5ab6a7c7e9b8bbd825734fdf0ab9e9836b5abbeee0767f62e4f2c7a93f229127

Sharing

Copy URL Twitter E-mail

General

Target

5ab6a7c7e9b8bbd825734fdf0ab9e9836b5abbeee0767f62e4f2c7a93f229127
Size

390KB
MD5

45c89eac40f25ba1aa1f616420927c07
SHA1

fe2c1b28ebc88c7ca8dee81c57fac186f9dad2b9
SHA256

5ab6a7c7e9b8bbd825734fdf0ab9e9836b5abbeee0767f62e4f2c7a93f229127
SHA512

0f452631baa8ad22218a6bcc724fc1ebe3d4c25bb93004a8fac7bfd38a415260ed6c3413f5fc4356e191a2d18684df278fdcacca977f499985063b39693db7f9
SSDEEP

6144:SzIa93adbOF1ANnzljziHH10nN6qPMfyADqxnZ02zG3OF3YGG:SjTFInzljziHV0n0XDq1nn3hG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ab6a7c7e9b8bbd825734fdf0ab9e9836b5abbeee0767f62e4f2c7a93f229127

Files

5ab6a7c7e9b8bbd825734fdf0ab9e9836b5abbeee0767f62e4f2c7a93f229127
.exe windows:6 windows x86 arch:x86

4c24b6d807e542d6430bd70e008dfa25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-10989746-1\Basic\Output\BinFinal\QQPCPatch.pdb

Imports

imm32

ImmDisableIME

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
htonl
ntohl
ntohs

kernel32

ReplaceFileW
CopyFileW
SetPriorityClass
TerminateProcess
CreateMutexW
WaitForSingleObject
GetVersionExW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrcmpiW
IsDebuggerPresent
GetCommandLineW
CreateEventW
MultiByteToWideChar
SetEvent
GetLocalTime
GetTempFileNameW
GetFileSizeEx
WritePrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileSectionW
FindFirstFileW
CompareStringW
GetFullPathNameW
FindNextFileW
FindClose
GetSystemDirectoryW
GetPrivateProfileStringW
GetWindowsDirectoryW
WriteFile
SetFilePointerEx
CreateProcessW
GlobalAlloc
GlobalFree
LocalFree
InitializeCriticalSectionAndSpinCount
SetFilePointer
lstrcpynW
HeapAlloc
GetProcessHeap
GetCurrentProcessId
GetCurrentThreadId
SetErrorMode
SearchPathW
FreeLibrary
SetUnhandledExceptionFilter
WriteProcessMemory
GetModuleHandleExW
WideCharToMultiByte
GetFileAttributesW
UnhandledExceptionFilter
QueryPerformanceCounter
SetFileTime
GetCurrentDirectoryW
GetFileType
DosDateTimeToFileTime
VirtualQuery
lstrlenW
MapViewOfFileEx
GetTickCount64
GetSystemDefaultLangID
GetNativeSystemInfo
GetSystemPowerStatus
LoadLibraryA
MoveFileExW
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
WaitForSingleObjectEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
GetModuleHandleW
GetCurrentProcess
GetTickCount
SwitchToThread
CloseHandle
DeleteFileW
CreateFileW
GetTempPathW
GetModuleFileNameW
ReadFile
CreateDirectoryW
Sleep
SetLastError
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetLastError
InitializeCriticalSectionEx
ResetEvent
OutputDebugStringW
WaitForMultipleObjects

user32

PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW

advapi32

RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegFlushKey
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExW
DeleteService
ControlService
RegSetValueExW
OpenProcessToken
ChangeServiceConfigW
OpenServiceW

shell32

SHCreateDirectoryExW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoInitialize
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

shlwapi

SHGetValueW
StrStrIW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

wininet

InternetReadFile
InternetSetOptionW
InternetCloseHandle
InternetOpenW
InternetOpenUrlW

winhttp

WinHttpQueryOption
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpDetectAutoProxyConfigUrl
WinHttpQueryHeaders

vcruntime140

__current_exception_context
memcpy
__current_exception
_CxxThrowException
memset
memmove
_set_purecall_handler
_except_handler4_common
wcschr
_purecall
wcsstr
wcsrchr
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
malloc
_callnewh
realloc

api-ms-win-crt-runtime-l1-1-0

_errno
set_terminate
_set_invalid_parameter_handler
_invalid_parameter_noinfo_noreturn
exit
_invalid_parameter_noinfo
_controlfp_s
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_seh_filter_exe
_cexit

api-ms-win-crt-string-l1-1-0

wcsncpy_s
wcsncat_s
wcscpy_s
wcscat_s
_stricmp
towlower
strncpy
wcsncmp
toupper
_wcsicmp
_wcsnicmp

api-ms-win-crt-stdio-l1-1-0

_wfopen
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
_wfopen_s
fclose
fwrite
__stdio_common_vswscanf
__stdio_common_vsnwprintf_s
__stdio_common_vsnprintf_s
_set_fmode
__p__commode

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-convert-l1-1-0

_wtol
_ultow_s
_wtoi64
_ui64tow_s
_wtoi
_itoa_s
_itow_s

api-ms-win-crt-time-l1-1-0

_time64
_mktime32
_localtime64_s
_time32

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules
EnumProcesses
GetProcessMemoryInfo

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c24b6d807e542d6430bd70e008dfa25

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

wininet

winhttp

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

psapi

Sections

.text Size: 254KB - Virtual size: 253KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 3KB - Virtual size: 79KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 254KB - Virtual size: 253KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 3KB - Virtual size: 79KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 15KB - Virtual size: 15KB