7bc6daf478605d442cd6ac64868c7ad0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7bc6daf478605d442cd6ac64868c7ad0N.exe
Size

1.1MB
MD5

7bc6daf478605d442cd6ac64868c7ad0
SHA1

4ed6cb097e82964f48652adc6e00c63db8d41128
SHA256

1f841d0ac9b9ad1370a095158323439e9fc43c367635574427e8de44018b7fb7
SHA512

8506027f072483004a414744cc7b0d2019cbc99a9cb563966e5e037fcccfb153e98b17bec314617a3d0c304e1c702a135257218d232b54eb840612e9f3c7d385
SSDEEP

24576:LGrkQVdqdEnrQgABpWZsz5MxtN7UghV/zarNFc3K3f:LGrkQCSrPqpWZsixtNUghVLcjc3uf

Score

1^/10

Malware Config

Signatures

Files

7bc6daf478605d442cd6ac64868c7ad0N.exe
.exe windows:6 windows x86 arch:x86

5734f0b6deca208dd6c2832f22c280e7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/10/2022, 00:00

Not After

17/10/2025, 23:59

Subject

CN=Tencent Technology (Shenzhen) Company Limited,O=Tencent Technology (Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:18:fc:0d:67:e6:1e:1c:e6:a4:8f:59:41:37:0a:8b:e8:5d:2c:17:7a:3a:6a:c7:cc:cf:c1:f5:9f:bf:20:2e
Signer

Actual PE Digest

a5:18:fc:0d:67:e6:1e:1c:e6:a4:8f:59:41:37:0a:8b:e8:5d:2c:17:7a:3a:6a:c7:cc:cf:c1:f5:9f:bf:20:2e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Git-repo\qb10frame\chrome\src\out\Release_x86\QQBrowserLiveup.pdb

Imports

kernel32

ResetEvent
FindResourceExW
LockResource
VerSetConditionMask
VerifyVersionInfoW
WideCharToMultiByte
TerminateThread
Sleep
WinExec
GetTickCount
MoveFileExW
OpenProcess
CreateProcessW
GetVersionExW
DeleteFileW
VirtualQuery
MulDiv
GetExitCodeProcess
GetProcessHeap
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
WriteConsoleW
SetEndOfFile
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapFree
DecodePointer
SetUnhandledExceptionFilter
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
RaiseException
lstrcmpiW
FreeLibrary
MultiByteToWideChar
WaitForSingleObject
GetLastError
SetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LeaveCriticalSection
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetCurrentDirectoryW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
VirtualProtect
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
EnterCriticalSection
GetCurrentThreadId
CreateMutexW
OpenMutexW
CloseHandle
LCMapStringEx
InitOnceExecuteOnce
QueryPerformanceCounter
FormatMessageA
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
WaitNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateThread
GetDiskFreeSpaceExW
GetExitCodeThread
DeviceIoControl
WaitForMultipleObjects
SetEvent
GetSystemTimeAsFileTime
K32GetMappedFileNameW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OutputDebugStringW
GetSystemDefaultLangID
GetFullPathNameW
WriteFile
SetFilePointer
CreateDirectoryW
RemoveDirectoryW
CopyFileW
TerminateProcess
FindNextFileW
FindClose
FindFirstFileW
GetLocalTime
GetTempPathW
GetSystemInfo
GetSystemDirectoryW
CreateEventW
ReadFile
GetCurrentProcess
LocalFree
LocalAlloc
LoadLibraryW
GlobalFree
InitializeCriticalSectionEx
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource

user32

MapWindowPoints
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetForegroundWindow
SetTimer
PostQuitMessage
ClientToScreen
SendMessageW
KillTimer
IsWindowVisible
ShowWindow
MessageBoxW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
LoadImageW
OffsetRect
GetSysColor
MoveWindow
SetWindowTextW
GetSystemMetrics
GetDesktopWindow
GetDlgItem
SetWindowRgn
ScreenToClient
EnableWindow
InvalidateRect
SetFocus
PtInRect
GetScrollInfo
EndDialog
GetDlgCtrlID
SystemParametersInfoW
DispatchMessageW
PostThreadMessageW
GetMessageW
PeekMessageW
FrameRect
SendInput
GetForegroundWindow
EnumWindows
IsZoomed
IsIconic
GetWindowDC
SetCursor
GetWindowTextLengthW
GetWindowTextW
InflateRect
GetClassNameW
PostMessageW
IsWindow
SetWindowPos
ReleaseDC
GetDC
UpdateLayeredWindow
GetWindowRect
GetClientRect
LoadCursorW
CallWindowProcW
GetWindowLongW
DialogBoxParamW
DestroyWindow
FindWindowW
EndPaint
BeginPaint
SetCapture
ReleaseCapture
UpdateWindow
GetCapture
DestroyIcon
GetIconInfo
SetRectEmpty
IsRectEmpty
DrawFocusRect
CopyRect
AdjustWindowRectEx
DrawTextW
UnionRect
GetActiveWindow
GetAncestor
GetFocus
SetPropW
RemovePropW
EnumChildWindows
IsWindowEnabled
IntersectRect
CharNextW
UnregisterClassW
DefWindowProcW
SetWindowLongW
GetMenu
EqualRect
GetCursorPos

gdi32

GetClipBox
GetViewportOrgEx
RestoreDC
SaveDC
CreatePen
CreateDIBSection
CreateFontIndirectW
SetDIBColorTable
CombineRgn
GetPixel
CreateSolidBrush
RectVisible
GetCurrentObject
MoveToEx
LineTo
GetTextExtentPoint32W
GetTextExtentExPointW
SetBitmapBits
GetBitmapBits
SetBkMode
GetObjectA
GetObjectW
DeleteObject
SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
BitBlt
CreateFontW
GetDeviceCaps
SetTextColor
GetStockObject
CreateRectRgnIndirect
SetBkColor
ExtTextOutW
SelectClipRgn

advapi32

ConvertSidToStringSidW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
GetTokenInformation

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderLocation
ShellExecuteW
ord75
SHGetPathFromIDListW

ole32

CoCreateGuid
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathMatchSpecW
PathFindFileNameW
PathFileExistsW
PathAppendW
SHDeleteValueW
PathCombineW
SHGetValueW
PathRemoveFileSpecW
PathGetArgsW
PathRemoveBlanksW
PathRemoveBackslashW
PathIsDirectoryW
PathCanonicalizeW
wnsprintfW
SHSetValueW
PathRemoveArgsW
PathUnquoteSpacesW

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_Destroy
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromResource
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawString
GdipCreateImageAttributes
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipResetWorldTransform
GdipGetFontSize
GdiplusShutdown
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipCreateBitmapFromHICON
GdipBitmapGetPixel
GdiplusStartup
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipSetSmoothingMode
GdipDrawEllipseI
GdipDrawPath
GdipFillEllipseI
GdipFillPath
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDeleteFont
GdipDisposeImageAttributes
GdipFree
GdipMeasureString

dbghelp

MakeSureDirectoryPathExists

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

ws2_32

ntohl
htonl
htons

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpConnect

urlmon

URLDownloadToFileW

wininet

HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
InternetReadFile
DeleteUrlCacheEntryW
InternetOpenA

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5734f0b6deca208dd6c2832f22c280e7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fcCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a5:18:fc:0d:67:e6:1e:1c:e6:a4:8f:59:41:37:0a:8b:e8:5d:2c:17:7a:3a:6a:c7:cc:cf:c1:f5:9f:bf:20:2eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

dbghelp

version

netapi32

ws2_32

winhttp

urlmon

wininet

Sections

.text Size: 569KB - Virtual size: 568KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 17KB - Virtual size: 84KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 271KB - Virtual size: 271KB

.reloc Size: 84KB - Virtual size: 84KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:da:f2:fe:51:f3:b2:e9:4c:bb:69:5a:4a:51:74:fc
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a5:18:fc:0d:67:e6:1e:1c:e6:a4:8f:59:41:37:0a:8b:e8:5d:2c:17:7a:3a:6a:c7:cc:cf:c1:f5:9f:bf:20:2e
Signer

.text
Size: 569KB - Virtual size: 568KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 17KB - Virtual size: 84KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 271KB - Virtual size: 271KB

.reloc
Size: 84KB - Virtual size: 84KB