1dfdc59a841418994397423520bd0517b3225991de539e4bcc4ae2a9dec79a29N

Sharing

Copy URL Twitter E-mail

General

Target

1dfdc59a841418994397423520bd0517b3225991de539e4bcc4ae2a9dec79a29N
Size

152KB
MD5

1ee973d03352ad79e6e70ecc179a0400
SHA1

bd64242d9f25d941dac8a9e6d19107070025c00c
SHA256

1dfdc59a841418994397423520bd0517b3225991de539e4bcc4ae2a9dec79a29
SHA512

41537ec7c9870f37bd67432248c88dc782f02b575c3f27e215589206c6db5cd63aa038645cfad37ef55374ceebdc044863548ec2a2c0f4153f723b0fb71d8cff
SSDEEP

768:nAWVFQWCruSEnw9jjdrU1kLHdgmgkDb9yDqrBmpa9QStNdaysX8Q3i9wqeQUAV5r:DF6ZhyWWm7Db95rcc9Vn3CZkU6wU4vxa

Score

1^/10

Malware Config

Signatures

Files

1dfdc59a841418994397423520bd0517b3225991de539e4bcc4ae2a9dec79a29N
.dll windows:6 windows x64 arch:x64

ff076010611d3c9ac00f0692b0c0f973

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

01/05/2023, 00:00

Not After

31/07/2026, 23:59

Subject

CN=K Desktop Environment e. V.,O=K Desktop Environment e. V.,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:62:f9:0b:0b:bf:87:d2:91:7d:ac:ac:bd:fe:cb:db:7e:92:a9:d1:4e:7d:bb:9a:a8:3a:ea:ca:fa:9d:15:bc
Signer

Actual PE Digest

ca:62:f9:0b:0b:bf:87:d2:91:7d:ac:ac:bd:fe:cb:db:7e:92:a9:d1:4e:7d:bb:9a:a8:3a:ea:ca:fa:9d:15:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\_\8742fad7\build\bin\kf6\kiod\kioexecd.pdb

Imports

kf6dbusaddons

??1KDEDModule@@UEAA@XZ
??0KDEDModule@@QEAA@PEAVQObject@@@Z
?staticMetaObject@KDEDModule@@2UQMetaObject@@B
?qt_metacall@KDEDModule@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@KDEDModule@@UEAAPEAXPEBD@Z

kf6widgetsaddons

?questionTwoActions@KMessageBox@@YA?AW4ButtonCode@1@PEAVQWidget@@AEBVQString@@1AEBVKGuiItem@@21V?$QFlags@W4Option@KMessageBox@@@@@Z
??1KGuiItem@@QEAA@XZ
??0KGuiItem@@QEAA@AEBVQString@@000@Z
?error@KMessageBox@@YAXPEAVQWidget@@AEBVQString@@1V?$QFlags@W4Option@KMessageBox@@@@@Z

kf6kiocore

?copy@KIO@@YAPEAVCopyJob@1@AEBVQUrl@@0V?$QFlags@W4JobFlag@KIO@@@@@Z

kf6i18n

??1KLocalizedString@@QEAA@XZ
?ki18nd@@YA?AVKLocalizedString@@PEBD0@Z
?toString@KLocalizedString@@QEBA?AVQString@@XZ
?subs@KLocalizedString@@QEBA?AV1@AEBVQString@@HVQChar@@@Z

qt6dbus

?qt_metacall@QDBusAbstractAdaptor@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0QDBusAbstractAdaptor@@IEAA@PEAVQObject@@@Z
??1QDBusAbstractAdaptor@@UEAA@XZ
?setAutoRelaySignals@QDBusAbstractAdaptor@@IEAAX_N@Z
?staticMetaObject@QDBusAbstractAdaptor@@2UQMetaObject@@B
?qt_metacast@QDBusAbstractAdaptor@@UEAAPEAXPEBD@Z

kf6coreaddons

?staticMetaObject@KPluginFactory@@2UQMetaObject@@B
?staticMetaObject@KJob@@2UQMetaObject@@B
?staticMetaObject@KDirWatch@@2UQMetaObject@@B
??0KDirWatch@@QEAA@PEAVQObject@@@Z
??1KDirWatch@@UEAA@XZ
?addFile@KDirWatch@@QEAAXAEBVQString@@@Z
?removeFile@KDirWatch@@QEAAXAEBVQString@@@Z
?dirty@KDirWatch@@QEAAXAEBVQString@@@Z
?created@KDirWatch@@QEAAXAEBVQString@@@Z
?deleted@KDirWatch@@QEAAXAEBVQString@@@Z
?error@KJob@@QEBAHXZ
?result@KJob@@QEAAXPEAV1@UQPrivateSignal@1@@Z
?qt_metacast@KPluginFactory@@UEAAPEAXPEBD@Z
?qt_metacall@KPluginFactory@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
??0KPluginFactory@@QEAA@XZ
??1KPluginFactory@@UEAA@XZ
?registerPlugin@KPluginFactory@@AEAAXPEBUQMetaObject@@P6APEAVQObject@@PEAVQWidget@@PEAV3@AEBVKPluginMetaData@@AEBV?$QList@VQVariant@@@@@Z@Z
?metaObject@KDirWatch@@UEBAPEBUQMetaObject@@XZ
?qt_metacast@KDirWatch@@UEAAPEAXPEBD@Z
?qt_metacall@KDirWatch@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?event@KDirWatch@@UEAA_NPEAVQEvent@@@Z
?create@KPluginFactory@@MEAAPEAVQObject@@PEBDPEAVQWidget@@PEAV2@AEBV?$QList@VQVariant@@@@@Z

qt6core

?setInterval@QTimer@@QEAAXH@Z
?setSingleShot@QTimer@@QEAAX_N@Z
?start@QTimer@@QEAAXXZ
?timeout@QTimer@@QEAAXUQPrivateSignal@1@@Z
??0QUrl@@QEAA@XZ
??0QUrl@@QEAA@AEBV0@@Z
??4QUrl@@QEAAAEAV0@AEBV0@@Z
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z
??1QUrl@@QEAA@XZ
?toDisplayString@QUrl@@QEBA?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z
?fromLocalFile@QUrl@@SA?AV1@AEBVQString@@@Z
??6@YA?AVQDebug@@V0@AEBVQUrl@@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
??1QDebug@@QEAA@XZ
??6QDebug@@QEAAAEAV0@PEBD@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??1QVariant@@QEAA@XZ
??0QDateTime@@QEAA@AEBV0@@Z
??0QMessageLogger@@QEAA@PEBDH00@Z
??4QDateTime@@QEAAAEAV0@AEBV0@@Z
?msecsTo@QDateTime@@QEBA_JAEBV1@@Z
??1QTimer@@UEAA@XZ
?isNull@QString@@QEBA_NXZ
??0QFileInfo@@QEAA@AEBVQString@@@Z
??1QFileInfo@@QEAA@XZ
?fileName@QFileInfo@@QEBA?AVQString@@XZ
?path@QFileInfo@@QEBA?AVQString@@XZ
??0QDir@@QEAA@AEBVQString@@@Z
??1QDir@@QEAA@XZ
?rmdir@QDir@@QEBA_NAEBVQString@@@Z
?isDebugEnabled@QLoggingCategory@@QEBA_NXZ
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?staticMetaObject@QObject@@2UQMetaObject@@B
?staticMetaObject@QTimer@@2UQMetaObject@@B
?parent@QObject@@QEBAPEAV1@XZ
??0QLoggingCategory@@QEAA@PEBDW4QtMsgType@@@Z
??1QLoggingCategory@@QEAA@XZ
??1QDateTime@@QEAA@XZ
??0QTimer@@QEAA@PEAVQObject@@@Z
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
??0QMetaType@@QEAA@XZ
??5@YAAEAVQDataStream@@AEAV0@AEAVQString@@@Z
?equalStrings@QtPrivate@@YA_NVQStringView@@0@Z
??6@YAAEAVQDataStream@@AEAV0@AEBVQString@@@Z
?compareStrings@QtPrivate@@YAHVQStringView@@0W4CaseSensitivity@Qt@@@Z
?data@QString@@QEBAPEBVQChar@@XZ
?size@QString@@QEBA_JXZ
??0QString@@QEAA@$$QEAV0@@Z
??0QString@@QEAA@AEBV0@@Z
??1QString@@QEAA@XZ
?remove@QFile@@SA_NAEBVQString@@@Z
??0QString@@QEAA@XZ
??0QChar@@QEAA@UQLatin1Char@@@Z
??1Connection@QMetaObject@@QEAA@XZ
?cast@QMetaObject@@QEBAPEBVQObject@@PEBV2@@Z
?currentDateTimeUtc@QDateTime@@SA?AV1@XZ
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
qt_version_tag_6_6

msvcp140

?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ

vcruntime140

__current_exception
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memcpy
memset
__current_exception_context
__C_specific_handler

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_register_onexit_function
terminate
_seh_filter_dll
_execute_onexit_table
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc

api-ms-win-crt-string-l1-1-0

strcmp

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata_v2

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtversi
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 379B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff076010611d3c9ac00f0692b0c0f973

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ca:62:f9:0b:0b:bf:87:d2:91:7d:ac:ac:bd:fe:cb:db:7e:92:a9:d1:4e:7d:bb:9a:a8:3a:ea:ca:fa:9d:15:bcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kf6dbusaddons

kf6widgetsaddons

kf6kiocore

kf6i18n

qt6dbus

kf6coreaddons

qt6core

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 6KB - Virtual size: 5KB

.idata Size: 13KB - Virtual size: 12KB

.qtversi Size: 512B - Virtual size: 275B

.qtmetad Size: 512B - Virtual size: 379B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 944B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ca:62:f9:0b:0b:bf:87:d2:91:7d:ac:ac:bd:fe:cb:db:7e:92:a9:d1:4e:7d:bb:9a:a8:3a:ea:ca:fa:9d:15:bc
Signer

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 6KB - Virtual size: 5KB

.idata
Size: 13KB - Virtual size: 12KB

.qtversi
Size: 512B - Virtual size: 275B

.qtmetad
Size: 512B - Virtual size: 379B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 944B