b7900de545fd294d02406bb95bd7e647b0e5ffc53aec6907d969614ccb10f58eN[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b7900de545fd294d02406bb95bd7e647b0e5ffc53aec6907d969614ccb10f58eN.exe
Size

927KB
MD5

fb5168d9414a082193997e2ed775b090
SHA1

0290e98fe0ccef13fd33d699365456fdc3201066
SHA256

b7900de545fd294d02406bb95bd7e647b0e5ffc53aec6907d969614ccb10f58e
SHA512

86ac28888f50cb0c46bdeed46ca17545d64fa1545637d44a35657ed47a15937f35a57237612b63b0542a2706a88d0693b0ea3b84f52144c71eaca548e895134e
SSDEEP

6144:2Tmmrv5MeKrKcYrkPoi+0QEkEEQufNp3hE6eejtWpPjbDz276:vUBMeUAo0L7QufVEcWpPPDz276

Score

1^/10

Malware Config

Signatures

Files

b7900de545fd294d02406bb95bd7e647b0e5ffc53aec6907d969614ccb10f58eN.exe
.dll windows:6 windows x86 arch:x86

c01e266c57c0b3cbc19638f2eb073a49

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:ff:77:13:6d:25:c6:e7:45:90:9c:69:16:00:4c:f0
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

02/04/2024, 00:00

Not After

02/04/2025, 23:59

Subject

SERIALNUMBER=1636032,CN=Intel Corporation,O=Intel Corporation,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:c7:70:67:7d:07:26:16:8a:f3:dd:7d:df:b6:da:dd:00:59:7e:b1:d2:3b:a4:5c:f0:b2:6b:1b:3d:70:00:38
Signer

Actual PE Digest

b1:c7:70:67:7d:07:26:16:8a:f3:dd:7d:df:b6:da:dd:00:59:7e:b1:d2:3b:a4:5c:f0:b2:6b:1b:3d:70:00:38

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qt6quickcontrols2

?updateTheme@QQuickStylePlugin@@UAEXXZ
?unregisterTypes@QQuickStylePlugin@@UAEXXZ
?registerTypes@QQuickStylePlugin@@UAEXPBD@Z
??1QQuickStylePlugin@@UAE@XZ
??0QQuickStylePlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QQuickStylePlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QQuickStylePlugin@@UAEPAXPBD@Z
?staticMetaObject@QQuickStylePlugin@@2UQMetaObject@@B

qt6quicktemplates2

?setPalette@QQuickTheme@@QAEXW4Scope@1@ABVQPalette@@@Z

qt6gui

??5@YAAAVQDataStream@@AAV0@AAVQColor@@@Z
??6@YAAAVQDataStream@@AAV0@ABVQColor@@@Z
??8QColor@@QBE_NABV0@@Z
??6@YA?AVQDebug@@V0@ABVQColor@@@Z
??0QBrush@@QAE@ABVQColor@@W4BrushStyle@Qt@@@Z
??1QBrush@@QAE@XZ
??0QPalette@@QAE@XZ
??1QPalette@@QAE@XZ
?setBrush@QPalette@@QAEXW4ColorGroup@1@W4ColorRole@1@ABVQBrush@@@Z
?fromRgba@QColor@@SA?AV1@I@Z
??0QColor@@QAE@XZ

qt6qml

??6@YAAAVQDataStream@@AAV0@ABVQJSValue@@@Z
?toVariant@QJSValue@@QBE?AVQVariant@@XZ
?isVariant@QJSValue@@QBE_NXZ
??0QJSValue@@QAE@ABV0@@Z
??1QJSValue@@QAE@XZ
??0QJSValue@@QAE@W4SpecialValue@0@@Z
?initLoadAttachedLookup@AOTCompiledContext@QQmlPrivate@@QBEXIIPAVQObject@@@Z
?loadAttachedLookup@AOTCompiledContext@QQmlPrivate@@QBE_NIPAVQObject@@PAX@Z
?initGetEnumLookup@AOTCompiledContext@QQmlPrivate@@QBEXIPBUQMetaObject@@PBD1@Z
?getEnumLookup@AOTCompiledContext@QQmlPrivate@@QBE_NIPAH@Z
?initLoadSingletonLookup@AOTCompiledContext@QQmlPrivate@@QBEXII@Z
?loadSingletonLookup@AOTCompiledContext@QQmlPrivate@@QBE_NIPAX@Z
?initCallObjectPropertyLookup@AOTCompiledContext@QQmlPrivate@@QBEXI@Z
?callObjectPropertyLookup@AOTCompiledContext@QQmlPrivate@@QBE_NIPAVQObject@@PAPAXPBVQMetaType@@H@Z
??1QJSManagedValue@@QAE@XZ
?getObjectLookup@AOTCompiledContext@QQmlPrivate@@QBE_NIPAVQObject@@PAX@Z
?initLoadContextIdLookup@AOTCompiledContext@QQmlPrivate@@QBEXI@Z
?loadContextIdLookup@AOTCompiledContext@QQmlPrivate@@QBE_NIPAX@Z
?lookupResultMetaType@AOTCompiledContext@QQmlPrivate@@QBE?AVQMetaType@@I@Z
?qmlregister@QQmlPrivate@@YAHW4RegistrationType@1@PAX@Z
?hasError@QJSEngine@@QBE_NXZ
?initLoadScopeObjectPropertyLookup@AOTCompiledContext@QQmlPrivate@@QBEXIVQMetaType@@@Z
??0QJSManagedValue@@QAE@$$QAV0@@Z
?loadScopeObjectPropertyLookup@AOTCompiledContext@QQmlPrivate@@QBE_NIPAX@Z
?setInstructionPointer@AOTCompiledContext@QQmlPrivate@@QBEXH@Z
?qmlunregister@QQmlPrivate@@YAXW4RegistrationType@1@I@Z
??1QQmlModuleRegistration@@QAE@XZ
??0QQmlModuleRegistration@@QAE@PBDP6AXXZ@Z
?qmlRegisterModule@@YAXPBDHH@Z
?initializeEngine@QQmlExtensionPlugin@@UAEXPAVQQmlEngine@@PBD@Z
??5@YAAAVQDataStream@@AAV0@AAVQJSValue@@@Z
?toVariant@QJSManagedValue@@QBE?AVQVariant@@XZ
?convertManaged@QJSEngine@@CA_NABVQJSManagedValue@@VQMetaType@@PAX@Z
?convertV2@QJSEngine@@CA_NABVQJSValue@@VQMetaType@@PAX@Z
?convertString@QJSEngine@@CA_NABVQString@@VQMetaType@@PAX@Z
?convertVariant@QJSEngine@@AAE_NABVQVariant@@VQMetaType@@PAX@Z
?staticMetaObject@QQmlComponent@@2UQMetaObject@@B
?toString@QJSPrimitiveValue@@CA?AVQString@@N@Z
?convertQObjectToString@QJSEngine@@AAE?AVQString@@PAVQObject@@@Z
?initGetObjectLookup@AOTCompiledContext@QQmlPrivate@@QBEXIPAVQObject@@VQMetaType@@@Z
?setReturnValueUndefined@AOTCompiledContext@QQmlPrivate@@QBEXXZ

