f6df650d9b10b6ce36dff703826f2334bbf237c2f7afc452aadbfdd13eaffadf

Sharing

Copy URL Twitter E-mail

General

Target

f6df650d9b10b6ce36dff703826f2334bbf237c2f7afc452aadbfdd13eaffadf
Size

114KB
MD5

314a9a44dd50d8a5adce5bdb79e28bb0
SHA1

a753903640ca3d2e719954f3fb4e2c6495f7639a
SHA256

f6df650d9b10b6ce36dff703826f2334bbf237c2f7afc452aadbfdd13eaffadf
SHA512

bb646cea480f5daec593409b34320d54b17a09abc9c2e32a785543af3ba68d14e4dd3c6aa64f1153206de6f839185c7430d91368f1c3c6eaf0e54c31ed9ae5ff
SSDEEP

3072:9j2gTQ62wVtK8Gs4jLnZ9Wj2CZK3pdywTxAIgD:993l+hjLnZ9WaCY0I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6df650d9b10b6ce36dff703826f2334bbf237c2f7afc452aadbfdd13eaffadf

Files

f6df650d9b10b6ce36dff703826f2334bbf237c2f7afc452aadbfdd13eaffadf
.exe windows:5 windows x86 arch:x86

4858561d2a3ff66feb5c450a7894bb75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qci_workspace\root-workspaces\__qci-pipeline-603700-1\Basic\Output\BinFinal\QMLspPing.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

htons
htonl

kernel32

GetProcessHeap
GetCurrentProcessId
GetCurrentThreadId
SetErrorMode
InitializeCriticalSection
SearchPathW
WaitForMultipleObjects
SetUnhandledExceptionFilter
WriteProcessMemory
GetCommandLineW
InterlockedCompareExchange
InterlockedExchange
Sleep
CreateFileW
ReadFile
SetFilePointer
WriteFile
GetModuleHandleExW
GetFileAttributesW
SwitchToThread
UnmapViewOfFile
CreateFileMappingW
InterlockedDecrement
HeapAlloc
OpenProcess
GetTempPathW
UnhandledExceptionFilter
GetVersionExW
lstrlenW
MapViewOfFileEx
GetSystemDefaultLangID
GetNativeSystemInfo
VirtualQuery
GetSystemPowerStatus
LoadLibraryA
lstrcmpiW
OutputDebugStringW
lstrcpynW
SetLastError
CreateEventW
GetExitCodeProcess
IsDebuggerPresent
TerminateProcess
CreateProcessW
GetCurrentProcess
FreeLibrary
GetModuleFileNameW
WaitForSingleObject
SetEvent
CloseHandle
LoadLibraryW
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetModuleHandleW
GetLastError
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
InterlockedIncrement

user32

GetWindowDC
ReleaseDC

gdi32

GetDeviceCaps

advapi32

RegGetKeySecurity
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegFlushKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetKeySecurity
RegQueryInfoKeyW
RegCreateKeyExW

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xlength_error@std@@YAXPBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

shlwapi

PathFileExistsW
PathRemoveFileSpecW
SHGetValueW
PathAppendW
StrStrIW

imm32

ImmDisableIME

psapi

GetProcessMemoryInfo
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcesses
EnumProcessModules

vcruntime140

__CxxFrameHandler3
__std_terminate
_purecall
wcschr
_set_purecall_handler
wcsrchr
memmove
memset
_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
terminate
_c_exit
_register_thread_local_exe_atexit_callback
_set_invalid_parameter_handler

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcscpy_s
_wcsnicmp
wcsncmp
wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsnwprintf_s
__stdio_common_vswscanf

api-ms-win-crt-convert-l1-1-0

_wtol

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4858561d2a3ff66feb5c450a7894bb75

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

gdi32

advapi32

msvcp140

shlwapi

imm32

psapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 5KB - Virtual size: 5KB