4674766fe401d128980da77ae92692dc953b51d581b69cb0c2e61029d072de24

Sharing

Copy URL Twitter E-mail

General

Target

4674766fe401d128980da77ae92692dc953b51d581b69cb0c2e61029d072de24
Size

1.1MB
MD5

1e77e16751b0105c26211ef86fb74331
SHA1

f1d6aef38eb4a6b771431c84d0892c834f9ed9e8
SHA256

4674766fe401d128980da77ae92692dc953b51d581b69cb0c2e61029d072de24
SHA512

f83b526bc2a380de739825833b003a3d34cdd09c1842c0f98ce7868e8845033fb4f51a80a2d55aadc9fbe0d43fcf29363fb6e56fcbab0ae880a083cfc7409302
SSDEEP

24576:y/LzA+zAJWbCgTlpiiP3XTa2JASsUd37zrDPXvmt7:LgPpTFJASDR7zPXv2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4674766fe401d128980da77ae92692dc953b51d581b69cb0c2e61029d072de24

Files

4674766fe401d128980da77ae92692dc953b51d581b69cb0c2e61029d072de24
.exe windows:5 windows x86 arch:x86

d3ab040bf2ff5fe9d249c6667c3e1db9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\1820\QQMusicPC\Source\ExternalProcesses\Pdb\Release\QQMusicUninstaller.pdb

Imports

kernel32

WriteConsoleW
lstrlenW
SetFilePointer
WriteFile
LoadLibraryA
ResetEvent
SetEvent
GetTickCount
GetCurrentDirectoryW
FreeResource
ExitProcess
MulDiv
SystemTimeToFileTime
LocalFileTimeToFileTime
FormatMessageW
lstrcpynW
InterlockedIncrement
lstrcmpiW
lstrcpyW
IsBadWritePtr
IsBadReadPtr
DuplicateHandle
GetDriveTypeW
GetLogicalDrives
DeviceIoControl
GetDiskFreeSpaceExW
SetEndOfFile
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
IsValidCodePage
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetStringTypeW
GetStdHandle
GetUserDefaultLCID
GetOEMCP
GetACP
GetNativeSystemInfo
GetVersionExW
LocalFree
MultiByteToWideChar
GetSystemDirectoryW
GetModuleHandleW
TerminateProcess
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
ReadFile
GetStartupInfoW
CreatePipe
WaitForSingleObject
CreateProcessW
FreeLibrary
LoadLibraryW
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
GetFileAttributesW
GetFileSize
CreateFileW
GetFileAttributesExW
DeleteFileW
RemoveDirectoryW
FindClose
CopyFileW
SetFileTime
CreateDirectoryW
UnmapViewOfFile
InitializeCriticalSection
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
OutputDebugStringW
GetCurrentProcess
GetModuleHandleExW
Sleep
CloseHandle
FindNextFileW
GetPrivateProfileStringW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindResourceExW
FindResourceW
SizeofResource
RaiseException
LockResource
LoadResource
SetLastError
CreateEventW
OpenEventW
SetCurrentDirectoryW
GetCurrentThreadId
LoadLibraryExW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetLocalTime
GetTempPathW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
GetLastError
FindFirstFileExW

user32

IntersectRect
IsRectEmpty
PtInRect
SetWindowRgn
UpdateLayeredWindow
MoveWindow
GetWindowRgn
NotifyWinEvent
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
UnregisterClassW
wsprintfW
GetMessageW
DispatchMessageW
TranslateMessage
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextW
MapVirtualKeyExW
GetWindowTextLengthW
MapWindowPoints
ScreenToClient
GetCursorPos
InvalidateRect
SetWindowLongW
GetWindowLongW
CreateWindowExW
PostMessageW
SetTimer
KillTimer
MessageBoxW
DefWindowProcW
GetClassInfoExW
LoadCursorW
RegisterClassExW
PostQuitMessage
CallWindowProcW
IsWindow
SetForegroundWindow
SendMessageW
RegisterWindowMessageW
GetDesktopWindow
PostThreadMessageW
WaitForInputIdle
GetWindowThreadProcessId
AllowSetForegroundWindow
GetForegroundWindow
IsIconic
ShowWindow
AttachThreadInput
FindWindowW
SetCursor
InflateRect
UnionRect
OffsetRect
RegisterClassW
SetWindowPos
SetFocus
EnableWindow
SetPropW
GetPropW
GetClientRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
wsprintfA
DrawTextA
CreateAcceleratorTableW
GetSysColor
GetWindowRect
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
DestroyWindow
IsWindowVisible
IsZoomed
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
LoadStringW
InvalidateRgn

gdi32

CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectA
MoveToEx
GetDeviceCaps
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
CreateFontIndirectW
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
CreatePen
DeleteDC
GetEnhMetaFileHeader
DeleteObject
SetTextColor
TextOutW
CreateRoundRectRgn

advapi32

RegQueryValueExA
DuplicateTokenEx
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
RegOpenKeyExA

shell32

SHCreateDirectoryExW
SHFileOperationW
ShellExecuteExW
SHChangeNotify
SHGetFolderPathW
DragQueryFileW
SHGetSpecialFolderPathW

ole32

OleLockRunning
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoCreateGuid
RegisterDragDrop
OleRun
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitializeEx
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
GetErrorInfo
SysFreeString

shlwapi

SHDeleteValueW
SHDeleteKeyW
ord176
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

psapi

GetModuleFileNameExW
GetModuleBaseNameW

ws2_32

ntohl
gethostname
WSAStartup
htonl
gethostbyname

oleacc

LresultFromObject

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

Exports

Exports

??0CDownloadPure@QMNetwork@@QAE@ABV01@@Z
??0CDownloadPure@QMNetwork@@QAE@PAVITaskCallback@1@@Z
??0CHttpProtocol@QMNetwork@@QAE@ABV01@@Z
??0CHttpProtocol@QMNetwork@@QAE@PAVCHttpProtocolCallback@1@@Z
??0CHttpProtocolCallback@QMNetwork@@QAE@ABV01@@Z
??0CHttpProtocolCallback@QMNetwork@@QAE@XZ
??0CNetworkCacheCallback@QMNetwork@@QAE@ABV01@@Z
??0CNetworkCacheCallback@QMNetwork@@QAE@XZ
??0IHttpParamCallback@QMNetwork@@QAE@ABV01@@Z
??0IHttpParamCallback@QMNetwork@@QAE@XZ
??0ITaskCallback@QMNetwork@@QAE@$$QAV01@@Z
??0ITaskCallback@QMNetwork@@QAE@ABV01@@Z
??0ITaskCallback@QMNetwork@@QAE@XZ
??1CDownloadPure@QMNetwork@@UAE@XZ
??1CHttpProtocol@QMNetwork@@UAE@XZ
??1CHttpProtocolCallback@QMNetwork@@UAE@XZ
??1CNetworkCacheCallback@QMNetwork@@UAE@XZ
??1IHttpParamCallback@QMNetwork@@UAE@XZ
??4CDownloadPure@QMNetwork@@QAEAAV01@ABV01@@Z
??4CHttpProtocol@QMNetwork@@QAEAAV01@ABV01@@Z
??4CHttpProtocolCallback@QMNetwork@@QAEAAV01@ABV01@@Z
??4CNetworkCacheCallback@QMNetwork@@QAEAAV01@ABV01@@Z
??4IHttpParamCallback@QMNetwork@@QAEAAV01@ABV01@@Z
??4ITaskCallback@QMNetwork@@QAEAAV01@$$QAV01@@Z
??4ITaskCallback@QMNetwork@@QAEAAV01@ABV01@@Z
??_7CDownloadPure@QMNetwork@@6B@
??_7CHttpProtocol@QMNetwork@@6B@
??_7CHttpProtocolCallback@QMNetwork@@6B@
??_7CNetworkCacheCallback@QMNetwork@@6B@
??_7IHttpParamCallback@QMNetwork@@6B@
??_7ITaskCallback@QMNetwork@@6B@
?OnTaskNotify2@ITaskCallback@QMNetwork@@UAEXPADH@Z

Sections

.text
Size: 643KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3ab040bf2ff5fe9d249c6667c3e1db9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

imm32

psapi

ws2_32

oleacc

netapi32

Exports

Exports

Sections

.text Size: 643KB - Virtual size: 642KB

.rdata Size: 215KB - Virtual size: 214KB

.data Size: 10KB - Virtual size: 30KB

.gfids Size: 1024B - Virtual size: 600B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 109KB - Virtual size: 109KB

.reloc Size: 117KB - Virtual size: 120KB

.text
Size: 643KB - Virtual size: 642KB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 10KB - Virtual size: 30KB

.gfids
Size: 1024B - Virtual size: 600B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 109KB - Virtual size: 109KB

.reloc
Size: 117KB - Virtual size: 120KB