9b8cc51e1bfc61f54ce75feaca3ab6e8e87a88c7165fc6abc16dc32d27eea3c1

Sharing

Copy URL Twitter E-mail

General

Target

9b8cc51e1bfc61f54ce75feaca3ab6e8e87a88c7165fc6abc16dc32d27eea3c1
Size

298KB
MD5

e1b6997f4e70b3f7a437bb49635867b9
SHA1

3c2611f316cce79f938951e9f2ce7f8b731df7dd
SHA256

9b8cc51e1bfc61f54ce75feaca3ab6e8e87a88c7165fc6abc16dc32d27eea3c1
SHA512

43ff3575fd358b368bb41794149617b76c32024a61c3f1a7bcaeba3f53711916d4cf149e65be29a857c024dfc0a6bd8009808971d6b5e13872331ec91c5baabc
SSDEEP

3072:5VEgqIJGr+US93GwsiBOxIa7hg9Mq3LMeHJHH+09xyavRStRr:/EEB92jiy7hg9Mq3RlpvRMr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b8cc51e1bfc61f54ce75feaca3ab6e8e87a88c7165fc6abc16dc32d27eea3c1

Files

9b8cc51e1bfc61f54ce75feaca3ab6e8e87a88c7165fc6abc16dc32d27eea3c1
.exe windows:5 windows x86 arch:x86

b17d39a3f8689f6b7ab28859f92d95a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qci_workspace\root-workspaces\__qci-pipeline-603700-1\Basic\Output\BinFinal\QMSignScan.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
gethostbyname
WSAStartup
htonl

kernel32

FindFirstFileW
Sleep
FindNextFileW
FindClose
GetLocalTime
GetTempPathW
CreateDirectoryW
LoadLibraryW
FreeLibrary
GetTempFileNameW
DeleteFileW
MoveFileExW
CopyFileW
RemoveDirectoryW
InterlockedCompareExchange
SetLastError
InterlockedExchange
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SleepEx
SetErrorMode
OpenProcess
lstrcpynW
GetCurrentThreadId
InitializeCriticalSection
CreateEventW
SearchPathW
WaitForMultipleObjects
SetUnhandledExceptionFilter
WriteProcessMemory
WriteFile
SwitchToThread
UnmapViewOfFile
SetDllDirectoryW
CreateFileMappingW
MapViewOfFile
GetModuleHandleExW
OpenEventW
SetEvent
InterlockedDecrement
InterlockedIncrement
SetThreadPriority
UnhandledExceptionFilter
GetVersionExW
lstrlenW
MapViewOfFileEx
GetSystemDefaultLangID
GetNativeSystemInfo
VirtualQuery
GetSystemPowerStatus
LoadLibraryA
OutputDebugStringW
lstrcmpiW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
CreateMutexW
GetPrivateProfileIntW
WideCharToMultiByte
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
GetTickCount
TerminateProcess
WaitForSingleObject
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetModuleFileNameW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetLastError
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseMutex
GetStartupInfoW
GetCommandLineW
IsProcessorFeaturePresent

advapi32

RegQueryInfoKeyW
RegGetKeySecurity
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegFlushKey
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetKeySecurity

oleaut32

VariantClear

shlwapi

PathFindExtensionW
SHGetValueW
StrStrIW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryW

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

wintrust

WinVerifyTrust

imm32

ImmDisableIME

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses
GetProcessMemoryInfo

vcruntime140

memcpy
_CxxThrowException
__CxxFrameHandler3
__std_terminate
wcsrchr
wcsstr
wcschr
_set_purecall_handler
memmove
memset
_except_handler4_common
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-string-l1-1-0

wcsncat_s
strncmp
wcsncpy_s
strncpy_s
wcsncmp
wmemcpy_s
wcscpy_s
wcsnlen
wcscat_s
_wcsnicmp
_wcslwr_s
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_controlfp_s
_beginthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_set_invalid_parameter_handler
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo
terminate
_errno
_cexit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_configure_wide_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
realloc
malloc
free

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

putchar
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
putwchar
__stdio_common_vswscanf
__stdio_common_vswprintf_s
__p__commode
_set_fmode

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_wrename
_wsplitpath_s

api-ms-win-crt-convert-l1-1-0

_wtol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b17d39a3f8689f6b7ab28859f92d95a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

advapi32

oleaut32

shlwapi

msvcp140

wintrust

imm32

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 177KB - Virtual size: 176KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 177KB - Virtual size: 176KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB