f5076ae71eb6a2a691de612a22d08d745b32118e8635c3d4c43b4e22a4997064

Sharing

Copy URL Twitter E-mail

General

Target

f5076ae71eb6a2a691de612a22d08d745b32118e8635c3d4c43b4e22a4997064
Size

5.8MB
MD5

baceec238835159a7b71e41d703d4d94
SHA1

fb6aaace1eab2cf4ff937eb6aab78506a91ece47
SHA256

f5076ae71eb6a2a691de612a22d08d745b32118e8635c3d4c43b4e22a4997064
SHA512

fb41e4ba35f7e174822cd3369438293a32a2e0cb6421b6f1c75b1f7b880af52fc2f6cc9c21a37fbfc844ee4e4154cc2afde72b92a484a148b8007f7e9afbbbac
SSDEEP

98304:FWEIKDa7OlnbU3Q6I5k8iRZWtguQ47D2wPzE:FO2nb2rI5SZuQ0DS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5076ae71eb6a2a691de612a22d08d745b32118e8635c3d4c43b4e22a4997064

Files

f5076ae71eb6a2a691de612a22d08d745b32118e8635c3d4c43b4e22a4997064
.exe windows:6 windows x86 arch:x86

9121267023bbf4cfc9b2b4422b66bb85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\005.3VJIA\030.CNC\002.CNC2.0\Bin\DebugR\DogEraser.pdb

Imports

qt5widgets

??1QApplication@@UAE@XZ
?exec@QApplication@@SAHXZ
?information@QMessageBox@@SA?AW4StandardButton@1@PAVQWidget@@ABVQString@@1V?$QFlags@W4StandardButton@QMessageBox@@@@W421@@Z
??0QApplication@@QAE@AAHPAPADH@Z

qt5core

?number@QString@@SA?AV1@_KH@Z
??8@YA_NABVQString@@0@Z
??0QString@@QAE@PBD@Z
??1QDateTime@@QAE@XZ
?fromString@QDateTime@@SA?AV1@ABVQString@@0@Z
?number@QString@@SA?AV1@_JH@Z
?execute@QProcess@@SAHABVQString@@@Z
?tr@QObject@@SA?AVQString@@PBD0H@Z
?qRegisterResourceData@@YA_NHPBE00@Z
?qUnregisterResourceData@@YA_NHPBE00@Z
??0QByteArray@@QAE@XZ
?toInt@QString@@QBEHPA_NH@Z
?fromLocal8Bit@QString@@SA?AV1@PBDH@Z
?mid@QString@@QBE?AV1@HH@Z
?lastIndexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z
?indexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z
?sprintf@QString@@QAAAAV1@PBDZZ
??4QString@@QAEAAV0@$$QAV0@@Z
??1QString@@QAE@XZ
?data@QByteArray@@QAEPADXZ
?size@QByteArray@@QBEHXZ
??4QByteArray@@QAEAAV0@$$QAV0@@Z
??0QByteArray@@QAE@$$QAV0@@Z
??1QByteArray@@QAE@XZ
??0QByteArray@@QAE@PBDH@Z
?toTime_t@QDateTime@@QBEIXZ

kernel32

InitializeCriticalSectionAndSpinCount
CreateSemaphoreA
DeleteFiber
GetComputerNameExW
TlsGetValue
FindNextFileA
GetLocalTime
DeleteFileW
GetTimeZoneInformation
RemoveDirectoryW
QueryPerformanceFrequency
GetVersionExA
SetFilePointerEx
CreateProcessW
CreateMutexA
OpenSemaphoreA
DeviceIoControl
GetFileInformationByHandle
GetEnvironmentVariableW
SearchPathA
GetSystemTime
GetModuleFileNameA
GetComputerNameW
GetWindowsDirectoryA
CreateFileA
HeapFree
GetFileSize
MoveFileExW
LocalFree
SystemTimeToFileTime
OutputDebugStringA
SetEndOfFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
ReleaseMutex
OpenProcess
CreateEventA
FreeLibrary
HeapReAlloc
CreateFileMappingA
MultiByteToWideChar
InterlockedCompareExchange
MapViewOfFile
GetSystemDirectoryA
GetModuleFileNameW
SwitchToThread
GetVolumeInformationA
CreateThread
SetFileAttributesW
GetModuleHandleA
GetLogicalDrives
WriteFile
SetLastError
SetErrorMode
GetProcessHeap
FlushFileBuffers
OpenMutexA
InterlockedExchangeAdd
GetDriveTypeA
FindNextFileW
InterlockedIncrement
QueryDosDeviceA
GetLastError
HeapAlloc
TlsSetValue
DefineDosDeviceA
FindFirstFileW
TerminateThread
CreateFileW
CreateDirectoryW
GetEnvironmentVariableA
GetSystemInfo
GetVersion
LocalAlloc
ReadFile
ResumeThread
GetTickCount
SwitchToFiber
ConvertThreadToFiber
WaitForSingleObject
GetProcessTimes
WideCharToMultiByte
DuplicateHandle
LoadLibraryExA
UnmapViewOfFile
Sleep
GetExitCodeThread
InterlockedDecrement
TlsAlloc
FindFirstFileA
SetThreadPriority
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CloseHandle
GetCommandLineW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

vcruntime140

memmove
_purecall
__RTtypeid
__std_type_info_compare
__CxxFrameHandler3
memcmp
_except_handler4_common
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
memset
_CxxThrowException
memcpy

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_cexit
_get_narrow_winmain_command_line
_crt_at_quick_exit
_initterm_e
exit
_exit
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm
terminate
_controlfp_s
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_set_app_type

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

shell32

CommandLineToArgvW

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 210KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.llvm_ad
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9121267023bbf4cfc9b2b4422b66bb85

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5widgets

qt5core

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

shell32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 210KB - Virtual size: 706KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.llvm_ad Size: 2KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 179KB - Virtual size: 179KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 210KB - Virtual size: 706KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.llvm_ad
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 179KB - Virtual size: 179KB