b80083985a727f3d4be01ee6b817ac8e04979a185df7ce91a74e9730a36e6623

Sharing

Copy URL Twitter E-mail

General

Target

b80083985a727f3d4be01ee6b817ac8e04979a185df7ce91a74e9730a36e6623
Size

664KB
MD5

6f095b2da5f7954212b5e10f3cb6671e
SHA1

476b0e264d76c6bf19435ec24bed0eb16e367b00
SHA256

b80083985a727f3d4be01ee6b817ac8e04979a185df7ce91a74e9730a36e6623
SHA512

e9ada163ebb1a54c31530661f50612f47ecd8873ac0c25364c253a988caf4ca201fdb1cc12701eb5a2b9c1e55384bbcbe44babd6d078cc74ce5213270555ae36
SSDEEP

768:l0aHhiyGnWH63spPh50bq2u1BxvLj1lkBO3VeA58jmGwr/IjqClVCCPNi+:lTUyGWHespPv0qDoOle4ImWs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b80083985a727f3d4be01ee6b817ac8e04979a185df7ce91a74e9730a36e6623

Files

b80083985a727f3d4be01ee6b817ac8e04979a185df7ce91a74e9730a36e6623
.exe windows:4 windows x86 arch:x86

4baf9df08e2a232c4c7e7a87162efb43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\10.6Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\QQPCTray.pdb

Imports

shlwapi

PathAppendW
PathCombineA
PathRemoveFileSpecW
PathFileExistsW
PathCombineW

kernel32

UnmapViewOfFile
CreateFileA
ResetEvent
ReadFileEx
WaitForSingleObjectEx
GetProcessWorkingSetSize
GetCurrentProcess
SetProcessWorkingSetSize
VirtualLock
VirtualUnlock
SetCurrentDirectoryA
LoadLibraryExA
FreeLibrary
SetEvent
OpenEventW
GetCurrentProcessId
GetVersionExW
lstrlenA
HeapCreate
ProcessIdToSessionId
MultiByteToWideChar
GetLastError
LoadLibraryW
CreateEventW
HeapAlloc
GetProcAddress
HeapDestroy
HeapFree
WriteFile
CloseHandle
ReadFile
DeleteCriticalSection
SwitchToThread
lstrcmpiW
VirtualQuery
GetModuleHandleW
InterlockedExchange
OpenProcess
GetModuleFileNameA
InterlockedCompareExchange
WideCharToMultiByte
ExpandEnvironmentStringsW
GetStartupInfoW
Sleep
MapViewOfFile
SetFilePointer
CreateFileMappingW
GetFileSize
CreateFileW
GetModuleFileNameW
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WaitForSingleObject
GetSystemTimeAsFileTime
GetLocalTime
EnterCriticalSection
InitializeCriticalSection
OpenFileMappingW
LeaveCriticalSection
GetCurrentThreadId
GetTickCount
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
ReleaseMutex
CreateMutexW
GetPrivateProfileIntW
QueryPerformanceCounter

user32

FindWindowA
SendMessageTimeoutW
IsWindow

advapi32

SetSecurityDescriptorDacl
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitializeSecurityDescriptor

msvcp80

?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ

msvcr80

wcsncpy_s
wcsrchr
strncpy_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_memicmp
strrchr
??2@YAPAXI@Z
wcscmp
_vsnwprintf_s
wcscpy_s
_vsnprintf_s
memset
_wtol
_wcsnicmp
__CxxFrameHandler3
__argc
wcslen
??_V@YAXPAX@Z
_wcsicmp
wcsncat
??3@YAXPAX@Z
strchr
wcsncat_s
fflush
_purecall
_snprintf_s
fclose
fwrite
_except_handler3
__wargv

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo
EnumProcesses

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tc
Size: 324KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4baf9df08e2a232c4c7e7a87162efb43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

msvcp80

msvcr80

psapi

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 288KB - Virtual size: 285KB

.reloc Size: 4KB - Virtual size: 2KB

.tc Size: 324KB - Virtual size: 344KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 288KB - Virtual size: 285KB

.reloc
Size: 4KB - Virtual size: 2KB

.tc
Size: 324KB - Virtual size: 344KB