C:\vmagent_new\bin\joblist\771934\out\Release\QInfoCollector.pdb
Static task
static1
Behavioral task
behavioral1
Sample
59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Resource
win10v2004-20240802-en
General
-
Target
59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733
-
Size
16.0MB
-
MD5
ff1449bd953e57ccaf2b63662ca6619b
-
SHA1
db6c14fe6dcd71871606f241222d4e2729ad6eeb
-
SHA256
59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733
-
SHA512
796726b743c08e7a4716fde1559da3b69c7e254b8980b5275bcbbcecf44eaffe20ecd827aa75cde32c8717f9a9773539c2a9703f361fd823f6e0ced4a8f6d178
-
SSDEEP
393216:0/5wWJ/LPoEDDsOjFI1mcK8OKjSk8C8sJJq:7GzP7DsOWc6vBq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733
Files
-
59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe windows:5 windows x86 arch:x86
b0605cdb49d80d6c044502e1700bed22
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetFileSize
GetNativeSystemInfo
lstrlenA
GetDriveTypeW
InterlockedIncrement
InterlockedCompareExchange
ReadFile
GlobalUnlock
InterlockedExchange
GetFileTime
SetEvent
HeapFree
GetProcessHeap
OpenProcess
Process32FirstW
Process32NextW
GetLogicalDriveStringsW
ReadProcessMemory
FileTimeToSystemTime
QueryDosDeviceW
InterlockedDecrement
GetComputerNameExW
SetFilePointer
GetSystemWindowsDirectoryW
QueryPerformanceCounter
WriteFile
GetExitCodeProcess
GetLongPathNameW
GetModuleHandleA
QueryPerformanceFrequency
GetWindowsDirectoryW
OutputDebugStringW
FlushFileBuffers
FindFirstFileW
SetLastError
FindClose
FindNextFileW
SystemTimeToFileTime
EnterCriticalSection
VirtualAlloc
GetVersionExW
ReleaseSemaphore
CreateSemaphoreW
SetThreadAffinityMask
GetFileInformationByHandle
SetFileTime
GetFileAttributesW
SetEndOfFile
GlobalMemoryStatus
GetSystemInfo
CreateEventW
MapViewOfFile
UnmapViewOfFile
CreateFileA
CreateFileMappingW
ReadConsoleInputA
SetThreadPriority
LeaveCriticalSection
WaitForSingleObject
LoadLibraryExW
FreeLibrary
DeleteFileW
GetLocalTime
GetStdHandle
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
SetConsoleMode
Sleep
GetConsoleMode
WideCharToMultiByte
GetSystemDirectoryW
GetProcessTimes
GetTickCount
SetThreadExecutionState
CreateDirectoryW
CreateMutexW
GetCommandLineW
SuspendThread
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CreateToolhelp32Snapshot
VirtualProtect
LockResource
OpenThread
GetProcAddress
GetLastError
GetTempPathW
CreateFileW
Thread32Next
TerminateProcess
SizeofResource
Thread32First
InitializeCriticalSection
GetModuleHandleW
GetCurrentProcess
SetUnhandledExceptionFilter
LoadResource
FindResourceW
ResetEvent
lstrcpynW
FormatMessageW
CreateThread
ResumeThread
DeleteCriticalSection
FlushConsoleInputBuffer
GetVersion
GetVersionExA
FreeResource
ReleaseMutex
HeapWalk
HeapLock
LocalFree
WaitForMultipleObjects
GetProcessAffinityMask
DeviceIoControl
HeapUnlock
GetFileSizeEx
SetFilePointerEx
VirtualFree
FindResourceExW
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetLocaleInfoW
CreateProcessA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetConsoleCtrlHandler
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
ExitThread
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetSystemTimeAsFileTime
GetCPInfo
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetFileAttributesA
GetModuleFileNameA
user32
GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW
CharUpperW
advapi32
CryptHashData
RegQueryValueExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptExportKey
CryptSignHashA
CryptSetHashParam
CryptDecrypt
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
OpenEventLogW
LookupAccountSidW
ReadEventLogW
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
GetTokenInformation
OpenProcessToken
CloseEventLog
shell32
SHFileOperationW
CommandLineToArgvW
ole32
CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
oleaut32
SysStringByteLen
SysAllocString
VariantClear
SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantCopy
shlwapi
SHGetValueW
PathCombineW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW
StrRChrW
StrChrW
StrStrIA
StrCmpIW
StrCmpNIW
psapi
GetProcessImageFileNameW
GetModuleFileNameExW
iphlpapi
GetAdaptersAddresses
GetAdaptersInfo
imm32
ImmDisableIME
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertGetNameStringW
netapi32
NetApiBufferFree
NetUserEnum
wtsapi32
WTSFreeMemory
WTSQuerySessionInformationW
ws2_32
socket
WSACleanup
htons
inet_addr
WSAStartup
send
WSAWaitForMultipleEvents
recv
select
closesocket
sendto
WSAEventSelect
WSAEnumNetworkEvents
getsockopt
ioctlsocket
ntohl
WSAGetLastError
WSASocketW
recvfrom
WSAStringToAddressA
WSACreateEvent
ntohs
connect
version
VerQueryValueW
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 370KB - Virtual size: 370KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 221KB - Virtual size: 263KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13.9MB - Virtual size: 13.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