f33e9ce475511e925c92c57c623e38bef390665f3cbab9e95a30408367a73bdf

Sharing

Copy URL Twitter E-mail

General

Target

f33e9ce475511e925c92c57c623e38bef390665f3cbab9e95a30408367a73bdf
Size

1.0MB
MD5

77e57442f4213091d983ad96fe1a647e
SHA1

a2e44319a5e357bde2babea0e6c3b0a1b87d8b07
SHA256

f33e9ce475511e925c92c57c623e38bef390665f3cbab9e95a30408367a73bdf
SHA512

7586e78da687757527e30f5520d661a1bf290a9bc4ce43e7c62f52279a4147d4185f87af1c3fc601458c6ba52ba19c30937416047e9ad4a4b0ce6860646171ae
SSDEEP

12288:0uwgxXHjFSornz0Lmcb8R97777777777777777778777777777777777777m7774:0uwgSoT/g4oVKPtXXWed6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f33e9ce475511e925c92c57c623e38bef390665f3cbab9e95a30408367a73bdf

Files

f33e9ce475511e925c92c57c623e38bef390665f3cbab9e95a30408367a73bdf
.exe windows:4 windows x86 arch:x86

278f2752389bf0dd09c8342420857d02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Download1.ShortProj_int\qqlivebuilder_TT4.8proj_int\Basic_Tools_VOB\TT4.0\Output\map\TencentTraveler.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHSetValueW
SHGetValueW
SHDeleteValueW

ttutilwidget

?GetCoreCenterPtr@Module@Util@@YAPAUIUnknown@@XZ
?ReleaseModuleConfig@ModuleConfig@@YAXXZ
?DRReportURL@DataReport@Util@@YAXXZ
?DRReport@DataReport@Util@@YAXPAXH@Z
?DRSetWord@DataReport@Util@@YAXPAXKG@Z
?DRGetLTHandle@DataReport@Util@@YAPAXK@Z
?TT_Log@TTLogDef@@SAXW4ENUM_LOG_SERVERITY@@PB_W1ZZ
?CreateTTData@Data@Util@@YAJABU_GUID@@PAPAX@Z
?TT_HookAPI@Module@Util@@YAXH@Z
?CreateTlss@Module@Util@@YAHXZ
?IsUniqueOrMultiTTInstance@Module@Util@@YAKXZ
?SetStartupTime@Module@Util@@YAXXZ
?SetMainThreadID@Module@Util@@YAHABK@Z
?SetModuleApp@Module@Util@@YAXPAX@Z
?IsURLEx@Module@Util@@YAHPB_W@Z
?GetRegItem@Module@Util@@YAHPAUHKEY__@@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@1AAV45@@Z
?DeleteRegItem@Module@Util@@YAHPAUHKEY__@@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@1H@Z
?IsAllowMultiTTIntance@Module@Util@@YAHXZ
?GetGlobalData@Module@Util@@YAHHPAK@Z
?InitFiles@Module@Util@@YAHH@Z
?DRInit@DataReport@Util@@YAXPB_W@Z
?DoRebootTT@Module@Util@@YAXXZ
?g_bAppExit@@3HA
?ShellExecute_tt@Module@Util@@YAPAUHINSTANCE__@@PAUHWND__@@PB_W111H@Z
?GetOSVersion@Module@Util@@YAHPAVCComBSTR@ATL@@@Z
?GetCompileVerInfo@Module@Util@@YAHPAPA_W@Z
?GetModuleHash@Crypt@Util@@YAHPAVCComBSTR@ATL@@@Z
?GetMainThreadID@Module@Util@@YAHAAK@Z
?GetCallstackInfoFileName@Module@Util@@YAHPAVCComBSTR@ATL@@@Z
?GetCompileVerInfo@Module@Util@@YAHAAG000@Z
?OutputCrashURLs@Module@Util@@YAXAAVCComBSTR@ATL@@@Z
?EnumTTIntance@Module@Util@@YAKXZ
?IsTTDefaultBrowserEx@Module@Util@@YAKXZ
?UnInstallTT@Module@Util@@YAXXZ
?SetGlobalData@Module@Util@@YAXHK@Z
?SetTTAsDefaultInVistaAsAdminPri@Module@Util@@YAHH@Z
?TTLoadLibrary@Module@Util@@YAPAUHINSTANCE__@@PB_WH@Z
?SetStartbyInstall@Module@Util@@YAX_N@Z
?GetCrashReportInfoFileName@Module@Util@@YAHPAVCComBSTR@ATL@@@Z
?IsTTInstanceExsist@Module@Util@@YAHXZ
?GetMainWindowHandler@Module@Util@@YAPAUHWND__@@XZ
?SetCoreCenterPtr@Module@Util@@YAHPAUIUnknown@@@Z
?SetCmdLineUrl@Module@Util@@YAXPB_W@Z
?GetModuleConfig@ModuleConfig@@YAHPAPAUIUnknown@@AAH@Z
?HandleTTInstanceObject@Module@Util@@YAHH@Z
?ReleaseTTInstanceObject@Module@Util@@YAXXZ
?GetBinPath@Module@Util@@YAHPAPA_W@Z
?GetParentDir@Module@Util@@YAHPA_WPAPA_W@Z
?TXSetStringBundle@@YAXPB_W0@Z
?TXSetLanguageCode@@YAJPB_W@Z
?CreateObjectFromFile@Module@Util@@YAJPA_WPAUIUnknown@@ABU_GUID@@2PAPAXPAPAUHINSTANCE__@@@Z
?AddSafeVistUrlpara@Module@Util@@YAHPA_W0@Z

