535059962e7b3f7a6e688a97b2a4c363d214a824dcf254b58ec03db99847c608

Sharing

Copy URL Twitter E-mail

General

Target

535059962e7b3f7a6e688a97b2a4c363d214a824dcf254b58ec03db99847c608
Size

8.2MB
MD5

3201981cabe56fc1b6838bb6183f744f
SHA1

b564018e3bf9faffe4fafc8c4265eacf5e9d0ede
SHA256

535059962e7b3f7a6e688a97b2a4c363d214a824dcf254b58ec03db99847c608
SHA512

667210438f8719e773dade1ea3ccb73bd74dd62b5351815620653737eca94594be077f0e13cffc309aadc1788072fd53fccb1c7094b12c9cca3240f2f6e659b4
SSDEEP

196608:mu9EDyLy8JLzGTKGHZWZknH+oQP2uBPTSthJu+a3:bOyrJHnbk+oK2ulSpuv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QwQdown.exe

Files

535059962e7b3f7a6e688a97b2a4c363d214a824dcf254b58ec03db99847c608
.rar
QwQdown.exe
.exe windows:4 windows x86 arch:x86

48865db6b12ce71fbf2f83a8a6542ad8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNA
StrPBrkW
StrCmpIW
wnsprintfW
StrStrA
PathMatchSpecW
StrToIntExW
StrCpyNW
StrStrW
StrStrIW
StrRChrW
StrChrW
StrCmpNW
StrCmpNIA
StrCmpNIW

kernel32

GetCommandLineW
TerminateJobObject
GetExitCodeProcess
ResumeThread
AssignProcessToJobObject
CreateJobObjectW
GetOverlappedResult
ConnectNamedPipe
GetProcessId
GetShortPathNameW
WriteFile
LoadLibraryExW
SetNamedPipeHandleState
CreateNamedPipeA
SetFilePointer
DuplicateHandle
CreatePipe
CreateThread
InitializeCriticalSection
DeleteCriticalSection
lstrcmpA
LocalFree
GetVersionExW
CreateMutexA
WideCharToMultiByte
CreateFileA
GetFileSizeEx
DeleteFileW
VirtualFree
GetModuleHandleW
WriteConsoleW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
QueryPerformanceFrequency
SetCurrentDirectoryW
WinExec
WriteProcessMemory
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEnvironmentVariableW
ExpandEnvironmentStringsW
HeapReAlloc
GlobalMemoryStatusEx
LockResource
LoadResource
SizeofResource
FindResourceW
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
RemoveDirectoryW
MoveFileW
CopyFileW
GetProcessTimes
SetSystemPowerState
SetEndOfFile
GetLogicalDrives
FormatMessageW
QueryPerformanceCounter
SetConsoleWindowInfo
GetLargestConsoleWindowSize
SetFilePointerEx
GetVolumeNameForVolumeMountPointW
GetSystemTimeAsFileTime
DefineDosDeviceW
VirtualAlloc
QueryDosDeviceW
SleepEx
OpenThread
WaitNamedPipeW
GlobalMemoryStatus
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersion
FileTimeToSystemTime
SystemTimeToFileTime
ReleaseSemaphore
ResetEvent
DisconnectNamedPipe
GetVolumeInformationW
GetDiskFreeSpaceW
lstrcmpiA
lstrcpyA
lstrcpynA
GetHandleInformation
SetLocalTime
SetEnvironmentVariableA
GlobalAddAtomA
GetFileAttributesExW
DeleteVolumeMountPointW
CreateHardLinkW
VirtualProtect
GetConsoleWindow
SetConsoleScreenBufferSize
AllocConsole
GetFullPathNameW
FileTimeToLocalFileTime
LCMapStringA
GetFileSize
EnumResourceNamesW
GetTempPathW
LCMapStringW
SetVolumeMountPointW
SetVolumeLabelW
GetLongPathNameW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
GetTimeZoneInformation
SetFileValidData
TerminateThread
GlobalDeleteAtom
OpenEventW
SetThreadPriority
CreateNamedPipeW
CreateMailslotW
OpenMutexW
CreateSemaphoreW
OpenSemaphoreW
Beep
FindFirstFileW
VirtualQueryEx
GetThreadContext
SetThreadContext
VirtualProtectEx
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
IsBadWritePtr
HeapCreate
HeapDestroy
MultiByteToWideChar
GetSystemInfo
VirtualQuery
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetFileType
SetStdHandle
HeapSize
GetVersionExA
RtlUnwind
ReadProcessMemory
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadLibraryW
WaitForSingleObject
ExitProcess
lstrcatA
CreateDirectoryW
CreateProcessW
FindNextFileW
FlushFileBuffers
FindFirstVolumeW
CreateFileW
DeviceIoControl
FindNextVolumeW
FindVolumeClose
GetProcessAffinityMask
GetModuleHandleA
IsBadCodePtr
CompareStringA
CompareStringW
GetProcessHeap
HeapFree
GetModuleFileNameW
SearchPathW
CreateFileMappingA
OpenFileMappingA
TerminateProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetErrorMode
GetStdHandle
LoadLibraryA
GetProcAddress
CreateFiber
ConvertThreadToFiber
DeleteFiber
SwitchToFiber
GetLocaleInfoW
GetCurrentProcess
SetProcessWorkingSetSize
Sleep
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentProcessId
OpenFileMappingW
GetLastError
SetLastError
CreateMutexW
CreateEventW
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
SetEvent
FreeEnvironmentStringsW
OpenProcess
ReleaseMutex
WTSGetActiveConsoleSessionId
HeapAlloc
lstrlenA
lstrcpynW
lstrcatW
lstrcpyW
lstrcmpW
lstrcmpiW
FindClose
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
MulDiv
GetTickCount
GetStartupInfoW
FreeLibrary
lstrlenW
RaiseException
IsBadReadPtr

user32

DrawEdge
DrawIconEx
GetFocus
GetActiveWindow
CreateDialogParamW
FindWindowExW
EnumWindows
UpdateWindow
IsChild
SetScrollInfo
ScrollWindow
MessageBoxTimeoutW
SetCapture
ReleaseCapture
ShowCursor
DrawIcon
SetMenu
CreateMenu
LoadBitmapW
SetWindowRgn
CreateIconFromResource
FindWindowW
LoadStringA
WindowFromPoint
ChildWindowFromPointEx
CharUpperA
IsWindowVisible
GetWindowInfo
CopyImage
DestroyCursor
GetClipboardData
IsWindowEnabled
CreateIconFromResourceEx
PtInRect
LoadImageW
SwitchToThisWindow
GetClassNameW
MessageBoxW
IsRectEmpty
EnumChildWindows
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
FindWindowExA
GetForegroundWindow
AttachThreadInput
IsDialogMessageW
GetSysColor
DestroyIcon
LoadCursorW
SetCursor
RegisterWindowMessageW
GetWindowThreadProcessId
SetFocus
SetScrollPos
GetScrollInfo
GetWindowDC
IsIconic
GetMessageW
RegisterClassExW
DialogBoxIndirectParamW
SetParent
BeginPaint
EndPaint
SetLayeredWindowAttributes
GetMenu
GetMenuItemCount
DialogBoxParamW
DefWindowProcW
LoadMenuW
RemoveMenu
InsertMenuW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
InvalidateRect
GetDlgItemTextW
FillRect
RedrawWindow
CallWindowProcW
GetKeyState
EndDialog
EnumDisplaySettingsW
GetSubMenu
GetMenuItemID
GetMenuStringW
ModifyMenuW
UnregisterHotKey
RegisterHotKey
LockWorkStation
mouse_event
MsgWaitForMultipleObjects
UnhookWindowsHookEx
SetWindowsHookExW
GetAsyncKeyState
PostQuitMessage
CallNextHookEx
GetKeyboardState
keybd_event
RegisterDeviceNotificationW
ExitWindowsEx
SendMessageTimeoutW
IsWindow
ScreenToClient
GetWindowTextLengthW
OffsetRect
CharUpperW
SetThreadDesktop
SwitchDesktop
CloseDesktop
GetCursorPos
CreatePopupMenu
TrackPopupMenu
DestroyMenu
wsprintfA
LoadStringW
AppendMenuW
FindWindowA
GetLastInputInfo
PeekMessageW
TranslateMessage
DispatchMessageW
SystemParametersInfoW
WaitForInputIdle
GetSystemMenu
EnableMenuItem
GetWindowLongW
GetClientRect
wsprintfW
DrawTextW
GetSystemMetrics
ShowScrollBar
EnableWindow
GetDesktopWindow
SetActiveWindow
SetForegroundWindow
BringWindowToTop
GetWindowTextW
SetWindowTextW
ClientToScreen
MoveWindow
CreateWindowExW
SetWindowLongW
GetDlgCtrlID
GetParent
LoadIconW
ReleaseDC
GetDC
SetDlgItemTextW
DestroyWindow
GetDlgItem
SetWindowPos
ShowWindow
GetWindowRect
KillTimer
SetTimer
SendMessageW
PostMessageW
OpenDesktopW

gdi32

RealizePalette
GetDIBits
CreateDCA
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
BitBlt
DeleteDC
CreateSolidBrush
AddFontResourceW
GetStockObject
SelectObject
SetBkMode
SetTextColor
SelectPalette
Polyline
GetTextMetricsW
Rectangle
CreateBitmap
CreatePen
Ellipse
CreateEllipticRgn
SetBkColor
ExtTextOutW
GetBkColor
CreateFontW
CreateRectRgn
GetPixel
CombineRgn
StretchBlt
GetObjectW
DeleteObject

advapi32

OpenSCManagerW
CreateRestrictedToken
AllocateAndInitializeSid
OpenProcessToken
CreateProcessWithLogonW
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
GetTokenInformation
StartServiceW
OpenServiceW
CreateServiceW
CloseServiceHandle
DeleteService
ControlService
SetServiceStatus
AbortSystemShutdownW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
RegCloseKey
RegCreateKeyExW
ChangeServiceConfig2W
ChangeServiceConfigW
InitiateSystemShutdownW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyExA
SetNamedSecurityInfoW
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoW
RegUnLoadKeyW
RegLoadKeyW
RegSaveKeyExW
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CheckTokenMembership
FreeSid

shell32

SHGetSpecialFolderPathW
SHChangeNotify
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
DragAcceptFiles
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathA
DragQueryFileW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiClassNameFromGuidA
CM_Get_DevNode_Status
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_Parent
SetupDiOpenClassRegKey
SetupDiGetDeviceInfoListDetailW
CM_Get_DevNode_Status_Ex
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiClassNameFromGuidW
SetupDiGetDeviceInstallParamsW
SetupDiChangeState
SetupDiSetClassInstallParamsW

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_

Sections

.text
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

flag_dat
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
使用说明.txt
当下软件园.url

Sharing

General

Malware Config

Signatures

Files

48865db6b12ce71fbf2f83a8a6542ad8

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

version

setupapi

Exports

Exports

Sections

.text Size: 659KB - Virtual size: 659KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 7KB - Virtual size: 17KB

flag_dat Size: 512B - Virtual size: 19B

.rsrc Size: 500KB - Virtual size: 499KB

.text
Size: 659KB - Virtual size: 659KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 7KB - Virtual size: 17KB

flag_dat
Size: 512B - Virtual size: 19B

.rsrc
Size: 500KB - Virtual size: 499KB