Overview

overview

10

Static

static

10

31ac639868...dc.exe

windows7-x64

10

31ac639868...dc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31ac63986892136dfbcfe6a88f7bb28dc68ea572f01dbc97a67025a03d2a22dc

  • Size

    84KB

  • MD5

    43321069d47fbc0971f2679d177c02d5

  • SHA1

    4e83b771bd805a7ddb3c09a4b5a1085833b22500

  • SHA256

    31ac63986892136dfbcfe6a88f7bb28dc68ea572f01dbc97a67025a03d2a22dc

  • SHA512

    46dad3c69097b80d180bfc214711d5d164577fa4914081ad4d78ad69f5f1f8ff37bc4a0594456d4fedbfa0576eededb58f907f02a03c7f4b7aac3f10781b5a00

  • SSDEEP

    1536:Kc5OSJHk5rzX+KXNuAKf61xY6L+1qHpUq3VC8AaO7y/4iWT+/SAPpzlS1pG9btnM:KNkkRpXNNY61vZJUq3pi7y/4b+/hPpkf

Score
10/10
upxqqpass

Malware Config

Extracted

Family

qqpass

C2

http://cf.qq.com/act/a20141214luxury/?ADTAG=client.btn.detail

Attributes
  • url

    http://i3.tietuku.com/801db876cdcaa96c.png

  • user_agent

    Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Signatures

  • Qqpass family
    qqpass
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 31ac63986892136dfbcfe6a88f7bb28dc68ea572f01dbc97a67025a03d2a22dc
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections