9beb931ced10f0abf9d4886e86ec2be604b93bcbd2c1f51b6266a38101778156

Sharing

Copy URL

Twitter E-mail

General

Target

9beb931ced10f0abf9d4886e86ec2be604b93bcbd2c1f51b6266a38101778156
Size

149KB
MD5

55a3a7a3af244ee26bca0d7e0500b866
SHA1

e68ce3af685420c8f3406a0efe0a5e3067197386
SHA256

9beb931ced10f0abf9d4886e86ec2be604b93bcbd2c1f51b6266a38101778156
SHA512

cd37de04b73b186e95708652cfd090f96e39131888a22845a3d8e2e4c3c6c73e274b7be769f57bb260ef155f373e18a6b4a2b65ac88c5494d7180629e0bc57ed
SSDEEP

3072:+9lEtK26HY9Ml+3cCqrs4atjUEM83jLcNd0PHYWiBt7Dr8:rEGMGcCq4lxV3U/0PHNiXDr8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9beb931ced10f0abf9d4886e86ec2be604b93bcbd2c1f51b6266a38101778156

Files

9beb931ced10f0abf9d4886e86ec2be604b93bcbd2c1f51b6266a38101778156
.exe windows:5 windows x86 arch:x86

8a62dbe26ee517d44d52e2db88f102d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\landun\p-1e95acefd2ea4dcfa1c9075e6c4cc78a\qqlivepc21\FinalRelease\TMPThumb.pdb

Imports

kernel32

HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
SizeofResource
GetCurrentProcess
GetStdHandle
WriteFile
TerminateProcess
GetModuleFileNameW
CreateMutexW
ReleaseMutex
MultiByteToWideChar
LockResource
CloseHandle
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
SetCurrentDirectoryW
GetProcAddress
GetCurrentProcessId
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
FileTimeToLocalFileTime
WideCharToMultiByte
FileTimeToDosDateTime
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead

shell32

CommandLineToArgvW

shlwapi

PathFileExistsW

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

memset
memcpy
__std_exception_copy
__CxxFrameHandler3
_except_handler4_common
_CxxThrowException
memmove
wcsrchr
__current_exception_context
__current_exception
__std_exception_destroy
__std_type_info_compare

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
calloc
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_register_onexit_function
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_controlfp_s
_errno
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

wcsnlen
wmemcpy_s

api-ms-win-crt-stdio-l1-1-0

fclose
_wfsopen
__stdio_common_vsprintf
__p__commode
_set_fmode
ferror
fseek
ftell
fwrite
fopen
fread

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a62dbe26ee517d44d52e2db88f102d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 74KB - Virtual size: 76KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 74KB - Virtual size: 76KB