eade3b9416af7faeb600204ffd789be03aab8124c8c7603d4261b7b270c83048ed013b8c0647a3223209800b5953d47833cb
SSDEEP

6144:wjKSx3ZlMkrHOI1rZDpveNtFq5QJdRDH/mXficqvFqZ0qUDrLe6Ckos61:wjKeZOkrHOIVgqQDH/mviccFM0qUDIJ

Score

1^/10

Malware Config

Signatures

Files

9af7601b0de136b3d9550311b196320804cf031ae64c1fe80a52992dcc9b870d
.exe windows:5 windows x86 arch:x86

439e9fd87eec83eebdf7378d7ef202b6

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/10/2022, 00:00

Not After

17/10/2025, 23:59

Subject

CN=Tencent Technology (Shenzhen) Company Limited,O=Tencent Technology (Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:36:40:de:f5:73:53:27:8d:3e:bb:51:fa:db:65:33:3e:07:e2:ef:83:bf:ea:2c:4b:b1:a9:14:fe:1c:e5:90
Signer

Actual PE Digest

6c:36:40:de:f5:73:53:27:8d:3e:bb:51:fa:db:65:33:3e:07:e2:ef:83:bf:ea:2c:4b:b1:a9:14:fe:1c:e5:90

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

qqlivebase

?ParseURLW@base@@YAHPBDPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAG@Z
??0Value@Json@@QAE@W4ValueType@1@@Z
?RunExeAsAdminAndWait@base@@YAHPB_W0AAKAAHK@Z
?ZipToDir@base@@YAHABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0@Z
?SetDPIAwarenssProcess@base@@YAXH@Z
??0Value@Json@@QAE@H@Z
?GetKeyValue@base@@YAHABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0AAV23@_W@Z
?GetExeFolder@base@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CreateFileDirectory@base@@YAHPB_W@Z
??AStreamWriterBuilder@Json@@QAEAAVValue@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Value@Json@@QAE@I@Z
??0Value@Json@@QAE@N@Z
??0Value@Json@@QAE@PBD@Z
??0Value@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Value@Json@@QAE@_N@Z
??0Value@Json@@QAE@ABV01@@Z
??0Value@Json@@QAE@$$QAV01@@Z
??1Value@Json@@QAE@XZ
??4Value@Json@@QAEAAV01@V01@@Z
??AValue@Json@@QAEAAV01@H@Z
??AValue@Json@@QAEAAV01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?writeString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVFactory@StreamWriter@1@ABVValue@1@@Z
??0StreamWriterBuilder@Json@@QAE@XZ
??1StreamWriterBuilder@Json@@UAE@XZ
?GetOsVersion@base@@YA?AW4ENUM_OS_VERSION@1@XZ

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
OutputDebugStringW
IsDebuggerPresent
GetStartupInfoW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetLastError
GetModuleFileNameW
GetPrivateProfileIntW
GetFileAttributesExW
LockResource
GlobalMemoryStatusEx
OpenProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
CloseHandle
GetLocalTime
GetSystemInfo
FindResourceW
FindResourceExW
CreateFileW
GetComputerNameW
QueryPerformanceCounter
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
WriteFile
SetFilePointer
SetFilePointerEx
DeleteFileW
CopyFileW
MoveFileExW
InitializeCriticalSection
FreeLibrary
GetProcAddress
LocalFree
GetExitCodeProcess
WaitForSingleObject
ReadFile
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
CreateProcessW
GetCommandLineA
GetSystemDirectoryW
GetFileAttributesW
HeapCreate
SetProcessWorkingSetSize
GetCurrentProcess
TerminateProcess
SetLastError
SetEvent
ResetEvent
GetFileSize
DeviceIoControl
MapViewOfFile
UnmapViewOfFile
WaitForSingleObjectEx
ReadFileEx
CreateEventW
CreateFileMappingW
LoadLibraryExA
SetCurrentDirectoryA
SetCurrentDirectoryW
CreateFileA
VirtualLock
VirtualUnlock
RaiseException
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar

user32

GetWindowThreadProcessId
IsWindow
PostMessageW
MessageBoxW
GetWindow
GetDesktopWindow
GetPropW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW

shell32

CommandLineToArgvW
SHGetFolderPathW

oleaut32

SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW
PathCombineA
PathCombineW
PathIsRelativeW
PathAppendW

msvcp140

_Getcvt
_Mbrtowc
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?setf@ios_base@std@@QAEHHH@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ

logmanager

ReleaseLogManager
QQLogOutToFileFMTW

wintrust

WinVerifyTrust

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertCreateCertificateContext
CryptMsgClose
CertCloseStore
CryptMsgGetParam
CryptQueryObject

livelog

?GetConfigDword@@YAKABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0KW4tagQQLIVE_CONFIG_TYPE@@@Z
?GetStatisticInst@@YAJPAPAUIStatistic@@@Z
?GetStandardVerNamFromVerDesc@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PB_W@Z
?IsPortingAppPack@@YAHXZ
?GetAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?QQ_GetVersionDescription@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dbghelp

MiniDumpWriteDump

dbgeng

DebugCreate

business

?GetWebkit2CorePath@business@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CopyWebview2InstallerLog@business@@YAXXZ

unchannelbase

UNFreeUtf8String
UNAllocUtf8String

vcruntime140

_except_handler4_common
__std_terminate
memchr
_purecall
memcmp
memmove
__std_exception_destroy
__std_exception_copy
wcsstr
__CxxFrameHandler3
_CxxThrowException
wcsrchr
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_errno
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit

api-ms-win-crt-string-l1-1-0

wcscmp
strcmp
wcslen
wcscpy_s
wcsncpy_s
strlen
wmemcpy_s
_wcsicmp
_wcslwr_s
_wcsnicmp
wcsnlen

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fgetpos
__stdio_common_vsnprintf_s
__p__commode
fwrite
setvbuf
ungetc
__stdio_common_vswprintf
fgetc
__stdio_common_vswprintf_s
__stdio_common_vsprintf
fflush
fclose
_get_stream_buffer_pointers
fsetpos
fputc
_fseeki64

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
calloc
free
_recalloc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

_ldtest
_fdtest
_dtest
_fdsign
_ldsign
__setusermatherr
_dsign

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

Sections

.text
Size: 132KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 77B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

439e9fd87eec83eebdf7378d7ef202b6

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fcCertificate

Extended Key Usages

Key Usages

6c:36:40:de:f5:73:53:27:8d:3e:bb:51:fa:db:65:33:3e:07:e2:ef:83:bf:ea:2c:4b:b1:a9:14:fe:1c:e5:90Signer

Headers

DLL Characteristics

File Characteristics

Imports

qqlivebase

kernel32

user32

advapi32

shell32

oleaut32

shlwapi

msvcp140

logmanager

wintrust

crypt32

livelog

version

dbghelp

dbgeng

business

unchannelbase

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 132KB - Virtual size: 136KB

.rdata Size: 33KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 77B - Virtual size: 4KB

.rsrc Size: 418KB - Virtual size: 418KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fc
Certificate

6c:36:40:de:f5:73:53:27:8d:3e:bb:51:fa:db:65:33:3e:07:e2:ef:83:bf:ea:2c:4b:b1:a9:14:fe:1c:e5:90
Signer

.text
Size: 132KB - Virtual size: 136KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 77B - Virtual size: 4KB

.rsrc
Size: 418KB - Virtual size: 418KB