ec179b03681ecca0ff6911f0d257d933ed650b304b6b36a62b9b58b781e4ff07

Sharing

Copy URL Twitter E-mail

General

Target

ec179b03681ecca0ff6911f0d257d933ed650b304b6b36a62b9b58b781e4ff07
Size

732KB
MD5

386c412a8ccc47fcd14cf4e366603c25
SHA1

02b308f995901282472725f8eec0603571f5cd74
SHA256

ec179b03681ecca0ff6911f0d257d933ed650b304b6b36a62b9b58b781e4ff07
SHA512

8077303f99e273c630a1d8889373a71ce5442ae5ffed50da922886efa6e4e4907f62242c04007e9f72915c30f66fb66e36986cf6ac196f7123d0add01cbb1fd1
SSDEEP

12288:IakZnUNarGJrOZaj6GTRhTeWt7r/Z+TPhrfxEDVDZgroUIz4kpSaz7ADnE83edYV:Iaaua6Jjm4h93gTPGDZgrofdpmbOCV

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/._cache_QQSpeedLauncher_x86.exe
unpack001/._cache_QQSpeedServer.exe

Files

ec179b03681ecca0ff6911f0d257d933ed650b304b6b36a62b9b58b781e4ff07
.zip
._cache_QQSpeedLauncher_x86.exe
.exe windows:6 windows x86 arch:x86

54d30a3a8c1903d579b23d44500e072a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetModuleHandleW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteConsoleW
CreateFileW
HeapSize
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
GetProcAddress
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetFileType
LCMapStringW
CloseHandle
lstrcpyA
SetEvent
GetLastError
MultiByteToWideChar
CreateEventW
UnmapViewOfFile
TerminateProcess
SetStdHandle
HeapFree
HeapAlloc
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
EncodePointer
LoadLibraryExW
FreeLibrary
DecodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind

user32

SystemParametersInfoW
PostQuitMessage
wsprintfW
LoadCursorW
LoadImageW
TranslateMessage
TranslateAcceleratorW
DrawTextExW
MessageBoxA
UpdateWindow
BeginPaint
InvalidateRect
EndPaint
LoadIconW
EndDialog
GetWindowTextA
MapWindowPoints
SetWindowTextA
LoadBitmapW
GetClientRect
GetDlgItem
GetWindowTextLengthA
DialogBoxParamW
GetMessageW
DefWindowProcW
DestroyWindow
MessageBoxW
CreateWindowExW
SendMessageW
RegisterClassExW
LoadAcceleratorsW
LoadStringW
wsprintfA
ShowWindow
DispatchMessageW

gdi32

SetBkMode
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkColor
DeleteObject

advapi32

RegGetValueW

shell32

ShellExecuteExW
SHGetSpecialFolderPathA

shlwapi

PathFileExistsW

ws2_32

htonl
ntohl
htons
recv
connect
socket
send
inet_addr
WSAStartup
WSAAsyncSelect
closesocket
WSACleanup
ntohs

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

[WzR�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
._cache_QQSpeedServer.exe
.exe windows:6 windows x86 arch:x86

5cb975b7351077cae9b9b1217ba6cbc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Documents\Desktop\传奇\bin\QQSpeedServer.pdb

Imports

kernel32

WriteFile
GetDynamicTimeZoneInformation
GetCurrentThreadId
GetConsoleMode
GetCurrentProcessId
GetTickCount
MultiByteToWideChar
GetLastError
CloseHandle
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueue
SetConsoleCtrlHandler
SetConsoleTitleA
GetCurrentProcess
CreateFileW
GetFileAttributesA
LoadLibraryA
GetLocalTime
FreeLibrary
GetSystemTimeAsFileTime
WriteConsoleA
SetUnhandledExceptionFilter
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
ReadFile
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
IsDebuggerPresent
Sleep
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
WaitForSingleObjectEx
GetExitCodeThread
QueryPerformanceCounter
LocalFree
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
TerminateProcess
RtlUnwind
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
SetEndOfFile

user32

wsprintfW

sqlite3

sqlite3_column_int
sqlite3_column_blob
sqlite3_wal_checkpoint_v2
sqlite3_exec
sqlite3_column_text
sqlite3_open_v2
sqlite3_bind_text
sqlite3_initialize
sqlite3_bind_blob
sqlite3_shutdown
sqlite3_config
sqlite3_bind_int
sqlite3_step
sqlite3_prepare_v2
sqlite3_finalize
sqlite3_errmsg
sqlite3_reset
sqlite3_close

ws2_32

htons
ntohl
inet_addr
htonl
ntohs

hpsocket

HP_Create_UdpNode
HP_Create_TcpServer
HP_Destroy_TcpServer
HP_Destroy_UdpNode

Sections

.text
Size: 995KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

54d30a3a8c1903d579b23d44500e072a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ws2_32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 255KB - Virtual size: 255KB

[WzR�u� Size: 16KB - Virtual size: 20KB

5cb975b7351077cae9b9b1217ba6cbc8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

sqlite3

ws2_32

hpsocket

Sections

.text Size: 995KB - Virtual size: 994KB

.rdata Size: 211KB - Virtual size: 210KB

.data Size: 26KB - Virtual size: 38KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 255KB - Virtual size: 255KB

[WzR�u�
Size: 16KB - Virtual size: 20KB

.text
Size: 995KB - Virtual size: 994KB

.rdata
Size: 211KB - Virtual size: 210KB

.data
Size: 26KB - Virtual size: 38KB