2QRC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2QRC.exe
Size

5.3MB
MD5

1e32f459512f7de9d8d2faed71b8e5b1
SHA1

efca6135c4713df1044efb216023402e3564dcc1
SHA256

5ecf161085cbcca2b6d5ae947e6e3d0576a8d63bcef845687c11d6d2cf7e6b9b
SHA512

643a493351b44434370a5c8111acbf1210759dba816625c2188811c235d43c001780e6672e46015f8a5c8d7803dc8697f818ee4b91cb9c753667242326a51b87
SSDEEP

49152:YOuNxlp0PGEn7rbqX5EF5Yr915haVPgwc0l2107XrI1DtQJMyzzDO:Yo7fasu15haVn6+7XaDtQfzzC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2QRC.exe

Files

2QRC.exe
.exe windows:4 windows x64 arch:x64

7d1766c799ad3e19479b16eaecc95f05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

gdi32

ChoosePixelFormat
CreateBitmap
CreateDCA
CreateDIBSection
DeleteDC
DeleteObject
GetDeviceCaps
GetPixelFormat
SetPixelFormat
SwapBuffers

glu32

gluBuild2DMipmaps
gluOrtho2D
gluPerspective

kernel32

AllocConsole
Beep
BuildCommDCBA
ClearCommError
CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateProcessA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
FlushConsoleInputBuffer
FlushFileBuffers
FormatMessageA
FreeConsole
FreeLibrary
GetACP
GetCommState
GetCommTimeouts
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleProcessList
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryA
GetCurrentProcessId
GetDiskFreeSpaceExA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFullPathNameA
GetLastError
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetShortPathNameA
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathA
GetThreadId
GetTimeZoneInformation
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadConsoleW
ReadFile
ReleaseSemaphore
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetCommState
SetCommTimeouts
SetConsoleCP
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleA
SetConsoleWindowInfo
SetCurrentConsoleFontEx
SetEvent
SetFilePointer
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnlockFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WinExec
WriteConsoleW
WriteFile

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_assert
_beginthreadex
_cexit
_chdir
_commode
_environ
_errno
_exit
_fdopen
_filelengthi64
_fileno
_findclose
_fileno
_findfirst64
_findnext64
_fmode
_fstat64
_fullpath
_getch
_getcwd
_initterm
_localtime64
_lock
_lseeki64
_mkdir
_onexit
_pclose
_popen
_putenv
_putenv_s
_rmdir
_read
_snprintf
_stat64
_strdup
_stricmp
_strtoi64
_strtoui64
_time64
_unlock
_wfopen
_write
_wstat64
abort
calloc
clock
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fopen_s
fprintf
fputc
fputs
fputwc
fread
free
fsetpos
fwprintf
fseek
ftell
fwrite
getc
getenv
getwc
isprint
isspace
iswctype
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
putc
putwc
qsort
rand
realloc
remove
rename
rewind
setlocale
setvbuf
signal
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strstr
strtok
strtol
strtoul
strxfrm
system
tan
tolower
toupper
towlower
towupper
ungetwc
ungetc
vfprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncpy
wcsrchr
wcstoul
wcsxfrm

ole32

CoInitializeEx
CoUninitialize

opengl32

glAlphaFunc
glBegin
glBindTexture
glBitmap
glBlendFunc
glClear
glColor4f
glColor4fv
glCullFace
glDeleteTextures
glDepthMask
glDisable
glDisableClientState
glDrawArrays
glDrawBuffer
glEnable
glEnableClientState
glEnd
glFlush
glFrontFace
glGenTextures
glGetBooleanv
glGetError
glGetIntegerv
glGetString
glLoadIdentity
glMatrixMode
glOrtho
glPixelStorei
glPopAttrib
glPopClientAttrib
glPopMatrix
glPushAttrib
glPushClientAttrib
glPushMatrix
glRasterPos2i
glReadBuffer
glScalef
glTexCoordPointer
glTexImage2D
glTexParameterf
glTexParameteri
glTranslatef
glVertex2f
glVertex2i
glVertexPointer
glViewport
wglCreateContext
wglDeleteContext
wglGetCurrentContext
wglGetCurrentDC
wglGetProcAddress
wglMakeCurrent

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
SHBrowseForFolderW
SHGetFolderPathA
SHGetPathFromIDListW
ShellExecuteExA
Shell_NotifyIconW

user32

AdjustWindowRectEx
BeginPaint
ChangeDisplaySettingsExA
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyRect
CreateIconIndirect
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxIndirectParamA
DispatchMessageA
EmptyClipboard
EndDialog
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumDisplaySettingsA
EnumWindows
GetAsyncKeyState
GetClassInfoA
GetClassNameW
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItemTextA
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardState
GetMessageA
GetMonitorInfoA
GetRawInputData
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowThreadProcessId
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsWindowVisible
LoadCursorA
LoadIconA
LoadImageA
MessageBeep
MessageBoxW
MonitorFromRect
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClassExA
RegisterRawInputDevices
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageA
SendInput
SendMessageA
SetActiveWindow
SetCapture
SetClassLongPtrA
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetRect
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowCursor
ShowWindow
ToAscii
TranslateMessage
UnregisterClassA
UpdateWindow
VkKeyScanA
keybd_event

winmm

joyGetDevCapsA
joyGetPosEx
timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 487B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d1766c799ad3e19479b16eaecc95f05

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comdlg32

gdi32

glu32

kernel32

msvcrt

ole32

opengl32

shell32

user32

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.data Size: 37KB - Virtual size: 37KB

.rdata Size: 455KB - Virtual size: 455KB

.pdata Size: 90KB - Virtual size: 90KB

.xdata Size: 105KB - Virtual size: 105KB

.bss Size: - Virtual size: 7.0MB

.idata Size: 15KB - Virtual size: 15KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 16KB - Virtual size: 15KB

/4 Size: 512B - Virtual size: 272B

/19 Size: 26KB - Virtual size: 25KB

/31 Size: 4KB - Virtual size: 3KB

/45 Size: 4KB - Virtual size: 3KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 512B - Virtual size: 487B

/81 Size: 3KB - Virtual size: 2KB

/97 Size: 3KB - Virtual size: 2KB

/113 Size: 512B - Virtual size: 173B

.text
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 37KB - Virtual size: 37KB

.rdata
Size: 455KB - Virtual size: 455KB

.pdata
Size: 90KB - Virtual size: 90KB

.xdata
Size: 105KB - Virtual size: 105KB

.bss
Size: - Virtual size: 7.0MB

.idata
Size: 15KB - Virtual size: 15KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 16KB - Virtual size: 15KB

/4
Size: 512B - Virtual size: 272B

/19
Size: 26KB - Virtual size: 25KB

/31
Size: 4KB - Virtual size: 3KB

/45
Size: 4KB - Virtual size: 3KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 512B - Virtual size: 487B

/81
Size: 3KB - Virtual size: 2KB

/97
Size: 3KB - Virtual size: 2KB

/113
Size: 512B - Virtual size: 173B