2998bd97cabd5ee5d095b6fe94007941873601cd493cd182cdfdb8f294bcae65

Sharing

Copy URL Twitter E-mail

General

Target

2998bd97cabd5ee5d095b6fe94007941873601cd493cd182cdfdb8f294bcae65
Size

1.1MB
MD5

68cd8b0d18137b20c3ae11deaf9556be
SHA1

7284bd515cbd1fdb2ae8d3c322a14e6f78cbb9a1
SHA256

2998bd97cabd5ee5d095b6fe94007941873601cd493cd182cdfdb8f294bcae65
SHA512

14ee853e759fe8d13020db109abec935fb1396c7186ea623f5025a88a961f13eb50c196d99a495de93c18b3df97c1b0b7c8c8fb7e7c4084f2d57ca5122abea31
SSDEEP

24576:84BFF3BhLaSOo74BN/TgUnq45P+zfFpyKa/lB9:RBFFx3irq4ofF5at3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2998bd97cabd5ee5d095b6fe94007941873601cd493cd182cdfdb8f294bcae65

Files

2998bd97cabd5ee5d095b6fe94007941873601cd493cd182cdfdb8f294bcae65
.exe windows:6 windows x64 arch:x64

e1986e2294a000dd99248b0079d2a8db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-10992451-1\app\Windows\output\x64\bin\Release\WeMeetApp.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetLongPathNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
SetDllDirectoryW
LocalFree
LoadLibraryA
LoadLibraryExW
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameW
GetCurrentProcessId
CreateMutexA
SetEvent
SetLastError
RaiseException
CloseHandle
OutputDebugStringA
GetTempPathW
SetCurrentDirectoryW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
VirtualProtect
GetCurrentThreadId
GetCurrentThread
GetFileAttributesW
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
OutputDebugStringW
IsDebuggerPresent
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
GetFileInformationByHandleEx
EncodePointer
LCMapStringEx
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
CompareStringEx
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
IsProcessorFeaturePresent
InitializeSListHead
CreateIoCompletionPort
CreateEventW
CreateThread
ResetEvent
GetQueuedCompletionStatus
RegisterWaitForSingleObject
UnregisterWait
TerminateJobObject
PostQueuedCompletionStatus
WaitForSingleObject
GetModuleHandleExW
SetInformationJobObject
DuplicateHandle
GetUserDefaultLangID
GetUserDefaultLCID
GetUserDefaultLocaleName
EnumSystemLocalesEx
GetTickCount
TryAcquireSRWLockExclusive
UnregisterWaitEx
Sleep
GetThreadId
SetThreadPriority
MultiByteToWideChar
GetFileType
SetHandleInformation
HeapSetInformation
GetVersionExW
GetProductInfo
GetNativeSystemInfo
IsWow64Process
AssignProcessToJobObject
WriteProcessMemory
CreateFileMappingW
MapViewOfFile
ReadProcessMemory
SetThreadAffinityMask
VirtualFree
GetProcessHeaps
GetLocalTime
WriteFile
CreateNamedPipeW
CreateJobObjectW
QueryInformationJobObject
VirtualAllocEx
VirtualProtectEx
RtlUnwind
ExpandEnvironmentStringsW
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateMutexW
UnmapViewOfFile
QueryDosDeviceW
VirtualFreeEx
GetProcessHandleCount
TlsGetValue
VirtualAlloc
lstrlenW
DebugBreak
TlsAlloc
TlsFree
TlsSetValue
SetFilePointerEx
ReadFile
GetFileSizeEx
SetEndOfFile
FlushFileBuffers
RtlCaptureStackBackTrace
CreateRemoteThread
GetSystemInfo
GetLogicalProcessorInformation
InitializeConditionVariable
WakeConditionVariable
InitializeSRWLock
ResumeThread
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetStdHandle
GetConsoleCP
GetConsoleMode
SetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
SetEnvironmentVariableW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
DecodePointer
GetCommandLineW
GetThreadPriority
GetSystemDirectoryW
SwitchToThread
GetStartupInfoW

user32

CreateDesktopW
CreateWindowStationW
GetProcessWindowStation
GetThreadDesktop
CloseDesktop
MessageBoxW
GetDesktopWindow
EnumDisplayDevicesW
CloseWindowStation
SetProcessWindowStation
GetUserObjectInformationW
SetWindowsHookExW
CallNextHookEx
wsprintfW
PostThreadMessageW

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocString
SysFreeString

advapi32

RevertToSelf
InitializeSid
GetSidSubAuthority
IsValidSid
AdjustTokenPrivileges
GetLengthSid
CreateWellKnownSid
ConvertStringSidToSidW
ConvertSidToStringSidW
RegDisablePredefinedCache
EqualSid
CreateProcessAsUserW
SetThreadToken
SetTokenInformation
OpenProcessToken
GetSecurityDescriptorSacl
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
DuplicateTokenEx
MapGenericMask
AccessCheck
FreeSid
ImpersonateLoggedOnUser
GetNamedSecurityInfoW
GetSecurityInfo
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityInfo
BuildTrusteeWithSidW
SetEntriesInAclW
InitializeAcl
AddMandatoryAce
GetSecurityDescriptorDacl
RegCreateKeyExW
SystemFunction036
DuplicateToken
GetTokenInformation
CreateRestrictedToken
LookupPrivilegeValueW

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW

dbghelp

SymSetOptions
SymSetSearchPathW
SymCleanup
SymFromAddr
SymGetSearchPathW
SymGetLineFromAddr64
SymInitialize

winmm

timeGetTime

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1986e2294a000dd99248b0079d2a8db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

shell32

ole32

oleaut32

advapi32

shlwapi

dbghelp

winmm

Exports

Exports

Sections

.text Size: 773KB - Virtual size: 773KB

malloc_h Size: 512B - Virtual size: 326B

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 12KB - Virtual size: 36KB

.pdata Size: 32KB - Virtual size: 32KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 153KB - Virtual size: 153KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 773KB - Virtual size: 773KB

malloc_h
Size: 512B - Virtual size: 326B

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 12KB - Virtual size: 36KB

.pdata
Size: 32KB - Virtual size: 32KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 153KB - Virtual size: 153KB

.reloc
Size: 5KB - Virtual size: 4KB