d172c2f92817bba92781d64cefca2810N

Sharing

Copy URL Twitter E-mail

General

Target

d172c2f92817bba92781d64cefca2810N
Size

146KB
MD5

d172c2f92817bba92781d64cefca2810
SHA1

cd65dca9e4ab73141861c3fdc7ea7cdf7121c698
SHA256

712486afa2dec80c4b8442714e1591dbe639f1d6d93a67a789b5043f01503d3f
SHA512

fd9cf282a6648a17146c22bb9aac61c1f43619be00246831451ab48567ba33e608e73bbf1ac8fc8285d64f5a5e7ac32a758dcd1a79c61c6b9e978b60cda12c91
SSDEEP

3072:ztDCYO04/k3JEfiOodaaNdwIE5YUSCkYgXlHWF7q6GwV:5DCB6GfiOod7LwIECUSCxgXlHg73GwV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d172c2f92817bba92781d64cefca2810N

Files

d172c2f92817bba92781d64cefca2810N
.exe windows:4 windows x86 arch:x86

cd42a82f6dd682fa3042ae728936e085

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\doc\QLDoc\HummerSDK5.2\Output\PdbFinal\QQLiveBrowser.pdb

Imports

common

??4CTXStringW@@QAEAAV0@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
??8@YA_NPB_WABVCTXStringW@@@Z
?FlushLog@TXLog@@YAXXZ
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z
??0CTXStringW@@QAE@XZ
?OnExitWinMain@Misc@Util@@YAXXZ
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
?Format@CTXStringW@@QAAXPB_WZZ
?GetLength@CTXStringW@@QBEHXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
??ACTXStringW@@QBE_WH@Z
??0CTXStringW@@QAE@PB_W@Z
?Append@CTXStringW@@QAEXPB_W@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?GetString@CTXStringW@@QBEPB_WXZ
??8@YA_NABVCTXStringW@@PB_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
?MinimzeMemory@Sys@Util@@YAXXZ
??4CTXStringW@@QAEAAV0@PA_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?IsFileExist@FS@@YAHPB_W@Z
?SetBugReportUin@TXBugReport@@YAXK@Z
??1CTXStringW@@QAE@XZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?SetBugReportFlag@TXBugReport@@YAHK@Z
?GetLCID@NLS@@YAKXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
??BCTXStringW@@QBEPB_WXZ
?GetSession@TXLog@@YAKXZ
?SetMainAndLogicMsgLoop@Misc@Util@@YAXPAVMessageLoopForUI@AsyncTask@@PAVMessageLoop@4@@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?ClearDeadQueue@Misc@Util@@YAXXZ

processsession

?Run@CTXOPChannel@@EAEIXZ
??0CTXOPChannel@@QAE@XZ
?AddSink@CTXOPChannel@@QAEXPAUITXOPChanelSysSink@@@Z
??1CTXOPChannel@@UAE@XZ
?GetConnectCount@CTXOPChannel@@QAEIXZ
?Listen@CTXOPChannel@@QAEHXZ
?Start@CTXOPChannel@@QAEHPB_W@Z
?SendReply@CTXOPChannel@@QAEHKKPBEI@Z

wininet

InternetErrorDlg

asynctask

??0Lock@AsyncTask@@QAE@XZ
?StartWithOptions@Thread@AsyncTask@@QAE_NABUOptions@12@@Z
??1MessageLoopForUI@AsyncTask@@UAE@XZ
?Run@MessageLoopForUI@AsyncTask@@QAEXXZ
??0MessageLoopForUI@AsyncTask@@QAE@XZ
?RegisterCallback@AtExitManager@AsyncTask@@SAXP6AXPAX@Z0@Z
??1AtExitManager@AsyncTask@@QAE@XZ
??1Thread@AsyncTask@@UAE@XZ
??0AtExitManager@AsyncTask@@QAE@XZ
??0Thread@AsyncTask@@QAE@PBD@Z
?Release@Lock@AsyncTask@@QAEXXZ
??1Lock@AsyncTask@@QAE@XZ
?Acquire@Lock@AsyncTask@@QAEXXZ

kernel32

FlushInstructionCache
GetCurrentProcess
GetModuleFileNameW
TerminateProcess
SetUnhandledExceptionFilter
GetProcAddress
GetCurrentProcessId
OpenMutexW
CloseHandle
CreateMutexW
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
GetModuleHandleW
GetTempPathW
CreateDirectoryW
CreateFileW
InterlockedDecrement
InterlockedIncrement
FreeLibrary
lstrlenW
GetSystemDirectoryW
Sleep
SetThreadPriority
ResumeThread
CreateThread
WideCharToMultiByte
DeviceIoControl
VirtualProtect
InterlockedExchange
GetSystemTimeAsFileTime
IsDebuggerPresent
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetLastError

user32

SetTimer
KillTimer
PostQuitMessage

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

OleInitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
OleUninitialize
CoUninitialize

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_amsg_exit
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
??3@YAXPAX@Z
__argc
__wargv
wcslen
swscanf
_time64
??2@YAPAXI@Z
_purecall
wcsrchr
memset
wcsstr
??_V@YAXPAX@Z
memcpy
malloc
strncpy_s
strlen
_stricmp
fprintf
rand
__iob_func
srand
wcsncpy_s
wcscat_s
_snprintf_s
free
_invalid_parameter_noinfo
isalnum
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
tolower
memcmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_CxxThrowException
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e

ws2_32

closesocket
sendto
WSAGetLastError
getaddrinfo
htonl
inet_ntoa
socket
WSACleanup
WSAStartup
ntohs
recvfrom
setsockopt
inet_addr
htons

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetIpForwardTable

netapi32

Netbios

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd42a82f6dd682fa3042ae728936e085

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

common

processsession

wininet

asynctask

kernel32

user32

advapi32

shell32

ole32

msvcp80

msvcr80

ws2_32

iphlpapi

netapi32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 76KB - Virtual size: 76KB