6f5810535a71dbfd6b10517a871dfd85e5e5f9c3c504e16910f5c5d97211df0e

Sharing

Copy URL

Twitter E-mail

General

Target

6f5810535a71dbfd6b10517a871dfd85e5e5f9c3c504e16910f5c5d97211df0e
Size

654KB
MD5

7533d0576eead381d2502ad6ba854263
SHA1

63b84f4f40172bf6d61884d4739325373a43b93d
SHA256

6f5810535a71dbfd6b10517a871dfd85e5e5f9c3c504e16910f5c5d97211df0e
SHA512

7b629e3ebe2cca4bbde06c672cfd414883f23f103ff0809b7453a8e873ca3d87ced8597412a7b7a9d5abb6cdfc51c940556ba77eef97e6f21d413d906421ac18
SSDEEP

12288:r98rmdR3y4dqXLBzy6LRWohK9v26UrmAP6mY5O95Ev4uuYRY+hSIfiDbZwE:58VXpK9vJk6hO95sDKASIf9E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f5810535a71dbfd6b10517a871dfd85e5e5f9c3c504e16910f5c5d97211df0e

Files

6f5810535a71dbfd6b10517a871dfd85e5e5f9c3c504e16910f5c5d97211df0e
.exe windows:6 windows x86 arch:x86

f34819a14dfa83bebd518d833c2f6ee9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\data\landun\workspace\x64\QQInstaller\Setup3\build\Release\Uninstall.pdb

Imports

msi

ord195

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
recv
WSACleanup
closesocket
gethostbyname
WSAStartup
inet_addr
send
socket
connect
inet_ntoa

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
CreateDirectoryW
GetLongPathNameW
GetTempPathW
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
MoveFileExW
GetTickCount
MoveFileW
GetLastError
CreateMutexW
LoadLibraryW
GetProcAddress
GetVersionExW
WideCharToMultiByte
QueryDosDeviceW
K32GetModuleFileNameExW
WaitForSingleObject
K32GetProcessImageFileNameW
OpenProcess
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
GetCurrentProcessId
CreateProcessW
lstrcmpiW
TerminateProcess
K32EnumProcessModules
MultiByteToWideChar
SizeofResource
FindFirstFileW
WriteFile
FindClose
CreateFileW
LoadResource
FindResourceW
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
CreateEventW
ReadFile
SetLastError
FindNextFileW
GetCurrentProcess
GetFileAttributesExW
GetCurrentDirectoryW
CopyFileW
OutputDebugStringA
GetModuleFileNameW
SetFilePointer
ReleaseMutex
HeapAlloc
AssignProcessToJobObject
ResumeThread
GetModuleHandleW
GetSystemTimeAsFileTime
GetCommandLineW
LocalFree
GetNativeSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
HeapSize
GetCurrentThreadId
Sleep
RaiseException
CreateThread
GetSystemDirectoryW
GetWindowsDirectoryW
SetEvent
ExitProcess
FreeResource
LockResource
SetStdHandle
GetModuleHandleExW
GetConsoleMode
GetConsoleOutputCP
GetFullPathNameW
LoadLibraryExW
FreeLibrary
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
HeapFree
GetDriveTypeW
GetTimeZoneInformation
ReadConsoleW
GetFileSizeEx
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
GetStdHandle
IsDebuggerPresent

user32

wsprintfW
MessageBoxW
PostQuitMessage
KillTimer
TranslateMessage
GetQueueStatus
CallMsgFilterW
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
DefWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
UnregisterClassW
WaitMessage
RegisterClassExW

advapi32

CreateProcessAsUserW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHChangeNotify
SHFileOperationW

ole32

CLSIDFromProgID
CoTaskMemFree
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
StringFromCLSID

shlwapi

PathStripToRootW
wnsprintfW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

Sections

.text
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34819a14dfa83bebd518d833c2f6ee9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

userenv

winmm

Sections

.text Size: 422KB - Virtual size: 422KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 88KB - Virtual size: 88KB

.text
Size: 422KB - Virtual size: 422KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 88KB - Virtual size: 88KB