7d23ddb301c95166b30023d46d50f466e2eb9ffeefe84c0856ac8b20373849a9

Sharing

Copy URL Twitter E-mail

General

Target

7d23ddb301c95166b30023d46d50f466e2eb9ffeefe84c0856ac8b20373849a9
Size

213KB
MD5

deb5ad83ca2dfb2bd544473291f4b60e
SHA1

441d9eea0868aac6426516ac7c12e66531bd8584
SHA256

7d23ddb301c95166b30023d46d50f466e2eb9ffeefe84c0856ac8b20373849a9
SHA512

bb5c3d5ffdebdd5a23173328ba04c5234c4a8f7ab0c7f4e714d7fe152760f42487572e6bde2afe4e288a9770a3c7f2105d5912ffb3bca0912e9220e051848c15
SSDEEP

6144:JK5mVRh6m5PfTwWb+jqTEQPeAOgAtzD5y:mmVRh6m5PfTTdeV5y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d23ddb301c95166b30023d46d50f466e2eb9ffeefe84c0856ac8b20373849a9

Files

7d23ddb301c95166b30023d46d50f466e2eb9ffeefe84c0856ac8b20373849a9
.exe windows:5 windows x86 arch:x86

dc3acb41cfc15c617e782a9bae9d85b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\dabao_tool\CloundInstall\QQGameMicroProtal\Bin\Release\Work\QQGameService.pdb

Imports

kernel32

FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
GetDateFormatW
GetTimeFormatW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetComputerNameExW
lstrcmpiW
OpenProcess
CreateToolhelp32Snapshot
ProcessIdToSessionId
Process32NextW
Process32FirstW
WTSGetActiveConsoleSessionId
GetCurrentProcessId
TerminateThread
DeleteFileW
CopyFileW
CreateDirectoryW
DeleteCriticalSection
GetSystemTime
GetModuleHandleW
GetSystemDirectoryW
WriteConsoleW
SetEndOfFile
GetCurrentDirectoryW
ReadConsoleW
ReadFile
SetFilePointerEx
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
Sleep
CreateEventW
CreateFileW
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
CloseHandle
GetLongPathNameW
GetFileAttributesW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetStringTypeW
SetEnvironmentVariableW
FindClose
GetFileSizeEx
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetDriveTypeW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
ExitProcess
GetFullPathNameW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FindNextFileW
QueryPerformanceCounter
InitializeSListHead
OutputDebugStringW
RtlUnwind
GetCurrentProcess

advapi32

GetTokenInformation
RegisterServiceCtrlHandlerExW
RevertToSelf
CreateServiceW
CloseServiceHandle
OpenSCManagerW
GetSidSubAuthorityCount
SetServiceStatus
GetSidSubAuthority
ChangeServiceConfig2W
GetUserNameA
DeleteService
ControlService
LookupAccountNameA
ImpersonateLoggedOnUser
StartServiceW
StartServiceCtrlDispatcherW
QueryServiceConfigW
ChangeServiceConfigW
OpenServiceW
QueryServiceStatusEx
GetSidIdentifierAuthority
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

shlwapi

PathQuoteSpacesW
SHRegGetPathW
PathIsRelativeW
PathAddBackslashW
PathCanonicalizeW
PathFileExistsW
PathRemoveFileSpecW
PathUnquoteSpacesW
PathAppendW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc3acb41cfc15c617e782a9bae9d85b9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

shlwapi

wtsapi32

userenv

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 6KB - Virtual size: 6KB