b0cd6889815154199a3b95189582d2659536d205990603a0f0803eb90cfeb9fcN

Sharing

Copy URL Twitter E-mail

General

Target

b0cd6889815154199a3b95189582d2659536d205990603a0f0803eb90cfeb9fcN
Size

1.2MB
MD5

d52b4a50ac6a41b09540ae2d9b5e5a70
SHA1

15ce1e98b65a00b5ec80b973ddfa3b79429a2664
SHA256

b0cd6889815154199a3b95189582d2659536d205990603a0f0803eb90cfeb9fc
SHA512

6085ae7a54c835c95a652dbacf8d1fa3da1a6869b90b95f0163fb285084de66a5929270337d6928fa05d1b5d15baa9bb33ce48ae278de346ab7e6318b2c290ee
SSDEEP

12288:5ifKZIIAfzwm6GjyCCJ49O4ZRtyB9yNwnYuh/6oEzhljRgXy1:tifh6GjyDkZRtyBQI/6LljRY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0cd6889815154199a3b95189582d2659536d205990603a0f0803eb90cfeb9fcN

Files

b0cd6889815154199a3b95189582d2659536d205990603a0f0803eb90cfeb9fcN
.exe windows:6 windows x86 arch:x86

8e5d11d595cc27e3883437e7fb80ee38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qt5core

?shared_null@QListData@@2UData@1@B
?execute@QProcess@@SAHABVQString@@ABVQStringList@@@Z
?append@QListData@@QAEPAPAXXZ
?dispose@QListData@@SAXPAUData@1@@Z
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z
??1QString@@QAE@XZ
??0QString@@QAE@ABV0@@Z

kernel32

IsDebuggerPresent
WideCharToMultiByte
LocalFree
GetCommandLineW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
CloseHandle
GetLastError
CreateMutexW
EncodePointer
DecodePointer

msvcp120

?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

msvcr120

??3@YAXPAX@Z
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
_lock
_unlock
_calloc_crt
??2@YAPAXI@Z
_onexit
??1type_info@@UAE@XZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
??_V@YAXPAX@Z
_purecall
exit
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
__set_app_type
__dllonexit
__getmainargs

shell32

CommandLineToArgvW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8e5d11d595cc27e3883437e7fb80ee38

Headers

DLL Characteristics

File Characteristics

Imports

qt5core

kernel32

msvcp120

msvcr120

shell32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 82KB - Virtual size: 81KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB