c61b8e4b0fe1dec4f2c52e5727a32ebedfcbdd072e25d35ffc1306584320eb06

Sharing

Copy URL

Twitter E-mail

General

Target

c61b8e4b0fe1dec4f2c52e5727a32ebedfcbdd072e25d35ffc1306584320eb06
Size

2.1MB
MD5

e846656e338dcb970e72118d5edfd506
SHA1

bf302f5406f9e51cad9d5e78ceca0d95017275ef
SHA256

c61b8e4b0fe1dec4f2c52e5727a32ebedfcbdd072e25d35ffc1306584320eb06
SHA512

38b47210af18ae24ba2301d00ca46dd41e726c8f1aae059be7be2671be183a8fcbab174c1dd9c2597cdb358b1386c200c10e925ee259fe63ae2786d95d6b1ec8
SSDEEP

49152:1gRUDnXhPG/WTJInNelmNzxb24YJpq+SnTTG4IRPYlI:SShPG/WVKNzxa4gM+1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c61b8e4b0fe1dec4f2c52e5727a32ebedfcbdd072e25d35ffc1306584320eb06

Files

c61b8e4b0fe1dec4f2c52e5727a32ebedfcbdd072e25d35ffc1306584320eb06
.exe windows:5 windows x86 arch:x86

777f177e820a91bcad21af29a0dbb13c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\workspace\qb_driver_service\master\out\Release\TsService.pdb

Imports

kernel32

ReleaseMutex
ReadConsoleInputA
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
Sleep
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetVersionExW
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
GetModuleHandleA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
GetTimeZoneInformation
ReadConsoleW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetOEMCP
GetACP
IsValidCodePage
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
ResetEvent
DeviceIoControl
CreateFileW
GetCurrentProcessId
OpenProcess
SetLastError
GetSystemDirectoryW
LoadLibraryExW
GetModuleHandleExW
ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLocalTime
SystemTimeToFileTime
QueryDosDeviceW
LocalFree
GetCurrentProcess
LoadLibraryW
FreeLibrary
SearchPathW
TerminateProcess
GetTickCount
GetCommandLineW
WTSGetActiveConsoleSessionId
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetSystemDefaultLangID
CreateThread
GetSystemTimeAsFileTime
OpenEventW
IsBadReadPtr
UnregisterWait
TerminateThread
WaitForMultipleObjects
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
GetSystemTime
CreateProcessW
GetExitCodeProcess
GetSystemInfo
WideCharToMultiByte
VirtualFree
GetCurrentThreadId
HeapCreate
FindFirstFileW
FindClose
CreateDirectoryW
RemoveDirectoryW
SetFilePointer
WriteFile
lstrcmpiW
FindNextFileW
GetFullPathNameW
LocalAlloc
GetNativeSystemInfo
OutputDebugStringA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualAllocEx
VirtualQuery
Thread32First
OpenThread
SuspendThread
Thread32Next
Module32FirstW
Module32NextW
DuplicateHandle
SetErrorMode
SetUnhandledExceptionFilter
ReadProcessMemory
WriteProcessMemory
QueueUserWorkItem
EncodePointer
AddAtomW
FindAtomW
DeleteAtom
FileTimeToSystemTime
GetTempFileNameW
CopyFileW
DeleteFileA
OutputDebugStringW
CompareFileTime
GetFileTime
GetCurrentDirectoryW
SystemTimeToTzSpecificLocalTime
GetSystemDefaultLCID
MoveFileExW
lstrlenW
GetFileSizeEx
SetFilePointerEx
OpenFileMappingW
GetTempPathW
SetEndOfFile
GetStdHandle
SetHandleInformation
GlobalFree
IsDebuggerPresent
CreateMutexW
IsProcessorFeaturePresent
GetStringTypeW
FindFirstFileExW
GetDriveTypeW
ExitThread
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
SetConsoleMode

user32

MessageBoxA
GetProcessWindowStation
CreateDesktopW
CloseDesktop
GetCursorPos
KillTimer
DispatchMessageW
TranslateMessage
PeekMessageW
SetTimer
GetUserObjectInformationW

advapi32

ProcessTrace
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
AllocateAndInitializeSid
FreeSid
GetLengthSid
CopySid
CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
GetTokenInformation
ConvertSidToStringSidW
LookupAccountSidW
OpenProcessToken
OpenServiceW
StartServiceW
ControlService
QueryServiceStatusEx
RegCreateKeyExW
CloseServiceHandle
RegCloseKey
RegOpenKeyExW
StartServiceCtrlDispatcherW
RegSetValueExW
CreateServiceW
ChangeServiceConfig2W
ReportEventA
RegisterEventSourceA
DeregisterEventSource
GetUserNameA
LookupAccountNameA
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
RegQueryValueExA
RegOpenKeyExA
AddAccessAllowedAce
InitializeAcl
DuplicateTokenEx
RegCreateKeyW
ControlTraceW
EnableTrace
StartTraceW
CloseTrace
ImpersonateLoggedOnUser
OpenTraceW
RegQueryValueW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
CreateProcessAsUserW
IsValidSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
SetServiceStatus
RegisterServiceCtrlHandlerExW
OpenSCManagerW
RevertToSelf
GetNamedSecurityInfoW

shlwapi

PathGetDriveNumberW
PathRemoveFileSpecW
PathCombineW
PathFindFileNameW
SHCopyKeyW
SHSetValueW
StrStrIW
PathFileExistsA
SHDeleteKeyW
PathRemoveBlanksW
PathRemoveBackslashW
PathFileExistsW
AssocQueryStringW
PathAppendW
SHGetValueW

ws2_32

send
recv
ioctlsocket
WSAGetLastError
socket
connect
setsockopt
accept
inet_ntoa
listen
getsockname
sendto
recvfrom
getsockopt
__WSAFDIsSet
getpeername
closesocket
ntohl
ntohs
htons
bind
htonl
select

wtsapi32

WTSQueryUserToken

dnsapi

DnsFree
DnsQuery_A

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleBaseNameA
GetModuleFileNameExA
GetModuleFileNameExW
GetProcessImageFileNameW

wininet

InternetConnectW
InternetSetOptionW
InternetOpenA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestW

userenv

CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerRegisterIfEx
RpcServerListen
RpcMgmtStopServerListening
NdrServerCall2
RpcServerUnregisterIf
RpcServerUseProtseqEpW

netapi32

NetGetJoinInformation
Netbios
NetApiBufferFree
NetWkstaTransportEnum

winhttp

WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpWriteData
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen

shell32

ord165
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoCreateGuid
CoUninitialize
CoInitialize

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 38KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

777f177e820a91bcad21af29a0dbb13c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

ws2_32

wtsapi32

dnsapi

psapi

wininet

userenv

version

rpcrt4

netapi32

winhttp

shell32

ole32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 343KB - Virtual size: 343KB

.data Size: 38KB - Virtual size: 62KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 142KB - Virtual size: 144KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 343KB - Virtual size: 343KB

.data
Size: 38KB - Virtual size: 62KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 142KB - Virtual size: 144KB