7b6140f65e10d2338d94a5834fd99f800a3ca4f11c992f0fe371dd5cb8eda080

Sharing

Copy URL Twitter E-mail

General

Target

7b6140f65e10d2338d94a5834fd99f800a3ca4f11c992f0fe371dd5cb8eda080
Size

9.4MB
MD5

f0794e36d5376b9ded69abee5b329f83
SHA1

36c26d3bcca5545ce187f511563958c33e06958b
SHA256

7b6140f65e10d2338d94a5834fd99f800a3ca4f11c992f0fe371dd5cb8eda080
SHA512

7f52e7977e68cb84d4e2419f4c4a8dfea21192b6026e1055cdff0c787b13b454745429fe91da0250a6b3f10b61558b7f817b28608acff2da772a8843b26f502e
SSDEEP

196608:D2jtp+MSAFo76ZrhgcMLfVGUYVjysvFxlMe2V4VyGa:Cj/UAQ6Zrhg7d5Uu+x+v4VyG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b6140f65e10d2338d94a5834fd99f800a3ca4f11c992f0fe371dd5cb8eda080

Files

7b6140f65e10d2338d94a5834fd99f800a3ca4f11c992f0fe371dd5cb8eda080
.dll windows:5 windows x86 arch:x86

70bf10b203a7aa3e2e3d9497b4bec72b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\work\cafe\secure\iigw_client_api\qqwb_client\build\bin\Release\iigw_client_api.pdb

Imports

kernel32

GetLastError
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
CreateSemaphoreA
DeviceIoControl
CreateFileW
GetVersionExA
GetCurrentThreadId
InitializeCriticalSection
WideCharToMultiByte
lstrlenW
InterlockedDecrement
CreateFileA
DeleteFileW
RemoveDirectoryW
SleepEx
MapViewOfFile
InterlockedExchange
EnterCriticalSection
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
DecodePointer
EncodePointer
MapViewOfFileEx
GetTempPathA
GetTempFileNameA
ReadFile
DeleteFileA
MoveFileA
WriteFile
GetFileSizeEx
SetFilePointer
SetEndOfFile
TryEnterCriticalSection
GetFileInformationByHandle
GetFullPathNameW
LeaveCriticalSection
SetLastError
GetFileSize
GetModuleFileNameW
GetLocalTime
CreateEventA
WTSGetActiveConsoleSessionId
CreateProcessA
ProcessIdToSessionId
CopyFileW
MoveFileExW
GetSystemTime
SystemTimeToFileTime
FindClose
FindNextFileW
GetModuleFileNameA
Process32FirstW
Process32NextW
TerminateProcess
GlobalMemoryStatusEx
GetCommandLineW
FindFirstFileW
GetDriveTypeW
GetFileAttributesW
GetDriveTypeA
GetDiskFreeSpaceExA
GetSystemTimes
GlobalAlloc
GlobalFree
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetWindowsDirectoryA
GetLogicalDriveStringsA
QueryDosDeviceA
lstrcpyA
lstrcatA
MultiByteToWideChar
GetCurrentDirectoryW
AreFileApisANSI
LocalFree
FormatMessageA
lstrlenA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
ReleaseSemaphore
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
GetCurrentProcess
Process32First
Process32Next
OutputDebugStringA
GetSystemDefaultLangID
CreateToolhelp32Snapshot
Module32First
Module32Next
LoadLibraryA
GetCurrentProcessId
OpenProcess
RaiseException
WaitForSingleObject
TerminateThread
CloseHandle
GetModuleHandleA
CreateDirectoryW
GetProcAddress

ole32

CoInitializeSecurity
IIDFromString
StringFromCLSID
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

advapi32

CryptGetHashParam
InitializeSecurityDescriptor
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
GetTokenInformation
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityDescriptorDacl

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

msvcp100

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?exceptions@ios_base@std@@QAEXH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flags@ios_base@std@@QAEHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?precision@ios_base@std@@QAE_J_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_BADOFF@std@@3_JB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAE_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Xinvalid_argument@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
?eof@ios_base@std@@QBE_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?max@?$numeric_limits@I@std@@SAIXZ
?widen@?$ctype@D@std@@QBEDD@Z
?classic@locale@std@@SAABV12@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?id@?$numpunct@D@std@@2V0locale@2@A
??1facet@locale@std@@UAE@XZ
??1_Locinfo@std@@QAE@XZ
??0facet@locale@std@@IAE@I@Z
??0_Locinfo@std@@QAE@PBD@Z
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?max@?$numeric_limits@H@std@@SAHXZ
?min@?$numeric_limits@H@std@@SAHXZ
?max@?$numeric_limits@_J@std@@SA_JXZ
?narrow@?$ctype@D@std@@QBEDDD@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?do_length@?$codecvt@_WDH@std@@MBEHABHPBD1I@Z
??1?$codecvt@_WDH@std@@MAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Id_cnt@id@locale@std@@0HA
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??0_Locimp@locale@std@@AAE@ABV012@@Z
??1_Locimp@locale@std@@MAE@XZ
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_read
fopen
strrchr
getenv
_lseeki64
isxdigit
isspace
strspn
_strdup
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_vsnprintf
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_onexit
_lock
__dllonexit
_unlock
_snprintf_s
isalpha
isdigit
_wassert
calloc
strpbrk
strchr
_mbsnbcpy_s
isalnum
_wtol
_snprintf
_wfopen
fread
strncat_s
??8type_info@@QBE_NABV0@@Z
_vsnprintf_s
vsprintf_s
??0exception@std@@QAE@XZ
_mbsicmp
_localtime64
_localtime64_s
wcsftime
wcscpy
swprintf_s
_wcsicmp
sqrt
_waccess
wcsncpy_s
_wtoi64
wcscpy_s
strstr
_mbsnbicmp
malloc
free
_strnicmp
printf
_itoa_s
atoi
towupper
toupper
wcscmp
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
fclose
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fgetc
fputc
fwrite
_unlock_file
_lock_file
strncpy
strncat
strerror
_errno
_getpid
_itoa
towlower
tolower
sscanf
??_V@YAXPAX@Z
rand
strtol
memchr
memcmp
sprintf_s
_purecall
memcpy_s
strcpy_s
strcpy
sprintf
_time64
strcat
signal
strlen
_beginthreadex
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException
memmove
memcpy
??3@YAXPAX@Z
__CxxFrameHandler3
memset
wcslen
strncpy_s
__iob_func
_stricmp
realloc
strtoul
_strtoi64
strncmp
fgets
qsort
fputs
__sys_nerr
_fstat64
fseek
_gmtime64
_stat64
islower
isupper
isprint
isgraph
_close
_open
_wcsdup
_write
ungetc

winmm

timeGetTime

ws2_32

getsockopt
closesocket
WSAGetLastError
WSAStartup
gethostname
WSACleanup
gethostbyname
select
ntohl
inet_addr
getsockname
recvfrom
sendto
getaddrinfo
freeaddrinfo
getpeername
connect
ioctlsocket
socket
send
recv
ntohs
inet_ntoa
bind
setsockopt
listen
__WSAFDIsSet
accept
WSASetLastError
WSAIoctl
htonl
htons

psapi

GetModuleFileNameExW
GetProcessImageFileNameA

shlwapi

PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA
PathRemoveFileSpecW

iphlpapi

GetExtendedTcpTable
GetAdaptersAddresses
GetAdaptersInfo
GetIpNetTable
GetIpForwardTable

wininet

InternetReadFile
InternetGetCookieExA
HttpQueryInfoW
InternetCrackUrlA
InternetGetConnectedState
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsA
WTSFreeMemory

wldap32

ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord22

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

user32

GetDC
wsprintfA
LoadStringA
GetSystemMetrics
ReleaseDC
GetParent
SendMessageW
SetDlgItemTextW
GetWindowRect
SetWindowPos
GetWindowLongW
EndDialog
CallWindowProcW
SetWindowLongW
EnumDisplayDevicesA

gdi32

GetDeviceCaps

shell32

SHGetDesktopFolder
ShellExecuteW
SHGetFolderPathA
ShellExecuteExA
SHCreateDirectoryExW
SHGetPathFromIDListW
SHGetFolderPathW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
INFOGW_api_req_netbar_lv
INFOGW_api_req_netbar_lv_ext
INFOGW_api_req_netbar_lv_ext_with_zone_id
INFOGW_api_req_platinum_netbar_lv
INFOGW_api_req_platinum_netbar_lv_ext
_QueryPluginInterface@8

Sections

.text
Size: - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.39i
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.;J?
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dA9
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70bf10b203a7aa3e2e3d9497b4bec72b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

advapi32

setupapi

msvcp100

msvcr100

winmm

ws2_32

psapi

shlwapi

iphlpapi

wininet

userenv

wtsapi32

wldap32

version

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: - Virtual size: 717KB

.rdata Size: - Virtual size: 146KB

.data Size: - Virtual size: 18KB

.39i Size: - Virtual size: 5.3MB

.;J? Size: 2KB - Virtual size: 2KB

.dA9 Size: 9.4MB - Virtual size: 9.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 717KB

.rdata
Size: - Virtual size: 146KB

.data
Size: - Virtual size: 18KB

.39i
Size: - Virtual size: 5.3MB

.;J?
Size: 2KB - Virtual size: 2KB

.dA9
Size: 9.4MB - Virtual size: 9.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB