df76c448a79f049d617743f637ffb4ac76b8a20016510db7c9c71977eb971bba[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

df76c448a79f049d617743f637ffb4ac76b8a20016510db7c9c71977eb971bba.exe
Size

404KB
MD5

a6d3f201a60c2b230066cc4e10aa48ef
SHA1

74ab9e64965f573ec8d19112c3d0edd42cf6d156
SHA256

df76c448a79f049d617743f637ffb4ac76b8a20016510db7c9c71977eb971bba
SHA512

5ef56451a0d758cc6de27eea7e9d3d9a3574117c2abb2d9dc6bbe8c93825db2569c329aab247dedd5deb70f76ad7fe87289e46a480859c7693817dfe4ac05c98
SSDEEP

12288:nxfh6E/AQjAKiYs/7RU813jh/nZHd+Hc5mvbYF:nbpfe/7Rt/nZHGc5mkF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df76c448a79f049d617743f637ffb4ac76b8a20016510db7c9c71977eb971bba.exe

Files

df76c448a79f049d617743f637ffb4ac76b8a20016510db7c9c71977eb971bba.exe
.exe windows:5 windows x86 arch:x86

b0c46cbdfdd3bafc4af4b8151575e2b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\TempView\Misc\Setup3\build\Release\QQSetupEx.pdb

Imports

ws2_32

send
socket
closesocket
gethostbyname
WSACleanup
recv
connect
inet_ntoa
WSAStartup
inet_addr
htons

netapi32

Netbios

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FreeEnvironmentStringsW
RtlUnwind
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetLongPathNameW
DeleteFileW
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
GetVersionExW
GetCommandLineW
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
SizeofResource
OpenThread
LockResource
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetSystemDirectoryW
CopyFileW
GetExitCodeProcess
GetModuleHandleW
GetFileSizeEx
FindFirstFileW
VirtualQuery
GetCurrentProcess
GetSystemTimeAsFileTime
InitializeCriticalSection
GetProcessTimes
Sleep
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
MoveFileW
EnterCriticalSection
FindClose
LoadLibraryA
GetModuleHandleA
QueryPerformanceFrequency
DeleteCriticalSection
SetFileAttributesW
WideCharToMultiByte
DeviceIoControl
FreeLibrary
CreateProcessW
LoadLibraryW
GetStdHandle
CreatePipe
DuplicateHandle
GetFileType
lstrlenW
GetLocalTime
GetEnvironmentStringsW
OutputDebugStringW
IsBadReadPtr
TerminateThread
MultiByteToWideChar
ResetEvent
CreateEventW
GetWindowsDirectoryW
SetErrorMode
lstrlenA
GetTempFileNameW
lstrcatW
GlobalFree
GlobalAlloc
lstrcmpW
OpenProcess
lstrcpyW
GetVersion
RemoveDirectoryW
FindNextFileW
lstrcmpiW
MulDiv
GetPrivateProfileStringW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
SearchPathW
GetShortPathNameW
GetFullPathNameW
SetCurrentDirectoryW
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
GetStartupInfoW
HeapSetInformation
ExitThread
HeapReAlloc
DecodePointer
EncodePointer
HeapAlloc
HeapFree
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapCreate
HeapDestroy
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetEvent
SetHandleCount
WriteConsoleW
SetStdHandle
lstrcpynW
GetProcessHeap
SetLastError

user32

CharUpperW
wsprintfW
CharNextW
MessageBoxIndirectW
CharPrevW
wvsprintfW
SetTimer
GetMessageW
KillTimer
TranslateMessage
PeekMessageW
SetWindowLongW
RegisterClassW
UpdateWindow
DispatchMessageW
LoadImageW
IsIconic
SendMessageTimeoutW
FindWindowA
DestroyWindow
GetClassInfoExW
RegisterClassExW
GetDesktopWindow
ShowWindow
IsWindow
CreateWindowExW
SendMessageW
DefWindowProcW
PostThreadMessageW
TrackPopupMenu
PostMessageW
GetSubMenu
SetForegroundWindow
LoadMenuW
GetCursorPos
DestroyMenu
SetWindowTextW
GetWindowLongW

gdi32

GetStockObject

advapi32

RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoFreeLibrary
CoLoadLibrary

shlwapi

PathFileExistsW

wintrust

WTHelperGetProvCertFromChain
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
WTHelperProvDataFromStateData
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 544KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0c46cbdfdd3bafc4af4b8151575e2b2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

netapi32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

wintrust

crypt32

Sections

.text Size: 239KB - Virtual size: 238KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 7KB - Virtual size: 302KB

.ndata Size: - Virtual size: 544KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 91KB - Virtual size: 92KB

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 7KB - Virtual size: 302KB

.ndata
Size: - Virtual size: 544KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 91KB - Virtual size: 92KB