9fd9db216e38fdc03f7807b6683096930b1c97cda95def1dde043dda690f488a

Sharing

Copy URL Twitter E-mail

General

Target

9fd9db216e38fdc03f7807b6683096930b1c97cda95def1dde043dda690f488a
Size

997KB
MD5

1cb92ed3bd9cb04a79f1b8c04c5048e6
SHA1

8d2130fff4e9d8167c16a354c9944a3c7e22d122
SHA256

9fd9db216e38fdc03f7807b6683096930b1c97cda95def1dde043dda690f488a
SHA512

4035f33811ea773978c00fb774b2747dda108289585624e27fc1589d6f283ca1ea999cad1811ae8696d42e5665e032f12e940b3e5829b264a6a1c4c46d9ba3fc
SSDEEP

12288:1g5uEUVJaGCxW6KbMuD2BLuP0Sp4EISjFJ0PVY1LmFPngmg8POUyl:1IuEUVJBCg69uDaLuPZFyVYVqTyl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fd9db216e38fdc03f7807b6683096930b1c97cda95def1dde043dda690f488a

Files

9fd9db216e38fdc03f7807b6683096930b1c97cda95def1dde043dda690f488a
.exe windows:6 windows x86 arch:x86

7816450ea071732d9f8429b4ab93cba5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\work\capture\ScreenRecorder\rel\Win32\QYLiteEditor.pdb

Imports

kernel32

FindResourceExW
LockResource
DecodePointer
GetCurrentThreadId
CreateEventW
OpenEventW
RaiseException
DeleteCriticalSection
InitializeCriticalSectionEx
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
WriteConsoleW
FlushFileBuffers
HeapReAlloc
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetConsoleCP
SetStdHandle
ReadConsoleW
GetConsoleMode
HeapSize
HeapDestroy
SetFilePointerEx
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetStdHandle
FindFirstFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCPInfo
LCMapStringEx
GetStringTypeW
TryAcquireSRWLockExclusive
GetProcAddress
LoadLibraryW
GetModuleFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualFree
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
CreateThread
GetFileTime
MulDiv
GetQueuedCompletionStatus
CreateIoCompletionPort
TerminateThread
GetExitCodeThread
PostQueuedCompletionStatus
SetEvent
ResetEvent
OpenFileMappingW
CreateFileMappingW
GetNativeSystemInfo
SetErrorMode
GetSystemInfo
VirtualAlloc
SetUnhandledExceptionFilter
GetLocalTime
IsBadReadPtr
VirtualProtect
ExitProcess
CreateFileW
GetCurrentProcessId
GetCurrentProcess
DeleteFileW
WideCharToMultiByte
WaitForSingleObject
GetPrivateProfileStringW
SystemTimeToFileTime
GetVersionExW
GetVersion
GetTickCount
GetSystemTime
SetEndOfFile
SetFilePointer
GlobalAlloc
GlobalFree
FindNextFileW
FindClose
MoveFileExW
SetFileAttributesW
DeviceIoControl
ReadFile
SetLastError
lstrlenW
Sleep
GetThreadLocale
SetThreadLocale
lstrcmpA
GetFileSize
WriteFile
GetFileAttributesExW
OutputDebugStringW
TerminateProcess
lstrlenA
InitializeCriticalSection

user32

GetFocus
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
UnregisterClassW
DestroyCursor
SetCursor
LoadCursorW
GetDlgItem
SendMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
SetFocus
PtInRect
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
ShowWindow
LoadIconW
IsRectEmpty
PostMessageW
SetTimer
GetForegroundWindow
IsZoomed
KillTimer
IsWindow
MoveWindow
GetSystemMetrics
CopyRect
GetDC
ReleaseDC
UpdateLayeredWindow
ScreenToClient
RegisterClassExW
CreateWindowExW
DestroyWindow
IsClipboardFormatAvailable
RegisterClipboardFormatW
GetSysColor
SetCaretPos
CreateCaret
GetCaretBlinkTime
EqualRect
GetWindowTextLengthW
SetWindowTextW
MessageBoxW
wsprintfW
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
BringWindowToTop
SetActiveWindow
SystemParametersInfoW
GetClassInfoExW
BeginPaint
EndPaint
IsIconic
DrawTextW
InvalidateRect
TrackMouseEvent
GetCursorPos
SetCapture
ReleaseCapture
ClientToScreen
SetWindowRgn
EnableWindow
GetWindowTextW
PostQuitMessage
IsWindowVisible
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
SetRectEmpty
GetDoubleClickTime
IntersectRect
FillRect
UpdateWindow
GetIconInfo
DrawIconEx

gdi32

SetStretchBltMode
SetPixel
GetObjectW
CreateDIBSection
GetDeviceCaps
CreateSolidBrush
CreateRectRgn
CombineRgn
CreateRoundRectRgn
BitBlt
StretchBlt
GetBitmapBits
SetBitmapBits
SetBkMode
SetTextColor
ExtSelectClipRgn
GetViewportOrgEx
SetTextCharacterExtra
GetCurrentObject
GetTextColor
SetBkColor
CreateFontIndirectW
RestoreDC
Rectangle
GetStockObject
CreatePen
SaveDC
DeleteObject
CreateCompatibleDC
DeleteDC
SelectObject
CreateRectRgnIndirect

advapi32

RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

ShellExecuteW
ord165
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
RegisterDragDrop
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysAllocString
SysStringByteLen
SysFreeString
VarUI4FromStr

shlwapi

PathAppendW
PathCombineW
PathFindFileNameW
PathFileExistsW
PathSearchAndQualifyW
PathIsDirectoryW
SHGetValueW
PathRemoveFileSpecW

comctl32

ord17

msimg32

AlphaBlend

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateBitmapFromFile
GdipCreateSolidFill
GdipSetSolidFillColor
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipFillRectangle
GdipDrawString
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipAddPathArc
GdipFillRectangleI
GdipFillPath
GdipCreatePen1
GdipDeletePen
GdipSetPenWidth
GdipSetPenColor
GdipDrawLine
GdipDisposeImage
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipSetSmoothingMode
GdiplusStartup
GdipSetPenStartCap
GdipSetPenEndCap
GdipDrawLineI
GdipDeleteBrush

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

wininet

HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetQueryOptionW
InternetCloseHandle
InternetReadFile
InternetCrackUrlW

version

VerQueryValueW

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

Sections

.text
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7816450ea071732d9f8429b4ab93cba5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

crypt32

wininet

version

netapi32

iphlpapi

Sections

.text Size: 735KB - Virtual size: 734KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 15KB - Virtual size: 93KB

.rsrc Size: 63KB - Virtual size: 63KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 735KB - Virtual size: 734KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 15KB - Virtual size: 93KB

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 42KB - Virtual size: 41KB