f4a8b7ae7f6d0558ea328daf63eb34be6ad31a0ff1566b2dc6ebf25b8273b83f

Sharing

Copy URL Twitter E-mail

General

Target

f4a8b7ae7f6d0558ea328daf63eb34be6ad31a0ff1566b2dc6ebf25b8273b83f
Size

1.7MB
MD5

80e3d308cb7e20366d42439c0d508dc0
SHA1

0eebc229ced73167066557955bb67648b908364d
SHA256

f4a8b7ae7f6d0558ea328daf63eb34be6ad31a0ff1566b2dc6ebf25b8273b83f
SHA512

d1c5c575c148aa5f3015c7b3626b9dc214bb2f184517d2e924a786bfdc6bc28075ac5d9acb6c48826bf8cfdb9bc1a0a1b57d0395b25587d37d292bc035f3e5f8
SSDEEP

24576:LIzkQVF+KpPr43tb5LRsI3J1xwofMYn2tp5tOOOW0fqS8ZikNSWxHFn/T51MtPYa:qDjOblygJ1x/iAmYqztT5atPYtpwb5n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4a8b7ae7f6d0558ea328daf63eb34be6ad31a0ff1566b2dc6ebf25b8273b83f

Files

f4a8b7ae7f6d0558ea328daf63eb34be6ad31a0ff1566b2dc6ebf25b8273b83f
.exe windows:6 windows x86 arch:x86

7b91ac128c9e05e12c22b794d3d69181

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-10989746-1\Basic\Output\BinFinal\QQPCUpdateAVLib.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

connect
recv
getsockopt
htons
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
socket
ntohs
send
getsockname
getpeername
WSAStartup
getaddrinfo
WSASetLastError
select
closesocket
bind
__WSAFDIsSet
WSACleanup
ntohl
htonl

kernel32

CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentProcess
WideCharToMultiByte
GetModuleHandleW
GetNativeSystemInfo
GetTickCount64
MultiByteToWideChar
GetFileAttributesW
CreateFileW
FindFirstFileW
FindNextFileW
FindClose
VirtualQuery
QueryPerformanceCounter
SetFilePointer
ReadFile
MoveFileExW
SetLastError
Sleep
GetFileAttributesExW
DeleteFileW
MoveFileW
GetCurrentThreadId
OutputDebugStringW
WriteFile
GetFileSize
InitializeCriticalSection
ExpandEnvironmentStringsA
GetVersionExW
SleepEx
HeapFree
GetTickCount
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CreateMutexW
GetPrivateProfileIntW
CreateEventW
ResetEvent
SetEvent
ReleaseMutex
GetWindowsDirectoryW
GetSystemDirectoryW
GetFullPathNameW
lstrlenW
CopyFileW
TerminateProcess
IsDebuggerPresent
RaiseException
UnhandledExceptionFilter
FindResourceExW
GetTempPathW
GetModuleHandleExW
lstrcmpiW
SwitchToThread
lstrcpynW
GetCurrentProcessId
SetErrorMode
SearchPathW
WaitForMultipleObjects
SetUnhandledExceptionFilter
WriteProcessMemory
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
DeleteFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
ProcessIdToSessionId
MapViewOfFileEx
GetSystemDefaultLangID
GetSystemPowerStatus
HeapReAlloc
HeapSize
HeapDestroy
OpenProcess
CloseHandle
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
FindResourceW
GetLocalTime
GetCommandLineW
LoadResource
LockResource
SizeofResource
LoadLibraryW
FreeLibrary
GetProcAddress
GetProcessHeap
GetExitCodeProcess
HeapAlloc
WaitForSingleObjectEx
IsProcessorFeaturePresent
GetStartupInfoW
FormatMessageA
InitializeSListHead

user32

TranslateMessage
FindWindowW
PostMessageW
IsWindow
SendMessageW
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
DefWindowProcW
PostQuitMessage
DestroyWindow
SetTimer
KillTimer
RegisterClassExW
UpdateWindow
ShowWindow
CreateWindowExW
GetMessageW

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegSetKeySecurity
RegGetKeySecurity
RegNotifyChangeKeyValue
RegEnumValueW
RegFlushKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCreateKeyExW
RegQueryInfoKeyW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize

shlwapi

SHGetValueW
PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryW
StrStrW
StrStrIW
PathAppendW

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

psapi

GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcessModules
EnumProcesses
GetModuleBaseNameW

imm32

ImmDisableIME

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__CxxFrameHandler3
__std_terminate
memset
__current_exception_context
__current_exception
_except_handler4_common
_set_purecall_handler
_purecall
strrchr
memchr
memcmp
wcschr
wcsstr
strchr
strstr
wcsrchr
memmove
__std_exception_destroy
__std_exception_copy
memcpy

api-ms-win-crt-runtime-l1-1-0

_set_invalid_parameter_handler
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
signal
_register_onexit_function
raise
_crt_atexit
_exit
strerror_s
_cexit
terminate
_beginthreadex
set_terminate
_seh_filter_exe
_set_app_type
_c_exit
_invalid_parameter_noinfo_noreturn
exit
_controlfp_s
_initterm_e
_configure_wide_argv
_errno
_invalid_parameter_noinfo
_initialize_wide_environment
_get_wide_winmain_command_line
strerror
_initterm
__sys_nerr

api-ms-win-crt-stdio-l1-1-0

fread
fputs
__stdio_common_vsscanf
fwrite
fgets
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf_s
_wfopen
__stdio_common_vsprintf
fputc
__stdio_common_vfprintf
__p__commode
_setmode
_fileno
ferror
_fseeki64
ftell
_ftelli64
fseek
_set_fmode
feof
fopen
__acrt_iob_func
fclose
fflush
__stdio_common_vswscanf

api-ms-win-crt-string-l1-1-0

wcsncmp
isalpha
strcpy
_strdup
strcmp
_strnicmp
_stricmp
wcsncpy
strspn
wcscpy_s
isspace
strncmp
strncpy
isxdigit
strnlen
_wcslwr_s
wcscmp
strcspn
tolower
isdigit
_wcsdup
_wcsnicmp
strlen
wcsncpy_s
wmemcpy_s
wcsnlen
isalnum
_wcsicmp
wcslen
strcat

api-ms-win-crt-time-l1-1-0

_time32
_localtime64_s
_gmtime64
_gmtime64_s
_time64

api-ms-win-crt-convert-l1-1-0

atoi
strtol
_wtol
strtoul
_strtoi64
_wtoi

api-ms-win-crt-filesystem-l1-1-0

_stat64
_wsplitpath_s
_stat64i32

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
calloc
realloc
_recalloc
free
malloc

api-ms-win-crt-multibyte-l1-1-0

_mbslwr_s
_mbsstr
_mbsicmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b91ac128c9e05e12c22b794d3d69181

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcp140

psapi

imm32

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 428KB - Virtual size: 427KB

.data Size: 6KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 55KB - Virtual size: 55KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 428KB - Virtual size: 427KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 55KB - Virtual size: 55KB