901e5e11dc30770797cb39b1612b4632a82408360dde0123d3fcc528085ec8d4

Sharing

Copy URL Twitter E-mail

General

Target

901e5e11dc30770797cb39b1612b4632a82408360dde0123d3fcc528085ec8d4
Size

308KB
MD5

7b37dc65ddb2e27265950a937e42ed1a
SHA1

5922de22004d19dc4d11974cca70c147d58faaa0
SHA256

901e5e11dc30770797cb39b1612b4632a82408360dde0123d3fcc528085ec8d4
SHA512

73d50958aef4e25a1d560a1fd723b782364ef0b87bcb283a8aba0330340ae004959429ba8a928ae79ab9439af724930d9169b0dd9f5f507b2f2915bb1faad836
SSDEEP

3072:HSaPF3dKjpCQHAWKl1Ja3a7kdEmTnaLFPLjUg/E6sM4iWgGP7ginbPnFqk4y0rvu:yD9K4q7kdfnYavkN+PYlw0enM8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
901e5e11dc30770797cb39b1612b4632a82408360dde0123d3fcc528085ec8d4

Files

901e5e11dc30770797cb39b1612b4632a82408360dde0123d3fcc528085ec8d4
.exe windows:6 windows x86 arch:x86

a1d99b7b05860d83dd01312fbf509089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qci_workspace\root-workspaces\__qci-pipeline-10989746-1\Basic\Output\BinFinal\QMSignScan.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
htonl
gethostbyname
WSAStartup

kernel32

GetTempPathW
CreateDirectoryW
LoadLibraryW
FreeLibrary
GetExitCodeProcess
GetTempFileNameW
DeleteFileW
MoveFileExW
CopyFileW
RemoveDirectoryW
SetLastError
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
InitializeCriticalSectionEx
RaiseException
DeleteCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SleepEx
SetErrorMode
OpenProcess
lstrcpynW
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
CreateEventW
SearchPathW
WaitForMultipleObjects
IsBadReadPtr
VirtualProtect
IsBadWritePtr
GetCurrentThread
SetUnhandledExceptionFilter
WriteProcessMemory
WriteFile
VirtualQuery
VirtualAlloc
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
FindFirstFileW
InitializeCriticalSectionAndSpinCount
SwitchToThread
UnmapViewOfFile
CreateFileMappingW
GetModuleHandleExW
SetEvent
GetLocalTime
UnhandledExceptionFilter
GetVersionExW
QueryPerformanceCounter
lstrlenW
MapViewOfFileEx
GetTickCount64
GetSystemDefaultLangID
GetNativeSystemInfo
GetSystemPowerStatus
LoadLibraryA
SetThreadPriority
lstrcmpiW
GetCommandLineW
SetDllDirectoryW
CreateMutexW
GetTickCount
WideCharToMultiByte
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TerminateProcess
CreateProcessW
WaitForSingleObject
Sleep
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetModuleFileNameW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetLastError
OutputDebugStringW
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
FindClose
FindNextFileW
SuspendThread

user32

MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegFlushKey
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegGetKeySecurity
RegSetKeySecurity

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear

shlwapi

PathAppendW
SHGetValueW
PathFindFileNameW
PathIsDirectoryW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW
PathFindExtensionW

msvcp140

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

wintrust

WinVerifyTrust

imm32

ImmDisableIME

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
GetProcessMemoryInfo

vcruntime140

_except_handler4_common
memcpy
_CxxThrowException
memset
__current_exception_context
memmove
__CxxFrameHandler3
__std_terminate
wcsrchr
__std_exception_copy
__std_exception_destroy
wcsstr
wcschr
_set_purecall_handler
__current_exception

api-ms-win-crt-string-l1-1-0

wcsncpy_s
strncpy_s
strncmp
wcsncat_s
wcscpy_s
_wcsicmp
_wcslwr_s
_wcsnicmp
wcsncmp
wcsnlen
wmemcpy_s

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function
_initialize_onexit_table
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo
_errno
_controlfp_s
_set_invalid_parameter_handler
_beginthreadex
_set_app_type
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_cexit

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
_set_fmode
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
__p__commode
__stdio_common_vswprintf_s

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_wrename

api-ms-win-crt-convert-l1-1-0

_wtol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1d99b7b05860d83dd01312fbf509089

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp140

wintrust

imm32

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 150KB - Virtual size: 149KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 9KB - Virtual size: 9KB