QuarkPC[.]exe | Triage

Resubmissions

31/03/2025, 15:25

250331-st3p2svps7 10

Sharing

Copy URL

Twitter E-mail

General

Target

QuarkPC.exe
Size

234.0MB
MD5

2668f14280f019ff282536aab3269571
SHA1

177c5d0d1a90233514c10e8c2a91503fb4390b40
SHA256

82f016b7f71f4eb3e5dc93f1dbc8d44f2fca707107e5e86b64de356ffc92ca6b
SHA512

741d52eaa9c6077819c03ea2736751c2a2966089d82dc5e013d79f8f798510c2aa989c0004c95193e0151ecef906ca47d19523f4ee58efacc5cac17db1b0bfa4
SSDEEP

6291456:fuum0tMgaGIOvFH/nF6jxaUsDg9SxsaXnLLgBfNShzbFNsmOLXYfyX:2umADahSp/FIamQx93PglkzBNsmOTL

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
QuarkPC.exe
unpack001/$APPDATA/Promotions/Update.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll

Files

QuarkPC.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Promotions/Config.ini
$APPDATA/Promotions/Config2.ini
$APPDATA/Promotions/Logs.vbs
.vbs
$APPDATA/Promotions/Promotions.ps1
.ps1
$APPDATA/Promotions/Update.dll
.dll windows:6 windows x86 arch:x86

d181040a9e213eccfb043c56a4a65076

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
QueryPerformanceFrequency
VirtualQuery
GetSystemInfo
FindNextFileW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
RaiseException
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
GetOEMCP
ReleaseSRWLockExclusive
GetWindowsDirectoryW
FindResourceExW
GetUserDefaultLCID
GetTempFileNameW
Sleep
SearchPathW
GetProfileIntW
GetTickCount64
GetTempPathW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
VirtualProtect
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
VerifyVersionInfoW
VerSetConditionMask
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
GlobalReAlloc
GetFileSize
GetFileAttributesW
CreateFileW
lstrcpyW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
MultiByteToWideChar
lstrcmpA
GetVersionExW
GetCurrentThread
ResumeThread
SetThreadPriority
WaitForSingleObject
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalSize
GlobalAlloc
WideCharToMultiByte
GlobalGetAtomNameW
GlobalLock
GlobalUnlock
GetCurrentProcessId
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
LockFileEx
CloseHandle
DeleteFileA
CreateFileA
GetFileAttributesA
CreateMutexA
UnlockFileEx
VirtualAlloc
VirtualFree
HeapFree
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
WriteConsoleW

user32

KillTimer
SetTimer
WaitMessage
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageW
DrawStateW
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
DestroyCursor
InflateRect
ClientToScreen
GetCursorPos
SetCursorPos
ReleaseDC
GetDC
SetCapture
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
GetWindowThreadProcessId
GetDesktopWindow
IntersectRect
SetCursor
InvalidateRect
InsertMenuItemW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
ReleaseCapture
GetActiveWindow
BringWindowToTop
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
CreateDialogIndirectParamW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetClassNameW
SetWindowLongW
GetWindowLongW
PtInRect
DestroyAcceleratorTable
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
SetClassLongW
DrawFrameControl
GetMenuItemInfoW
SendMessageW
EnableWindow
LoadCursorW
UpdateWindow
SetActiveWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
EndDialog
GetNextDlgTabItem
MessageBeep
SystemParametersInfoW
MonitorFromPoint
PostThreadMessageW
TrackMouseEvent
CharUpperW
GetAsyncKeyState
GetSystemMenu
DeleteMenu
WindowFromPoint
NotifyWinEvent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CopyImage
CharUpperBuffW
LockWindowUpdate
UpdateLayeredWindow
EnableScrollBar
LoadAcceleratorsW
LoadMenuW
MessageBoxA
RegisterWindowMessageW
PostMessageW
IsWindow
DestroyWindow
IsWindowVisible
SetRect
IsIconic
IsZoomed
GetCapture
GetSystemMetrics
SetForegroundWindow
SetWindowRgn
RedrawWindow
GetClientRect
GetWindowRect
SetRectEmpty
CopyRect
OffsetRect
IsRectEmpty
GetClassLongW
GetParent
SetParent
GetTopWindow
GetWindow
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
ModifyMenuW
SetLayeredWindowAttributes
GetSysColorBrush
EnumDisplayMonitors
UnionRect
DrawEdge
DrawFocusRect
DrawIconEx
InvertRect
HideCaret
GetWindowRgn
MapVirtualKeyExW
IsCharLowerW
CreateMenu
GetDoubleClickTime
GetComboBoxInfo
GetUpdateRect
SubtractRect
IsClipboardFormatAvailable
GetNextDlgGroupItem
FrameRect
CopyIcon
GetIconInfo
SetMenuDefaultItem
GetMenuDefaultItem
RegisterClipboardFormatW
EnumChildWindows
CopyAcceleratorTableW
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawIcon
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
RealChildWindowFromPoint
SendDlgItemMessageA
EqualRect

