9ad5ffd0d4153cc542714013a979cf4710ad5fcc29b0da9a374ec574e71f3052

Sharing

Copy URL

Twitter E-mail

General

Target

9ad5ffd0d4153cc542714013a979cf4710ad5fcc29b0da9a374ec574e71f3052
Size

380KB
MD5

2c10af0cce8b3b1053781cf837a8200b
SHA1

f31e2ad8961c27e630d707dafda1d40428768749
SHA256

9ad5ffd0d4153cc542714013a979cf4710ad5fcc29b0da9a374ec574e71f3052
SHA512

3d7d1b0d6b4f910813fed9508fbc7f0e43163ef0bb255d166469927a7a76926bd4fc1d98f3d8714816e30608b640f7f76f64b3d7b735e036f841bd9a108798cc
SSDEEP

6144:qwgSHcmV/YjWCyx1WrzF4TNStH/PeiVNfBq06qxz9XnIPYAUrbdxxUG+p0OoAzL:qycmV/YjWCyxgrSwNeif7z9Jbx82AzL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ad5ffd0d4153cc542714013a979cf4710ad5fcc29b0da9a374ec574e71f3052

Files

9ad5ffd0d4153cc542714013a979cf4710ad5fcc29b0da9a374ec574e71f3052
.exe windows:5 windows x86 arch:x86

1c2e926bf5467c91f912f6c57518248e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\qci_workspace\root-workspaces\__qci-pipeline-603700-1\Basic\Output\BinFinal\QQPCPatch.pdb

Imports

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

htons
htonl
ntohs
ntohl

kernel32

FreeLibrary
MoveFileExW
ReplaceFileW
CopyFileW
SetPriorityClass
InterlockedDecrement
TerminateProcess
CreateMutexW
WaitForSingleObject
GetVersionExW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrcmpiW
IsDebuggerPresent
GetCommandLineW
CreateEventW
MultiByteToWideChar
SetEvent
GetLocalTime
GetTempFileNameW
GetFileSizeEx
WritePrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileSectionW
FindFirstFileW
CompareStringW
GetFullPathNameW
FindNextFileW
FindClose
GetSystemDirectoryW
GetPrivateProfileStringW
GetWindowsDirectoryW
WriteFile
SetFilePointerEx
CreateProcessW
GlobalAlloc
GlobalFree
LocalFree
SetFileTime
SetFilePointer
GetCurrentDirectoryW
WideCharToMultiByte
LeaveCriticalSection
DosDateTimeToFileTime
lstrcpynW
HeapAlloc
GetProcessHeap
GetCurrentProcessId
GetCurrentThreadId
SetErrorMode
SearchPathW
WaitForMultipleObjects
SetUnhandledExceptionFilter
WriteProcessMemory
GetModuleHandleExW
GetFileAttributesW
InterlockedIncrement
UnhandledExceptionFilter
QueryPerformanceCounter
lstrlenW
MapViewOfFileEx
GetSystemDefaultLangID
GetNativeSystemInfo
VirtualQuery
GetSystemPowerStatus
LoadLibraryA
InitializeCriticalSection
InitializeSListHead
EnterCriticalSection
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
GetModuleHandleW
GetCurrentProcess
GetTickCount
SwitchToThread
CloseHandle
DeleteFileW
CreateFileW
GetTempPathW
GetModuleFileNameW
ReadFile
CreateDirectoryW
Sleep
InterlockedCompareExchange
SetLastError
InterlockedExchange
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetLastError
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
OutputDebugStringW
GetFileType

advapi32

RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegFlushKey
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExW
DeleteService
ControlService
RegSetValueExW
OpenProcessToken
ChangeServiceConfigW
OpenServiceW

shell32

SHCreateDirectoryExW

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit

shlwapi

PathIsDirectoryW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
StrStrIW

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

wininet

InternetSetOptionW
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

winhttp

WinHttpReadData
WinHttpOpenRequest
WinHttpSendRequest
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpOpen
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpDetectAutoProxyConfigUrl
WinHttpAddRequestHeaders

vcruntime140

__std_exception_copy
memcpy
_except_handler4_common
memset
memmove
_set_purecall_handler
wcschr
_purecall
wcsstr
wcsrchr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_callnewh
realloc
_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_set_invalid_parameter_handler
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
terminate
_controlfp_s
_c_exit
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_errno

api-ms-win-crt-string-l1-1-0

wcsncpy_s
toupper
wcsncat_s
_wcsicmp
strncpy
wcscpy_s
towlower
wcscat_s
_wcsnicmp
_stricmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
fclose
fwrite
_wfopen_s
__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsnprintf_s
_set_fmode
_wfopen
__p__commode

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

_wtol
_ultow_s
_wtoi64
_ui64tow_s
_wtoi
_itoa_s
_itow_s

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time32
_mktime32
_time64

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
_except1

psapi

GetModuleFileNameExW
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules
EnumProcesses

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c2e926bf5467c91f912f6c57518248e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

version

ws2_32

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

wininet

winhttp

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

psapi

Sections

.text Size: 262KB - Virtual size: 261KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 3KB - Virtual size: 79KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 262KB - Virtual size: 261KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 3KB - Virtual size: 79KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 16KB - Virtual size: 16KB