kernel32

HeapDestroy
GetVersionExA
HeapReAlloc
HeapSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetLastError
GetCurrentProcess
lstrlenA
VirtualQueryEx
MultiByteToWideChar
SetUnhandledExceptionFilter
GetVersion
GetCurrentThread
TerminateThread
VirtualQuery
GetModuleFileNameW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
DeleteFileW
WritePrivateProfileStringW
Sleep
GetCurrentThreadId
FormatMessageW
GetProcessHeap
HeapAlloc
WideCharToMultiByte
LoadLibraryW
GetProcAddress
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedDecrement
InitializeCriticalSection
InterlockedIncrement

user32

EnableWindow
MessageBoxW
DispatchMessageW
TranslateMessage
GetMessageW
DefWindowProcW
ShowWindow
IsWindow
UnregisterClassA
DestroyWindow
PeekMessageW
SendMessageTimeoutW

advapi32

RegCreateKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

ole32

CoCreateInstance
OleUninitialize
OleInitialize
CLSIDFromString

oleaut32

SysStringLen
SysAllocStringLen
VarBstrCmp
SysAllocString
SysAllocStringByteLen
VariantClear
SysFreeString

atl80

ord64
ord23
ord61
ord30

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

msvcr80

?what@exception@std@@UBEPBDXZ
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__argc
__wargv
wcsrchr
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
malloc
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
??1exception@std@@UAE@XZ
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
__p__commode
_adjust_fdiv
_controlfp_s
_invoke_watson
__CxxFrameHandler3
wcslen
vswprintf_s
_vscwprintf
_wcsicmp
_CxxThrowException
memcpy_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
??3@YAXPAX@Z
vsprintf_s
_vscprintf
_wcslwr_s
wcscmp
memset
wcsstr
_recalloc
memmove_s
free
??_V@YAXPAX@Z
??2@YAPAXI@Z
swprintf_s
_XcptFilter

imagehlp

SymSetOptions
SymInitialize
SymFunctionTableAccess
StackWalk
SymGetSymFromAddr
SymGetModuleInfo
SymLoadModule

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TT_Share
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 988KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

278f2752389bf0dd09c8342420857d02

Headers

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

ttutilwidget

kernel32

user32

advapi32

ole32

oleaut32

atl80

msvcp80

msvcr80

imagehlp

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 1KB

TT_Share Size: 512B - Virtual size: 88B

.rsrc Size: 988KB - Virtual size: 988KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 1KB

TT_Share
Size: 512B - Virtual size: 88B

.rsrc
Size: 988KB - Virtual size: 988KB