8df5d1995dc2d40485d4bf53f69b180f7f35003869a7e4d9aef58643c44295a5

Sharing

Copy URL

Twitter E-mail

General

Target

8df5d1995dc2d40485d4bf53f69b180f7f35003869a7e4d9aef58643c44295a5
Size

1.1MB
MD5

890879bbd032022c5efb48c69ee417f5
SHA1

d16d8f88241f82867720181ea1e09ab3ddb347d4
SHA256

8df5d1995dc2d40485d4bf53f69b180f7f35003869a7e4d9aef58643c44295a5
SHA512

c8f5dc0588d463fb80edf69ce30dd94182f2f9bc9d1a0e728789e6615211bce88a7503221f0695791957dc2149fb7b6c3919a979e252989c5572447abb953fcb
SSDEEP

24576:fPPp8FH359VoHCeZZZWeYCnw9P4f8zarNFc3kJ4W2seFyFBv:3PqlXVoHCeZZoeNw9P4fWcjc3pW2sV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8df5d1995dc2d40485d4bf53f69b180f7f35003869a7e4d9aef58643c44295a5

Files

8df5d1995dc2d40485d4bf53f69b180f7f35003869a7e4d9aef58643c44295a5
.exe windows:6 windows x86 arch:x86

a38b8032ff10890e62f01961aa2cdcdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Git-repo\qb10frame_116_release\chrome\src\out\Release_x86\QQBrowserLiveup.pdb

Imports

kernel32

HeapReAlloc
HeapSize
HeapFree
DecodePointer
SetUnhandledExceptionFilter
GetCurrentProcessId
RaiseException
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrcmpiW
HeapDestroy
MultiByteToWideChar
WaitForSingleObject
GetLastError
SetLastError
GetProcessHeap
GetExitCodeProcess
ReleaseSRWLockExclusive
MulDiv
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitOnceExecuteOnce
HeapAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LeaveCriticalSection
WakeAllConditionVariable
SleepConditionVariableSRW
FindResourceExW
LockResource
VerSetConditionMask
VerifyVersionInfoW
Sleep
TerminateThread
GetTickCount
FreeLibrary
WriteConsoleW
SetEndOfFile
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
GetCurrentDirectoryW
EnterCriticalSection
GetCurrentThreadId
CreateMutexW
OpenMutexW
CloseHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
VirtualProtect
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
GetLocaleInfoEx
FormatMessageA
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
WaitNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateThread
GetDiskFreeSpaceExW
GetExitCodeThread
DeviceIoControl
WaitForMultipleObjects
SetEvent
GetSystemTimeAsFileTime
K32GetMappedFileNameW
GetLocalTime
MoveFileExW
GetTempPathW
CopyFileW
DeleteFileW
TerminateProcess
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
OutputDebugStringW
GetSystemDefaultLangID
VirtualQuery
GetFullPathNameW
FindNextFileW
WriteFile
SetFilePointer
RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
FindClose
GetSystemInfo
GetSystemDirectoryW
WideCharToMultiByte
CreateEventW
ReadFile
GetCurrentProcess
LocalFree
LocalAlloc
GlobalFree
LoadLibraryW
GetVersionExW
InitializeCriticalSectionEx
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenW
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc

user32

ReleaseDC
IsWindow
PostMessageW
MoveWindow
SetWindowPos
MapWindowPoints
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetForegroundWindow
SetTimer
PostQuitMessage
GetWindowTextLengthW
GetWindowTextW
InflateRect
UpdateLayeredWindow
GetWindowRect
GetClientRect
LoadCursorW
CallWindowProcW
GetWindowLongW
DialogBoxParamW
DestroyWindow
ClientToScreen
SendMessageW
GetWindowDC
IsWindowVisible
ShowWindow
MessageBoxW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
LoadImageW
OffsetRect
SetWindowTextW
GetSystemMetrics
GetDesktopWindow
GetDlgItem
SetWindowRgn
GetClassNameW
InvalidateRect
SetFocus
EnableWindow
FindWindowW
PtInRect
GetScrollInfo
ScreenToClient
GetDlgCtrlID
SystemParametersInfoW
GetCapture
UpdateWindow
ReleaseCapture
SetCapture
BeginPaint
EndPaint
AdjustWindowRectEx
GetMenu
EqualRect
GetAncestor
IsIconic
IsZoomed
SetCursor
GetFocus
SetPropW
GetDC
EnumWindows
GetForegroundWindow
SendInput
FrameRect
GetActiveWindow
CharNextW
UnregisterClassW
DefWindowProcW
SetWindowLongW
PeekMessageW
GetMessageW
PostThreadMessageW
DispatchMessageW
KillTimer
EndDialog
RemovePropW
DestroyIcon
GetIconInfo
SetRectEmpty
IsRectEmpty
DrawFocusRect
CopyRect
DrawTextW
UnionRect
GetCursorPos
IntersectRect
IsWindowEnabled
EnumChildWindows
GetSysColor

gdi32

CreatePen
GetObjectA
SetBkMode
GetBitmapBits
SetBitmapBits
GetTextExtentExPointW
GetTextExtentPoint32W
LineTo
MoveToEx
GetCurrentObject
SelectClipRgn
RectVisible
ExtTextOutW
SetBkColor
CreateRectRgnIndirect
GetStockObject
SetTextColor
GetDeviceCaps
CreateFontW
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetViewportOrgEx
DeleteObject
GetClipBox
GetViewportOrgEx
RestoreDC
SaveDC
CreateDIBSection
CreateFontIndirectW
SetDIBColorTable
CombineRgn
GetPixel
CreateSolidBrush
GetObjectW

advapi32

LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
SetSecurityDescriptorSacl

shell32

SHGetFolderPathW
ord75
SHGetPathFromIDListW
SHGetFolderLocation
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

VarUI4FromStr

shlwapi

PathAppendW
PathRemoveBackslashW
PathCanonicalizeW
wnsprintfW
PathRemoveBlanksW
PathCombineW
PathMatchSpecW
PathFileExistsW
PathRemoveFileSpecW
PathGetArgsW
PathRemoveArgsW
PathFindFileNameW
PathIsDirectoryW
PathUnquoteSpacesW

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromResource
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFontSize
GdiplusShutdown
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipFillPath
GdipCreateBitmapFromHICON
GdipBitmapGetPixel
GdiplusStartup
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipSetSmoothingMode
GdipDrawEllipseI
GdipDrawPath
GdipFillEllipseI
GdipCreateFontFromDC

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

ws2_32

htons
ntohl
htonl

winhttp

WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

Sections

.text
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a38b8032ff10890e62f01961aa2cdcdf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

netapi32

ws2_32

winhttp

urlmon

wininet

Sections

.text Size: 557KB - Virtual size: 556KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 16KB - Virtual size: 82KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 271KB - Virtual size: 271KB

.reloc Size: 95KB - Virtual size: 96KB

.text
Size: 557KB - Virtual size: 556KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 16KB - Virtual size: 82KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 271KB - Virtual size: 271KB

.reloc
Size: 95KB - Virtual size: 96KB