7de8aee0099017076e1f66f36c816a21f01a4ad5fa3f9abbeb061d1144619f05N

Sharing

Copy URL Twitter E-mail

General

Target

7de8aee0099017076e1f66f36c816a21f01a4ad5fa3f9abbeb061d1144619f05N
Size

1.3MB
MD5

6ada88c10488b300f7bcf9e4c0e74b90
SHA1

0461376a1c2ea88efcd69e51f48d57ec4517169b
SHA256

7de8aee0099017076e1f66f36c816a21f01a4ad5fa3f9abbeb061d1144619f05
SHA512

45ad849e262b2b2b89046a9277a16b7710d567b8e20b7755fecceb4c7467df192963d3b471fe063941b15baee6f7c198c9798133e5265aae4d7c1600cc333cb2
SSDEEP

24576:hAp1iSktQ+AKkxmQC3OOZabQAFGyxfNBy:nXkUuOZlAb3y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7de8aee0099017076e1f66f36c816a21f01a4ad5fa3f9abbeb061d1144619f05N

Files

7de8aee0099017076e1f66f36c816a21f01a4ad5fa3f9abbeb061d1144619f05N
.exe windows:5 windows x86 arch:x86

6cda817387f4d0c195fa78845a5619c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\logo\Debug\qjwm_setup.pdb

Imports

kernel32

UnmapViewOfFile
lstrcpyW
CreateFileMappingW
FindResourceA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcAddress
GetCurrentThread
SetThreadPriority
GetLastError
lstrcatW
CreateMutexW
GetModuleFileNameW
MapViewOfFile
SetPriorityClass
GetFileType
ReadFile
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
SetEvent
WriteFile
LoadResource
OutputDebugStringA
SetCurrentDirectoryW
SizeofResource
Sleep
WaitForMultipleObjects
WaitForSingleObject
lstrlenW
LocalFree
FlushFileBuffers
SetStdHandle
FreeLibrary
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
HeapAlloc
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetProcessHeap
GetConsoleCP
TerminateProcess
ExitProcess
GetCurrentProcess
OpenProcess
FreeResource
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetModuleHandleW
GetModuleFileNameA
DeviceIoControl
DeleteFileA
CreateFileA
CreateDirectoryA
GetTempPathA
CreateProcessA
GetTickCount
CloseHandle
SetFilePointer
OutputDebugStringW
SetEndOfFile
DeleteCriticalSection
InitializeCriticalSection
CreateThread
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedExchange
ReadConsoleW
GetConsoleMode
SetFilePointerEx
lstrlenA
GetCurrentProcessId
WriteConsoleW
GetStdHandle
LoadLibraryW
LoadLibraryExW
WaitForSingleObjectEx
SetConsoleCtrlHandler
AreFileApisANSI
InterlockedIncrement
GetSystemInfo
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FatalAppExitA
DecodePointer
EncodePointer
HeapValidate
GetCommandLineW
ResumeThread
ExitThread
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetModuleHandleExW
VirtualQuery
VirtualProtect
OpenFileMappingW
VirtualAlloc
OpenEventW

user32

DispatchMessageW
PostQuitMessage
RegisterClassExW
CreateWindowExW
ShowWindow
SetWindowPos
GetSystemMetrics
LoadMenuW
GetSubMenu
TrackPopupMenu
DrawTextA
GetDC
ReleaseDC
BeginPaint
EndPaint
SetWindowTextA
SetCursor
GetCursorPos
FillRect
SetRectEmpty
CopyRect
LoadCursorW
LoadIconW
IsWindow
SendMessageW
SetRect
PtInRect
MessageBoxW
GetMessageW
TranslateMessage
PostMessageW
DestroyWindow
DefWindowProcW

gdi32

GetDIBColorTable
SetTextColor
StretchBlt
SetBkMode
GetTextExtentPoint32A
FrameRgn
EnumFontsW
CreateSolidBrush
CreateRoundRectRgn
CreateFontW
GetObjectW
SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
TextOutA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
SetThreadToken
OpenThreadToken
RevertToSelf
RegSetValueExA

shell32

Shell_NotifyIconW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListW
SHChangeNotify

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

CreateErrorInfo
SysFreeString
GetErrorInfo
SysAllocString
VariantClear
VariantInit
VariantChangeType
SetErrorInfo

ws2_32

WSAStartup
setsockopt
gethostbyname
socket
send
closesocket
connect
htons
inet_addr
inet_ntoa
recv

gdiplus

GdipBitmapUnlockBits
GdipDrawImageI
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipCreateBitmapFromStream

msimg32

TransparentBlt
AlphaBlend

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cda817387f4d0c195fa78845a5619c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

gdiplus

msimg32

iphlpapi

Sections

.text Size: 648KB - Virtual size: 648KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 388KB - Virtual size: 399KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 141KB - Virtual size: 141KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 648KB - Virtual size: 648KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 388KB - Virtual size: 399KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 141KB - Virtual size: 141KB

.reloc
Size: 28KB - Virtual size: 28KB