qt6core

?flags@QMetaType@@QBE?AV?$QFlags@W4TypeFlag@QMetaType@@@@XZ
?number@QString@@SA?AV1@HH@Z
??6@YA?AVQDebug@@V0@ABVQUrl@@@Z
??5@YAAAVQDataStream@@AAV0@AAVQUrl@@@Z
??6@YAAAVQDataStream@@AAV0@ABVQUrl@@@Z
??8QUrl@@QBE_NABV0@@Z
??MQUrl@@QBE_NABV0@@Z
??1QUrl@@QAE@XZ
??4QUrl@@QAEAAV0@$$QAV0@@Z
??0QUrl@@QAE@ABVQString@@W4ParsingMode@0@@Z
??0QUrl@@QAE@ABV0@@Z
??0QUrl@@QAE@XZ
??4QString@@QAEAAV0@$$QAV0@@Z
?constData@QVariant@@QBEPBXXZ
?toString@QVariant@@QBE?AVQString@@XZ
?convert@QMetaType@@SA_NV1@PBX0PAX@Z
?toDouble@QString@@QBENPA_N@Z
?toInt@QString@@QBEHPA_NH@Z
??0QByteArray@@QAE@PBDH@Z
?normalizedType@QMetaObject@@SA?AVQByteArray@@PBD@Z
?cast@QMetaObject@@QBEPBVQObject@@PBV2@@Z
?metaObject@QMetaType@@QBEPBUQMetaObject@@XZ
??4QVariant@@QAEAAV0@ABV0@@Z
??6QDebug@@QAEAAV0@ABVQString@@@Z
??6QDebug@@QAEAAV0@H@Z
??6QDataStream@@QAEAAV0@H@Z
??5QDataStream@@QAEAAV0@AAH@Z
??5@YAAAVQDataStream@@AAV0@AAVQString@@@Z
??6@YAAAVQDataStream@@AAV0@ABVQString@@@Z
??0QString@@QAE@XZ
?staticMetaObject@QObject@@2UQMetaObject@@B
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?qt_metacast@QObject@@UAEPAXPBD@Z
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
??0QObject@@QAE@PAV0@@Z
??1QObject@@UAE@XZ
??1QDebug@@QAE@XZ
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?deallocate@QArrayData@@SAXPAU1@HH@Z
??0QString@@QAE@$$QAU?$QArrayDataPointer@_S@@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?className@QMetaObject@@QBEPBDXZ
??0QByteArray@@QAE@XZ
??1QByteArray@@QAE@XZ
?reserve@QByteArray@@QAEXH@Z
?data@QByteArray@@QBEPBDXZ
?append@QByteArray@@QAEAAV1@D@Z
?append@QByteArray@@QAEAAV1@PBD@Z
?size@QByteArray@@QBEHXZ
?isNull@QByteArray@@QBE_NXZ
?registerNormalizedTypedef@QMetaType@@SAXABVQByteArray@@V1@@Z
?id@QMetaType@@QBEHH@Z
?qRegisterResourceData@@YA_NHPBE00@Z
?qUnregisterResourceData@@YA_NHPBE00@Z
?qResourceFeatureZlib@@YAEXZ
??0QChar@@QAE@UQLatin1Char@@@Z
?equalStrings@QtPrivate@@YA_NVQStringView@@0@Z
?equalStrings@QtPrivate@@YA_NVQStringView@@VQLatin1String@@@Z
??0QString@@QAE@ABV0@@Z
??1QString@@QAE@XZ
??0QString@@QAE@$$QAV0@@Z
?data@QString@@QBEPBVQChar@@XZ
?startsWith@QString@@QBE_NVQChar@@W4CaseSensitivity@Qt@@@Z
?insert@QString@@QAEAAV1@HVQChar@@@Z
?isNull@QString@@QBE_NXZ
?globalSeed@QHashSeed@@SA?AU1@XZ
?qHash@@YAIVQStringView@@I@Z
?scheme@QUrl@@QBE?AVQString@@XZ
?path@QUrl@@QBE?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
?cleanPath@QDir@@SA?AVQString@@ABV2@@Z
??5QDataStream@@QAEAAV0@AAN@Z
??6QDataStream@@QAEAAV0@N@Z
??6QDebug@@QAEAAV0@N@Z
?lengthHelperCharArray@QByteArrayView@@CAHPBDI@Z
?fromName@QMetaType@@SA?AV1@VQByteArrayView@@@Z
??0QVariant@@QAE@XZ
??1QVariant@@QAE@XZ
??0QVariant@@QAE@VQMetaType@@PBX@Z
??0QVariant@@QAE@ABV0@@Z
??0QVariant@@QAE@$$QAV0@@Z
??4QVariant@@QAEAAV0@$$QAV0@@Z
?metaType@QVariant@@QBE?AVQMetaType@@XZ
?isValid@QVariant@@QBE_NXZ
?data@QVariant@@QAEPAXXZ
?qdebugHelper@QVariant@@ABE?AVQDebug@@V2@@Z
?equals@QVariant@@IBE_NABV1@@Z
??5@YAAAVQDataStream@@AAV0@AAVQVariant@@@Z
??6@YAAAVQDataStream@@AAV0@ABVQVariant@@@Z
??5QDataStream@@QAEAAV0@AA_N@Z
??6QDataStream@@QAEAAV0@_N@Z
??6QDebug@@QAEAAV0@_N@Z
?compareStrings@QtPrivate@@YAHVQStringView@@0W4CaseSensitivity@Qt@@@Z

vcruntime140

__std_exception_destroy
memset
memcpy
_except_handler4_common
_CxxThrowException
__std_exception_copy
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_execute_onexit_table
_initterm_e
_initterm
_cexit
_crt_atexit
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-math-l1-1-0

_CIfmod
_dclass
copysign

kernel32

GetModuleHandleW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
EnterCriticalSection
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CloseHandle

Exports

Exports

?qml_register_types_QtQuick_Controls_Basic@@YAXXZ
qt_plugin_instance
qt_plugin_query_metadata_v2

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c01e266c57c0b3cbc19638f2eb073a49

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

42:ff:77:13:6d:25:c6:e7:45:90:9c:69:16:00:4c:f0Certificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

b1:c7:70:67:7d:07:26:16:8a:f3:dd:7d:df:b6:da:dd:00:59:7e:b1:d2:3b:a4:5c:f0:b2:6b:1b:3d:70:00:38Signer

Headers

DLL Characteristics

File Characteristics

Imports

qt6quickcontrols2

qt6quicktemplates2

qt6gui

qt6qml

qt6core

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 415KB

.rdata Size: 423KB - Virtual size: 423KB

.data Size: 20KB - Virtual size: 24KB

.qtmetad Size: 512B - Virtual size: 128B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 53KB - Virtual size: 52KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

42:ff:77:13:6d:25:c6:e7:45:90:9c:69:16:00:4c:f0
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

b1:c7:70:67:7d:07:26:16:8a:f3:dd:7d:df:b6:da:dd:00:59:7e:b1:d2:3b:a4:5c:f0:b2:6b:1b:3d:70:00:38
Signer

.text
Size: 416KB - Virtual size: 415KB

.rdata
Size: 423KB - Virtual size: 423KB

.data
Size: 20KB - Virtual size: 24KB

.qtmetad
Size: 512B - Virtual size: 128B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 53KB - Virtual size: 52KB