535d903d02b7479ea622284a31001a90N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

535d903d02b7479ea622284a31001a90N.exe
Size

150KB
MD5

535d903d02b7479ea622284a31001a90
SHA1

a7802a69cfa69b9e6be635e8f58fbe3e444a2e51
SHA256

cbeeb0be0900e0ada4a54390112cbbf471c86df3f5ea568f56af6a66b9d9eeb3
SHA512

4625b9e088c15bf3944286cc6730630c2aa312720dbf0e60a6a50233fe931e2781ae1fa6b3b6b29e6e14b3a9fce130d2a8e23d4a128e32e799d8dbb34eb2e601
SSDEEP

3072:WtDCYO04Xk3JEfiOooimR5SChKT/RS9ks3maq6GwV:qDCBSGfiOoFCsT/mL3GwV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
535d903d02b7479ea622284a31001a90N.exe

Files

535d903d02b7479ea622284a31001a90N.exe
.exe windows:4 windows x86 arch:x86

cd42a82f6dd682fa3042ae728936e085

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\doc\QLDoc\HummerSDK5.2\Output\PdbFinal\QQLiveBrowser.pdb

Imports

common

??4CTXStringW@@QAEAAV0@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
??8@YA_NPB_WABVCTXStringW@@@Z
?FlushLog@TXLog@@YAXXZ
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z
??0CTXStringW@@QAE@XZ
?OnExitWinMain@Misc@Util@@YAXXZ
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
?Format@CTXStringW@@QAAXPB_WZZ
?GetLength@CTXStringW@@QBEHXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
??ACTXStringW@@QBE_WH@Z
??0CTXStringW@@QAE@PB_W@Z
?Append@CTXStringW@@QAEXPB_W@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?GetString@CTXStringW@@QBEPB_WXZ
??8@YA_NABVCTXStringW@@PB_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
?MinimzeMemory@Sys@Util@@YAXXZ
??4CTXStringW@@QAEAAV0@PA_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?IsFileExist@FS@@YAHPB_W@Z
?SetBugReportUin@TXBugReport@@YAXK@Z
??1CTXStringW@@QAE@XZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?SetBugReportFlag@TXBugReport@@YAHK@Z
?GetLCID@NLS@@YAKXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
??BCTXStringW@@QBEPB_WXZ
?GetSession@TXLog@@YAKXZ
?SetMainAndLogicMsgLoop@Misc@Util@@YAXPAVMessageLoopForUI@AsyncTask@@PAVMessageLoop@4@@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?ClearDeadQueue@Misc@Util@@YAXXZ

processsession

?Run@CTXOPChannel@@EAEIXZ
??0CTXOPChannel@@QAE@XZ
?AddSink@CTXOPChannel@@QAEXPAUITXOPChanelSysSink@@@Z
??1CTXOPChannel@@UAE@XZ
?GetConnectCount@CTXOPChannel@@QAEIXZ
?Listen@CTXOPChannel@@QAEHXZ
?Start@CTXOPChannel@@QAEHPB_W@Z
?SendReply@CTXOPChannel@@QAEHKKPBEI@Z

wininet

InternetErrorDlg

asynctask

??0Lock@AsyncTask@@QAE@XZ
?StartWithOptions@Thread@AsyncTask@@QAE_NABUOptions@12@@Z
??1MessageLoopForUI@AsyncTask@@UAE@XZ
?Run@MessageLoopForUI@AsyncTask@@QAEXXZ
??0MessageLoopForUI@AsyncTask@@QAE@XZ
?RegisterCallback@AtExitManager@AsyncTask@@SAXP6AXPAX@Z0@Z
??1AtExitManager@AsyncTask@@QAE@XZ
??1Thread@AsyncTask@@UAE@XZ
??0AtExitManager@AsyncTask@@QAE@XZ
??0Thread@AsyncTask@@QAE@PBD@Z
?Release@Lock@AsyncTask@@QAEXXZ
??1Lock@AsyncTask@@QAE@XZ
?Acquire@Lock@AsyncTask@@QAEXXZ

kernel32

FlushInstructionCache
GetCurrentProcess
GetModuleFileNameW
TerminateProcess
SetUnhandledExceptionFilter
GetProcAddress
GetCurrentProcessId
OpenMutexW
CloseHandle
CreateMutexW
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
GetModuleHandleW
GetTempPathW
CreateDirectoryW
CreateFileW
InterlockedDecrement
InterlockedIncrement
FreeLibrary
lstrlenW
GetSystemDirectoryW
Sleep
SetThreadPriority
ResumeThread
CreateThread
WideCharToMultiByte
DeviceIoControl
VirtualProtect
InterlockedExchange
GetSystemTimeAsFileTime
IsDebuggerPresent
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetLastError

user32

SetTimer
KillTimer
PostQuitMessage

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

OleInitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
OleUninitialize
CoUninitialize

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_amsg_exit
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
??3@YAXPAX@Z
__argc
__wargv
wcslen
swscanf
_time64
??2@YAPAXI@Z
_purecall
wcsrchr
memset
wcsstr
??_V@YAXPAX@Z
memcpy
malloc
strncpy_s
strlen
_stricmp
fprintf
rand
__iob_func
srand
wcsncpy_s
wcscat_s
_snprintf_s
free
_invalid_parameter_noinfo
isalnum
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
tolower
memcmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_CxxThrowException
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e

ws2_32

closesocket
sendto
WSAGetLastError
getaddrinfo
htonl
inet_ntoa
socket
WSACleanup
WSAStartup
ntohs
recvfrom
setsockopt
inet_addr
htons

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetIpForwardTable

netapi32

Netbios

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd42a82f6dd682fa3042ae728936e085

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

common

processsession

wininet

asynctask

kernel32

user32

advapi32

shell32

ole32

msvcp80

msvcr80

ws2_32

iphlpapi

netapi32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 80KB - Virtual size: 80KB