gdi32

BitBlt
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
CreateBitmap
ScaleWindowExtEx
GetTextExtentPoint32W
CreateRoundRectRgn
CombineRgn
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
CreateDIBitmap
CreateFontIndirectW
CreateRectRgnIndirect
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
SetRectRgn
DPtoLP
LPtoDP
GetRgnBox
OffsetRgn
Rectangle
CreatePalette
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
RoundRect
GetTextFaceW
SetPixelV
PatBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateCompatibleBitmap
SetTextColor
SetBkColor
GetObjectW
CreateDIBSection
SelectObject
DeleteObject
CreateCompatibleDC
ScaleViewportExtEx
CreatePen
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

DragQueryFileW
DragFinish
SHAppBarMessage
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetFolderPathA

shlwapi

PathFindExtensionW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsUNCW
PathFindFileNameW

uxtheme

GetCurrentThemeName
GetThemeSysColor
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeColor
DrawThemeBackground
IsAppThemed
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData

ole32

OleLockRunning
OleGetClipboard
CoLockObjectExternal
DoDragDrop
CoDisconnectObject
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
RegisterDragDrop
RevokeDragDrop

oleaut32

LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
SysStringLen
VariantCopy
VariantClear
VarBstrFromDate
SysFreeString
SysAllocString
VariantInit
SysAllocStringLen

gdiplus

GdipDrawImageI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits

ws2_32

WSASetLastError
WSACleanup
WSAStartup

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Exports

Exports

UpdateMain

Sections

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 77B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 986KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

rdatas
Size: 14.7MB - Virtual size: 14.7MB

IMAGE_SCN_MEM_READ
$LOCALAPPDATA/Config.ini
$LOCALAPPDATA/Config2.ini
$LOCALAPPDATA/Protected.ini
$LOCALAPPDATA/Protected.json
$LOCALAPPDATA/Protected_R.exe
.exe windows:5 windows x64 arch:x64

bfe14df6b9a5b1e0b632d6ef69e449c0

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:a5:4f:9a:60:72:5e:0d:82:4a:fd:63:15:27:ab:4a:fb:d8:12:e0:a5:ea:57:43:23:91:f9:8c:40:d5:63:34
Signer

Actual PE Digest

b8:a5:4f:9a:60:72:5e:0d:82:4a:fd:63:15:27:ab:4a:fb:d8:12:e0:a5:ea:57:43:23:91:f9:8c:40:d5:63:34

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\e\src\out\Release_x64\msedge_pwa_launcher.exe.pdb

Imports

advapi32

CreateProcessAsUserW
CreateProcessWithTokenW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
EventRegister
EventSetInformation
EventUnregister
EventWrite
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

winmm

timeGetTime

kernel32

AcquireSRWLockExclusive
AssignProcessToJobObject
CancelIo
CloseHandle
CompareStringW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProductInfo
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetWindowsDirectoryW
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleInformation
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetHandleInformation
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW
lstrlenA

ntdll

NtClose
NtOpenKeyEx
NtQueryValueKey
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
RtlGetLastNtStatus
RtlInitUnicodeString

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

user32

AllowSetForegroundWindow
GetActiveWindow

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW

ole32

CoTaskMemFree

Exports

Exports

GetHandleVerifier
OQS_CPU_has_extension
OQS_KEM_alg_count
OQS_KEM_alg_identifier
OQS_KEM_alg_is_enabled
OQS_KEM_decaps
OQS_KEM_encaps
OQS_KEM_free
OQS_KEM_keypair
OQS_KEM_kyber_768_decaps
OQS_KEM_kyber_768_encaps
OQS_KEM_kyber_768_keypair
OQS_KEM_new
OQS_MEM_cleanse
OQS_MEM_insecure_free
OQS_MEM_secure_bcmp
OQS_MEM_secure_free
OQS_SIG_alg_count
OQS_SIG_alg_identifier
OQS_SIG_alg_is_enabled
OQS_SIG_free
OQS_SIG_keypair
OQS_SIG_new
OQS_SIG_sign
OQS_SIG_verify
OQS_init
OQS_randombytes
OQS_randombytes_custom_algorithm
OQS_randombytes_nist_kat_init_256bit
OQS_randombytes_switch_algorithm
OQS_version

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 184B

.tls
Size: 512B - Virtual size: 425B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LZMADEC
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/R.aps
$LOCALAPPDATA/SGuardSvc32.exe
.exe windows:4 windows x86 arch:x86

086a7325b37d216501ba79c81c613cc6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1
Signer

Actual PE Digest

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\vqq_debug\release\pdb\QQWubiFace.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

kernel32

CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
DeviceIoControl
ProcessIdToSessionId
GlobalFree
GetDriveTypeW
SetEndOfFile
CreateDirectoryW
GetFileType
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
HeapCreate
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
LCMapStringW
LCMapStringA
GetPrivateProfileStringW
GetModuleHandleA
RtlUnwind
GetStartupInfoW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
GetPrivateProfileIntW
GetCPInfo
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
GetEnvironmentStrings
CompareStringW
SetEnvironmentVariableA
GetFullPathNameW
CreateMutexW
OpenMutexW
LocalFree
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetTickCount
FindNextFileW
GetFileAttributesW
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
CopyFileW
GetProcAddress
LoadLibraryW
SetFilePointer
GetCurrentProcessId
DeleteFileW
GetModuleFileNameA
WriteFile
VirtualQueryEx
GetVersionExW
WritePrivateProfileStringW
CreateFileA
ReadProcessMemory
SetUnhandledExceptionFilter
FreeLibrary
VirtualQuery
GetCurrentThread
GetThreadSelectorEntry
GetCommandLineW
GetLongPathNameW
GetModuleFileNameW
TerminateThread
MultiByteToWideChar
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
InterlockedDecrement
FindClose
FindFirstFileW
InterlockedIncrement
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
Sleep
CreateThread
CloseHandle
ReadFile
CreateFileW
GetLastError
ReleaseMutex
WaitForSingleObject
GetDriveTypeA
ExitProcess

user32

OffsetRect
RegisterClassExW
GetClassInfoExW
UnregisterClassW
DefWindowProcW
FillRect
WindowFromPoint
RegisterClipboardFormatW
GetClipboardData
MonitorFromPoint
GetMonitorInfoW
SetPropW
ShowScrollBar
SetScrollInfo
GetParent
GetDesktopWindow
GetWindow
GetPropW
ScrollWindow
SetScrollPos
DispatchMessageW
TranslateMessage
GetMessageW
SystemParametersInfoW
SetForegroundWindow
IsIconic
IsWindowVisible
GetWindowLongW
GetDlgItem
LoadImageW
UnregisterClassA
SendMessageW
SetWindowTextW
LoadIconW
CopyRect
DestroyIcon
DestroyWindow
LoadBitmapW
SetWindowPos
ShowCursor
IsWindow
CreateWindowExW
GetCapture
ShowWindow
CreateDialogParamW
SetWindowRgn
MoveWindow
EnableWindow
CloseClipboard
ClientToScreen
EmptyClipboard
OpenClipboard
PtInRect
GetCursorPos
GetWindowRect
ScreenToClient
EndPaint
GetDC
BeginPaint
GetClientRect
PostQuitMessage
DrawTextW
KillTimer
SetTimer
UpdateWindow
InvalidateRect
TrackMouseEvent
LoadCursorW
SendInput
ReleaseDC
SetCursor
GetMessageExtraInfo
EnumClipboardFormats
SetWindowLongW
SetClipboardData

gdi32

GetDeviceCaps
CreateDIBSection
GetClipBox
SaveDC
CreateFontIndirectW
StretchBlt
GetStockObject
GetObjectW
SetTextColor
SetBkMode
CreateRoundRectRgn
CreatePen
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
CreateFontW
ExtTextOutW
DeleteDC
LineTo
DeleteObject
MoveToEx
CreateSolidBrush
SetDIBitsToDevice
SetStretchBltMode
GetDIBits
RestoreDC
BitBlt

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExA
LookupAccountSidW
ConvertSidToStringSidW
LookupAccountNameW
RegQueryValueExA
OpenProcessToken

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CreateILockBytesOnHGlobal
StgOpenStorage
CoUninitialize
CoCreateGuid
CoInitialize
StgOpenStorageOnILockBytes
CoTaskMemFree
StgCreateDocfile

shlwapi

PathRemoveFileSpecW
PathFileExistsW

comctl32

ord17
_TrackMouseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAStartup
sendto
gethostbyname
closesocket
socket
htons
WSACleanup

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

Sections

.text
Size: 584KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
GetPrivateProfileIntW
SetFilePointer
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetPrivateProfileStringW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
WriteFile
GlobalAlloc

user32

PtInRect
LoadCursorW
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
MapWindowPoints

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

68b7023f8923dd087549802f8fa631c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

CharNextExA
CharNextW
CharPrevW
FindWindowExW
wsprintfW
SendMessageW

kernel32

GetCommandLineW
lstrcpynW
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreatePipe
GetVersion
DeleteFileW
lstrcmpiW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Text
.ps1
QuarkPC.exe
.exe windows:6 windows x86 arch:x86

5a594319a0d69dbc452e748bcf05892e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:22:78:6f:c0:e1:c4:68:34:66:eb:3b:72:f0:68
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2024, 00:00

Not After

28/08/2027, 23:59

Subject

SERIALNUMBER=91330100716105852F,CN=ALIBABA (CHINA) NETWORK TECHNOLOGY CO.\,LTD.,O=ALIBABA (CHINA) NETWORK TECHNOLOGY CO.\,LTD.,L=杭州市,ST=浙江省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c21e69dade5b79ee9ab98e696b0e68a80e69cafe4baa7e4b89ae5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Dummy issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:9f:90:74:61:4b:67:ce:ec:27:e6:41:03:50:9f:a9:34:af:e3:16:a0:64:8b:14:0e:73:83:ac:d0:8f:70:14
Signer

Actual PE Digest

32:9f:90:74:61:4b:67:ce:ec:27:e6:41:03:50:9f:a9:34:af:e3:16:a0:64:8b:14:0e:73:83:ac:d0:8f:70:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 425KB - Virtual size: 425KB

d181040a9e213eccfb043c56a4a65076

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

ws2_32

oleacc

imm32

winmm

Exports

Exports

Sections

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 23KB - Virtual size: 40KB

.edata Size: 512B - Virtual size: 77B

.xdata Size: 60KB - Virtual size: 60KB

.rsrc Size: 986KB - Virtual size: 985KB

.reloc Size: 139KB - Virtual size: 139KB

rdatas Size: 14.7MB - Virtual size: 14.7MB

bfe14df6b9a5b1e0b632d6ef69e449c0

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3eCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

b8:a5:4f:9a:60:72:5e:0d:82:4a:fd:63:15:27:ab:4a:fb:d8:12:e0:a5:ea:57:43:23:91:f9:8c:40:d5:63:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

dbghelp

winmm

kernel32

ntdll

userenv

user32

shell32

ole32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 425KB - Virtual size: 425KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 23KB - Virtual size: 40KB

.edata
Size: 512B - Virtual size: 77B

.xdata
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 986KB - Virtual size: 985KB

.reloc
Size: 139KB - Virtual size: 139KB

rdatas
Size: 14.7MB - Virtual size: 14.7MB

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b8:a5:4f:9a:60:72:5e:0d:82:4a:fd:63:15:27:ab:4a:fb:d8:12:e0:a5:ea:57:43:23:91:f9:8c:40:d5:63:34
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 507KB - Virtual size: 507KB

.data
Size: 65KB - Virtual size: 119KB

.pdata
Size: 49KB - Virtual size: 49KB

.00cfg
Size: 512B - Virtual size: 48B

.gxfg
Size: 12KB - Virtual size: 12KB

.retplne
Size: 512B - Virtual size: 184B

.tls
Size: 512B - Virtual size: 425B

LZMADEC
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

malloc_h
Size: 512B - Virtual size: 226B

.rsrc
Size: 136KB - Virtual size: 136KB

.reloc
Size: 7KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1
Signer

.text
Size: 584KB - Virtual size: 582KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB