PUP.QQPC.A
Table of Contents
Analysis Report
General information
| Family Name: | PUP.QQPC.A |
|---|---|
| Signature status: | Self Signed |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
296cbdb244b27dbbf24a6b2dc75eb0a4
SHA1:
2efd7794bce308f755642c284141c75c9755aa08
File Size:
3.81 MB, 3809456 bytes
|
|
MD5:
dda4331cc170106dbfd6e421a62d1325
SHA1:
7fca4a781252c3ac3504856d36c0d40d693c5337
File Size:
3.81 MB, 3809456 bytes
|
|
MD5:
4bdef897cb1b0366593ff809de68766f
SHA1:
802e816a9d9207a8c7f46999cea32b82c4fec357
File Size:
3.81 MB, 3809432 bytes
|
|
MD5:
f44a6b7c125d0f778cdfa3989b0ac55d
SHA1:
aad5618c8931681533cf21702b540ebb0a45dc38
File Size:
2.89 MB, 2890512 bytes
|
|
MD5:
bac19f09e86b5bda2d125c894680b4f9
SHA1:
802b956ea540eef4e00955ca9c0e434344bd29c4
File Size:
3.81 MB, 3811944 bytes
|
Show More
|
MD5:
c3817de546d25ca8ab89c74ad761e46a
SHA1:
c3309a37cd4c086feb562eab424aa90e978c3de0
File Size:
474.87 KB, 474872 bytes
|
|
MD5:
f1e6ea2555c54e48c1689b134e2de4fe
SHA1:
f76c4242fd8da7196ea1f547984f735da90dc835
File Size:
1.57 MB, 1565040 bytes
|
|
MD5:
cf7580eb1e665eb1715bfaee3115696c
SHA1:
aadc397fb304ed32e1e69615c55192f3297c11a7
SHA256:
E62D55CEEA4C298D4CACCBBA49532EBE378E22CF08A1C5F206BD786A227BFDCA
File Size:
1.43 MB, 1432824 bytes
|
|
MD5:
8b88a0835a36c0b60781cf9cdf6cba29
SHA1:
8d36353dda31a4edc9c7a2522534f64390f67475
SHA256:
CCF2AAAA92CF15592CF5C9A88906AE4503FED5C5BB3AEBDF52358CB684A103DC
File Size:
3.81 MB, 3809528 bytes
|
|
MD5:
d5a661fd870c63ed412e216511ba4b07
SHA1:
241a5f04bdbae3a969f080aae30d6015daa0928b
SHA256:
3E46DE05814E09F68427B705AC66A751618E0125C8041ACED0127D634FB6C2B6
File Size:
3.81 MB, 3811560 bytes
|
|
MD5:
2092f62ab6d41c2c994ef8ed90ad5680
SHA1:
3d5d1e5fe4ad963cb2987a7e294ef9792ab8d9ad
SHA256:
EA104C506DBA044E17C546E248CD267F80773AFA7245D6A194D38657580574F4
File Size:
3.80 MB, 3798528 bytes
|
|
MD5:
e01884f3ec1813a2aa21c31cba8d881c
SHA1:
304bed6d5907bbbb1742293074ab36275d283f1a
SHA256:
9ACD5193A81737532DD281388D012D1C4C5604B7A0A60F1E1BAA782ED941A122
File Size:
6.67 MB, 6673800 bytes
|
|
MD5:
cc363818920152e52054421572108998
SHA1:
e050d180631931d9f3c2822e398148070c46bcdd
SHA256:
E549A2F1326CE0910FD39AA70016898EB995544F5B7B5288886E60742620917A
File Size:
2.81 MB, 2811680 bytes
|
|
MD5:
b4b149e463eda74195a21306a004d2ca
SHA1:
19068a207b13dace3d93dbcdd9b6cf4970fc7b8d
SHA256:
9DEFF00439038CAD3E3C251200AB2BED3F7FA449580C81BBD7D97ADA136291E3
File Size:
3.81 MB, 3809448 bytes
|
|
MD5:
6dab2a3a3855308dd3372e62e51050e6
SHA1:
0816f47c4321d567fba219e5a8654e4c737cbf77
SHA256:
5A064C2FE8FE25B97BCEB09982888E7C812886910E7B95F21C3D6BC4654398B2
File Size:
6.67 MB, 6673056 bytes
|
|
MD5:
fb9c9e3f0b2500d208ecfd930c63baf2
SHA1:
313eeb48efec056d2e3f59c091f0594a95cb82d3
SHA256:
1768F2BF2197E0C706536107334A1603D3466F2526677C171BA7E5498BB42B97
File Size:
6.68 MB, 6676672 bytes
|
|
MD5:
ac994d76c07bb199b98245f0526f5e8f
SHA1:
dc1dfa611859fe6d8f34b4e343b3b889073aa96a
SHA256:
1B94ABC7AE1B951DE0F9245F9636FB4C6F58F2EF02930A2265A0C709586105C9
File Size:
2.89 MB, 2891520 bytes
|
|
MD5:
9212038f7dd1ef98668cff5fe87c481b
SHA1:
9f03049c71653c9268b6efabad6f24528fd2d409
SHA256:
D990F22845CCED6FF21A58991B0C0EB781DE18693BCF0C6FBC9BEA7B0F3D987E
File Size:
3.81 MB, 3809440 bytes
|
|
MD5:
9530cd03f4ad044483921065d843ac30
SHA1:
f96221516404522efb6241e77154b455e56c9adc
SHA256:
E675923B2E8A80FAABB33E2B880CE46EB7BA0CCC732486B2AE80589B505895E3
File Size:
3.82 MB, 3824296 bytes
|
|
MD5:
71b271534fee25e6ec20adda592c310e
SHA1:
a625027ff0fea3b7e3e6e052e3622fb1a44d4469
SHA256:
AD969CD46EF659EFC138519D3AA127088416FA22BDAE3206810E05AB95510941
File Size:
1.55 MB, 1553704 bytes
|
|
MD5:
be4e15f26236540cccbf0aa48858f08a
SHA1:
85ead7d872f603466ac209cbfe65b714c40c9332
SHA256:
22030FAE817E4E2CA73D7B20B3526FB07A797131768C13E63EFB9763A383ADE3
File Size:
2.89 MB, 2891424 bytes
|
|
MD5:
065cf914c33a2e482a657c81ef07134f
SHA1:
36b5a0303118cd5e6a2575f0e9005e4e01c59231
SHA256:
8057224A5D2D6A891FBC5967F3B9CE47AEB5ABF0625E649F933E91B5DBD45DF6
File Size:
3.81 MB, 3809448 bytes
|
|
MD5:
c7bc81ff95c4af319475f8dc69429423
SHA1:
6baa5d5c08abb985f4b52a1a3bf870f81541b9fc
SHA256:
6D70E1B6FEE966E7466FB968EBF041C899CEE49CFD931609BFD8F0F81A6596D0
File Size:
6.85 MB, 6850984 bytes
|
|
MD5:
bb505ea25de55fd322d611530199c587
SHA1:
16df17192387805041b7d3a9437d28f6677f9fb8
SHA256:
53DAE019E759B6BA7BC64A3031CC6221A7ECBC05A835F28F7A4A3BD50F6645C4
File Size:
7.12 MB, 7122032 bytes
|
|
MD5:
07ab3f573357c7a725ed03507bef8e36
SHA1:
b0fc9bf7df2508deca60bdecb73cd5665a0ba6d1
SHA256:
D04F4095F99E7777045D978C45999B3FCB4A6999D5D6633A1DAC1CAED2F98CE6
File Size:
3.81 MB, 3809440 bytes
|
|
MD5:
655bb4e62fb9fc79e52988f0f0ec78bd
SHA1:
e0a28f60f050b0f7a1f1b3cd12608ef4be2a661f
SHA256:
282C3FDC85B2565A69A758C95FA456A4759A038A5B6495B1D7132D5CAEFCC322
File Size:
3.81 MB, 3809512 bytes
|
|
MD5:
ac68482114f69091e049fecb67ff34c7
SHA1:
572bf44e3909d6291419ccd659b7e187d814a798
SHA256:
237A1420EB56008FE85E59D8C0F3398112A89FEDE58121208D5FC119DA34C079
File Size:
2.89 MB, 2889880 bytes
|
|
MD5:
8359ace52373074b99e7938e26e9e2af
SHA1:
b8155278f399e297824c740a8bbd57d519733c37
SHA256:
DAD6D4FED39D4C57B0E752A8152B464DBF7C24181C30AA539C463E11C7014B21
File Size:
6.85 MB, 6850896 bytes
|
|
MD5:
d02ffe52c208ee0fe7200167794ba165
SHA1:
1d72a9ce403135c953d49f8b7523d76e6fc1ead2
SHA256:
BD63F1DD807A2C3D94A46426FE763C4A5A944F0DE5555EB35AE913493F39BB22
File Size:
1.98 MB, 1980512 bytes
|
|
MD5:
ce8ab3fa7536e0db2af9138e004a0d64
SHA1:
a8f17ebb65c75817350e8249733a8d4f93a19da9
SHA256:
E8EC18EA374AE37C2C41A74DC731EF1BBC8B035ED509A3D042386DEA257F3B7D
File Size:
3.95 MB, 3947770 bytes
|
|
MD5:
3b6565226b8250057e84becc30688c96
SHA1:
4dc81289eb00800c56e716802ccd2d96c657dbde
SHA256:
63E8EA8C6F29138849DD6A8D43B0626C585A3723CF1FDF8014A70FCBB6C85E1B
File Size:
457.92 KB, 457920 bytes
|
|
MD5:
f32d18dd7e87cd6b4272f2fb5212991c
SHA1:
2ce140a0c04091a43b5bcacbc4728a07613c5ed1
SHA256:
E1B879C75159A2E8DF52E98761591AFD116A13C5329BF47E161E847C337B35A1
File Size:
1.57 MB, 1565016 bytes
|
|
MD5:
f182e94e5a1f2e5cfac30d8a23476f23
SHA1:
46f9d256652984dc12d9301959f7bc8cf00818fe
SHA256:
6B99F0EBC200F297C1731C2785544D9BE5C916100C9F81D6FBC88024068983D2
File Size:
3.81 MB, 3809432 bytes
|
|
MD5:
bd7bf18dd5362c4dcaf316a7adec674e
SHA1:
2c84a6c3b9286302e6608b682f0a76404e3e693d
SHA256:
7312B76EE1A8BD48BA5E08C581BFF045797307596309C9E0B5B821DA64C64993
File Size:
3.81 MB, 3809456 bytes
|
|
MD5:
b5d3327748c0366e348c1df0915a8b98
SHA1:
9dc281741e92fd16d3ff27ce840ed7f749cdae28
SHA256:
6060C86E73DE3FDD20BB27EC77A5CB3FCC666CC7927B67C1A74E465FAF41DD00
File Size:
3.81 MB, 3809416 bytes
|
|
MD5:
856407ce1123498f57994f18643ae132
SHA1:
fa34121ccdc2bfa64b8bcc4df843054ec59718f1
SHA256:
295858D72593FF6B670C29CE9E89808E43472503295B494E58458AE736FFA53C
File Size:
3.81 MB, 3809456 bytes
|
|
MD5:
c6fa7191f5f53c866d2d65bf586a825f
SHA1:
6aff2b5b29a0c5c3373836f8717a4d47e3686da7
SHA256:
B47E38265AC87C03CA0FDE45490433B59C860C8AEC11018F9A418283BEF38A78
File Size:
3.81 MB, 3809456 bytes
|
|
MD5:
d2828724dee3251a9acdf39aa26879e9
SHA1:
c2e6ae2291ec1ac19fc47ee2c127f8d2b02e2984
SHA256:
5696B2D1A08879D38FBB9CDE2C25C123E2AC8EE323AD5036E82FCA55A0CC48BA
File Size:
6.68 MB, 6681672 bytes
|
|
MD5:
2aa1debd98218f5b2b3344f8897b9a90
SHA1:
685aff90dbbf187b0e681ba661a0609cad65e1c0
SHA256:
409CAABF101D5B3DDA3DD6D6DF4DF473051DC6D3D6D32A38FAF0D7BC5D12ACAD
File Size:
6.66 MB, 6655536 bytes
|
|
MD5:
a01343144e91ba5d8348af5dfef4845b
SHA1:
39862c59f5a877bda54876ec642be9da4f535f47
SHA256:
B0CDF832D86566EFB773CBE16584E13B04190DD832D79E80B0E1BE70861BD59A
File Size:
3.85 MB, 3849576 bytes
|
|
MD5:
a0e52acac11252f5306e8fc3a4698be3
SHA1:
1ff2d4bef767ffae5374121f079b5ee41927fba9
SHA256:
7E564B8FD01F678D7C8C8A1FF272605402639A95D2F7DE3A4E38131602118FD9
File Size:
3.81 MB, 3809528 bytes
|
|
MD5:
58d4527739314f5db1cb243c5ef91210
SHA1:
fcd0ad3db5d7023186a351f8234a2ce3d549b588
SHA256:
DF420175C9F93DB16549227659FF45D787AAD8AB63CAC85EBF7815717934959B
File Size:
4.58 MB, 4578816 bytes
|
|
MD5:
688999d9fc26cfce55215e362a5fd68c
SHA1:
b065399919afaf11ef3b8aab14185aed3c22a552
SHA256:
6F0B1E0286C340AAFF69EA803E823AF8DAE717F7ED16E698BC44CCA9B95648F0
File Size:
6.69 MB, 6685080 bytes
|
|
MD5:
d16949b0c3c2b8af337acd26d8871bdd
SHA1:
1b2d2e7477d954a979a64dd052b1a59879755e39
SHA256:
A75B620C5EA18607531C02BBF49CE49056D65B283D94419B06607CFFD801CEDF
File Size:
6.69 MB, 6685928 bytes
|
|
MD5:
99fc27cbec810b431e57529a333c156c
SHA1:
4b1b47bdbf9218631442292d530e82572047012e
SHA256:
65E4A2AFDEFC6B54D07C580A9620DA771B9918A894833E8951FB8C1054BE3ADA
File Size:
2.29 MB, 2290888 bytes
|
|
MD5:
7b69a2f2b45e2319d195c67e27931ee1
SHA1:
cd4c0d9c9ded3989bf00a527f0c4e21c105e84b1
SHA256:
60BD8129B8A7CDE895B23C5E165FA8F11D4EB04351E923828C7B485D73DB5B9B
File Size:
3.91 MB, 3911392 bytes
|
|
MD5:
0e18824b3bb76811e2183b2ea01791bb
SHA1:
6bb6e92ae0c868a93f22f6fd8d7de9a83ce5332f
SHA256:
B7891C9BABFCDE83FE066AE370FC213220F4CFC396798FFF537D877024113F01
File Size:
3.81 MB, 3809528 bytes
|
|
MD5:
8ede708532f011dc3d2f5555aaef9766
SHA1:
b4bf1630f6546f41e4e2eb3fd8829fed13ff103f
SHA256:
7328E105D199F5503AB0622A70CA2BE019EAFBF516512EB63883E062FA986997
File Size:
3.81 MB, 3809512 bytes
|
|
MD5:
24a9941e8a683d0d797859aa78564ea1
SHA1:
d15e3e2dd9f87e9c619236049a83d4a0012f02a1
SHA256:
27009605B9E98D125A6F6B391584A216E2A078BB46F0B425BAB422ECBBD74127
File Size:
1.57 MB, 1574989 bytes
|
|
MD5:
307011512ecce564604a0c16c0e12ec5
SHA1:
0fd9928bdbc1aa9cb877e998f44580c2fb316ca0
SHA256:
0FB9DC808AD6E7C13BCE7E74CEC75FB3F972CCD4B78F4D0802591C8A03334D64
File Size:
1.58 MB, 1577672 bytes
|
|
MD5:
36e83666384bc61df9f027e59dfea77a
SHA1:
a108faa31e2e06041f405904f352674d6eafa222
SHA256:
261835851DF3958CEF37329FC4E43FC67FB4C061D22B43E758753EC24F46C56B
File Size:
3.51 MB, 3508952 bytes
|
|
MD5:
3f3097ba7c743f555ab1ffa902b75710
SHA1:
210282dc1292b5603b0bcd4b067a2bd242f9f67a
SHA256:
D38868278CA303888AAE5DDCB1EE97953D0092ADE5563D1264380D73D5BE5D09
File Size:
4.01 MB, 4011508 bytes
|
|
MD5:
a758106ead5203388269bad62357538e
SHA1:
cac7e6069ac6da80f196991908e6906a2b269e49
SHA256:
598943F15E2D5792C36C050E4082C7F8D156E6C3F94A9B8B75870CBF48788A8F
File Size:
3.95 MB, 3950816 bytes
|
|
MD5:
22d4848a11b30a880c114328e1b219bf
SHA1:
e03ea94a428a2ebc89b4093b7116bc6b03a995a6
SHA256:
E471DE1E538E48EB90A9C26DAF3FD0DC69501E5A14407A11499FC7BAC56BDF91
File Size:
1.57 MB, 1565024 bytes
|
|
MD5:
6a2b576a90af4e5d1c638a2cdc5cebac
SHA1:
400dec519718b3de036da4ff9196ebaf40a2ed4c
SHA256:
B6E417C809B01CE80344AA06DCB7CD1D3C0BEAA2C375A02AB9B801B17F243803
File Size:
3.81 MB, 3809472 bytes
|
|
MD5:
9b2dc088a350adf3d28824785030520b
SHA1:
1889389040a197f84529442c3972a29deb67b9f0
SHA256:
1CEDE2CD53B47DAE57F1E1C991676C66E8CB8C522FE220411E000D8CFE77D1A3
File Size:
3.82 MB, 3824384 bytes
|
|
MD5:
beb18c6ce389f87a6b2c6d9a8559e923
SHA1:
d1fe7fd42bb25cf41ba60e16aefbb6ac58267b82
SHA256:
98B67D1FF5B91CFD91C64DDD45C2E45E1CA106C708A475C8EFB154E476E6C792
File Size:
3.81 MB, 3810536 bytes
|
|
MD5:
8459918320b0909df80be50b55d66ec7
SHA1:
18f9c9e944baa4e49da690b161d684561c2a462c
SHA256:
E6D5F4F04896586C8B8115529E2FD25059FA81E9809FC7A0D04B484A4A4A60CA
File Size:
2.81 MB, 2812664 bytes
|
|
MD5:
5b873d4d068f20a3e20b0e22045d024f
SHA1:
15e84a4b05ceb8baebb4ae252b2361c6e83db3d6
SHA256:
EEA30EC5D318A414988FA9075297827ED25A756A3637125DE7D5F1FB21CA2068
File Size:
351.80 KB, 351800 bytes
|
|
MD5:
3b167016b41c65bac32d94f017da10cc
SHA1:
55e33793c357b29e4b7e2885fa27cf0935bf2a26
SHA256:
0139FB2AE548625D80B15AC10F658FD19950228DF60A8B4D80D363B0C9739C9D
File Size:
2.19 MB, 2186968 bytes
|
|
MD5:
a6795b4dcd68112d896c29855f5e63b3
SHA1:
285c43c0b170d9baa08c531143de2cebdad0d8e2
SHA256:
78A4CAB0E77E6784E4CF5D6A87E79E654BD0BF57D0A712FB208164A23A03DA69
File Size:
3.81 MB, 3809512 bytes
|
|
MD5:
73ece497a75296619a01cf2993d7f112
SHA1:
45eb8752e867fb0a8dc638c5d6522ac8b525d3f9
SHA256:
23235C5CDD733CEF4907A916B7B7028DB82860082F55A3AEA7B6962C87D22BE2
File Size:
3.81 MB, 3809448 bytes
|
|
MD5:
3162ffb1015c4fefb1fbdb3a5edb9371
SHA1:
8a6f159f5d3a6824cd2fc8e23b59770ef6e21e20
SHA256:
52C8FFAED30FDC09382A8CCA1F5E9AE5411E500827AC25F0D7D2A54F062E4DEB
File Size:
6.67 MB, 6672760 bytes
|
|
MD5:
49ca83ba887da0070af3c58b408439b6
SHA1:
874621f232cb94582b2b247ede87613447bda03c
SHA256:
A721D1D4F3182AF5B7AD1F3CCBFD457DEE1214A9D6DC90696896C405E6664BB4
File Size:
3.81 MB, 3809512 bytes
|
|
MD5:
9179f2e06a9602c515277a8f4d63605a
SHA1:
53c2256b61cc42854f544cfe4653da3827a94496
SHA256:
284BC8C251CDD540189708C21C9D4E2327CC25209F67C55DD1C28D1513EBE37A
File Size:
3.81 MB, 3810504 bytes
|
|
MD5:
f8a6c36af80a3d867b7cd98970dab49c
SHA1:
dc856e251f2120a601cdccbed4b6254ebb4a00fb
SHA256:
CFD2D17F873C858C2C3294A988E16A3C5887E6F2079FC66F29CAD97D8D17FF2E
File Size:
3.81 MB, 3809504 bytes
|
|
MD5:
5e7cb8beac7bc7ad54836a74d406f2ce
SHA1:
3f947411ae978d68176919e701425910fc5df187
SHA256:
A7B2A15B79818860150F7D3353453903DF833EE475A82AA7374AD25D6BD88C1E
File Size:
2.00 MB, 1999328 bytes
|
|
MD5:
17145f6f4c6d884863cbb1669112c636
SHA1:
7c9a33779c7390402f75b303ea4a126cefde9dc6
SHA256:
C459658B8B0339AA3D7CFC46B644E25FF5CCC5520C5B1808863E6B65DDC9B15A
File Size:
3.81 MB, 3809536 bytes
|
|
MD5:
1e2a0e7c7817e0232047963aa1a28e12
SHA1:
a9e35d7bad65ce9f887047d6eb26760b2b61a100
SHA256:
E0B1330328F2D7B24555E519D2C47D7BCDFCB256BA74FD4A5E07858E89DAD661
File Size:
3.81 MB, 3814072 bytes
|
|
MD5:
9cd5d1f70178479b8fc219672f3b488e
SHA1:
8cbf71df0b14bf64cae7f2dea49aa93a3e71b280
SHA256:
EEAC8AE8A7E4BB9A69A708FB780F29B0534DFC8223A2065F67177A1D7355E954
File Size:
3.95 MB, 3947728 bytes
|
|
MD5:
1db1492b4302be0db9e15c318b00ce5a
SHA1:
12cb726519bd3b45d593d0f5b3358178143dba64
SHA256:
FDBCF8C4E6DF50ECAE604D6D335B3F45544B337D32454DCA45ED0F816CF3F371
File Size:
2.89 MB, 2891432 bytes
|
|
MD5:
976d6eca0014ecedddd6a3ac69d83a5b
SHA1:
162e6b58c83ed1c9ca7df395c72d9832cc1b1944
SHA256:
3D0E85CD003C3B73D0F86AC0443AD7AC6668E15D8BBAA1467B8CA65F912810A9
File Size:
3.81 MB, 3810472 bytes
|
|
MD5:
3064b22479fe65e64292cfc8787175a9
SHA1:
5dabe6256430e4be7ba0b62ffadad16093985e30
SHA256:
3205ADBAD768BAD337F2545B0652360F8DE24BFBCF71DB5AEBF4EED0B20D6537
File Size:
473.89 KB, 473888 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com |
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Tencent Technology(Shenzhen) Company Limited | DigiCert Assured ID Code Signing CA-1 | Hash Mismatch |
| Tencent Technology(Shenzhen) Company Limited | DigiCert Assured ID Code Signing CA-1 | Self Signed |
| Tencent Technology(Shenzhen) Company Limited | DigiCert SHA2 Assured ID Code Signing CA | Hash Mismatch |
| Tencent Technology(Shenzhen) Company Limited | DigiCert SHA2 Assured ID Code Signing CA | Self Signed |
| Tencent Technology (Shenzhen) Company Limited | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Self Signed |
Show More
| Tencent Technology(Shenzhen) Company Limited | Symantec Class 3 SHA256 Code Signing CA | Self Signed |
| Tencent Technology(Shenzhen) Company Limited | VeriSign Class 3 Code Signing 2010 CA | Self Signed |
| Tencent Technology(Shenzhen) Company Limited | VeriSign Class 3 Public Primary Certification Authority - G5 | Root Not Trusted |
File Traits
- dll
- HighEntropy
- imgui
- Installer Manifest
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 1,648 |
|---|---|
| Potentially Malicious Blocks: | 48 |
| Whitelisted Blocks: | 1,108 |
| Unknown Blocks: | 492 |
Visual Map
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
x
x
0
x
0
0
0
0
x
0
x
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
x
0
x
0
0
0
0
x
x
x
x
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
?
?
?
?
?
?
0
?
x
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
0
?
?
?
0
0
?
?
?
0
0
?
?
?
?
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
?
?
?
?
?
0
?
?
?
?
?
0
?
?
0
0
?
0
?
?
?
?
?
?
?
x
?
?
0
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
?
0
?
?
?
?
?
?
?
?
?
?
0
x
x
?
?
0
?
0
0
0
?
?
0
?
?
?
?
0
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
?
x
?
x
x
x
x
x
0
0
?
?
?
?
?
?
?
?
?
?
?
0
0
0
0
0
0
0
?
0
?
?
0
0
0
?
?
0
0
?
?
x
?
0
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
?
0
?
?
0
?
?
0
?
?
?
?
0
?
?
?
?
?
0
0
0
0
0
0
0
?
?
?
?
0
?
?
?
?
?
0
?
?
0
?
?
x
?
?
0
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
0
0
0
?
?
?
?
?
?
0
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
0
x
0
?
?
?
?
0
?
?
?
?
?
?
?
?
?
?
?
0
0
x
?
?
0
?
?
?
?
?
0
0
?
0
?
?
0
0
?
?
?
?
0
?
?
?
?
0
?
x
x
?
?
?
?
?
?
0
0
0
0
0
0
0
0
?
?
?
0
?
?
?
?
0
0
0
0
0
0
0
0
0
?
?
x
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
0
0
?
?
0
?
0
?
0
0
?
0
?
?
0
0
0
0
0
0
?
0
?
?
?
?
?
?
0
0
?
0
?
?
?
0
0
?
?
?
?
0
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
x
?
?
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
0
?
?
?
?
?
0
?
0
0
?
?
?
?
?
0
?
?
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
?
?
?
?
?
?
x
0
?
?
0
0
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
0
0
?
0
?
?
?
?
?
?
?
0
?
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
1
1
?
0
0
0
0
?
?
0
?
?
?
?
?
?
0
?
?
0
?
0
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
?
?
0
0
1
?
?
?
0
?
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
0
?
?
?
?
?
?
?
?
?
x
0
x
x
0
0
0
0
0
0
?
?
?
?
?
?
0
0
?
0
?
?
?
?
?
?
0
?
?
x
?
?
?
0
?
0
2
2
?
?
?
?
?
?
?
?
0
?
0
0
?
?
0
0
0
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
0
?
?
?
0
?
0
0
0
0
0
0
1
2
2
0
0
1
0
0
0
0
1
0
0
1
1
0
0
0
0
0
2
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
1
0
0
1
1
2
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
1
0
0
1
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
3
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
1
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
2
2
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
1
0
0
0
0
0
1
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- CryptBot.B
- QQPC.A
- TrickBooster.A
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| \device\harddisk0\dr0 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| \device\namedpipe\gmdasllogger | Generic Write,Read Attributes |
| c: | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\beacon_sdk64.dll | Generic Write,Read Attributes |
| c:\bugreport64.exe | Generic Write,Read Attributes |
| c:\com.qq.qqpcmgr.json | Generic Write,Read Attributes |
| c:\dbgeng.dll | Generic Write,Read Attributes |
| c:\dbghelp.dll | Generic Write,Read Attributes |
| c:\dr64.dll | Generic Write,Read Attributes |
| c:\extension.crx | Generic Write,Read Attributes |
Show More
| c:\extensionagent.exe | Generic Write,Read Attributes |
| c:\image\bg.svg | Generic Write,Read Attributes |
| c:\image\circle.svg | Generic Write,Read Attributes |
| c:\image\disconnect.png | Generic Write,Read Attributes |
| c:\image\error_close.png | Generic Write,Read Attributes |
| c:\image\error_minisize.png | Generic Write,Read Attributes |
| c:\image\gj_icon.png | Generic Write,Read Attributes |
| c:\image\icon_warn.png | Generic Write,Read Attributes |
| c:\image\net_err-m.png | Generic Write,Read Attributes |
| c:\images\smbweb.ico | Generic Write,Read Attributes |
| c:\installfilterrules.etf | Generic Write,Read Attributes |
| c:\packetblockpage.exe | Generic Write,Read Attributes |
| c:\packetblockpage.rdb | Generic Write,Read Attributes |
| c:\packetblockpage.tpc | Generic Write,Read Attributes |
| c:\plugins\qmnetmon\beacon_sdk64.dll | Generic Write,Read Attributes |
| c:\plugins\systemaidbox\bugreport64.exe | Generic Write,Read Attributes |
| c:\plugins\systemaidbox\qmnetworkmgr64.dll | Generic Write,Read Attributes |
| c:\programdata\synaptics | Synchronize,Write Attributes |
| c:\programdata\synaptics\rcx9bc.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\programdata\synaptics\synaptics.exe | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\programdata\synaptics\synaptics.exe | Synchronize,Write Attributes |
| c:\programdata\synaptics\synaptics.exe | Synchronize,Write Data |
| c:\programdata\tencent\deskupdate\globalmgr.db | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\programdata\tencent\deskupdate\globalmgr.db | Generic Write,Read Attributes |
| c:\programdata\tencent\deskupdate\guid.db | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\programdata\tencent\deskupdate\guidinfo.db | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\programdata\tencent\deskupdate\guidlist.db | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\programdata\tencent\deskupdate\guidreport.dat | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\programdata\tencent\deskupdate\hdd.db | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\qmchromeext.exe | Generic Write,Read Attributes |
| c:\qmextinstaller.dll | Generic Write,Read Attributes |
| c:\qmmemscanner.exe | Generic Write,Read Attributes |
| c:\qmmemscanner64.exe | Generic Write,Read Attributes |
| c:\qmnetworkmgr64.dll | Generic Write,Read Attributes |
| c:\qmupdate\beacon_sdk64.dll | Generic Write,Read Attributes |
| c:\qqpcdownload1975.exe | Generic Write,Read Attributes |
| c:\qqpchwvediodetect.dll | Generic Write,Read Attributes |
| c:\qt64\beacon_sdk64.dll | Generic Write,Read Attributes |
| c:\qt64\dr64.dll | Generic Write,Read Attributes |
| c:\softmgr\beacon_sdk64.dll | Generic Write,Read Attributes |
| c:\softmgr\data\autoinstall.etf | Generic Write,Read Attributes |
| c:\softmgr\data\pinyin.lis | Generic Write,Read Attributes |
| c:\softmgr\data\polyphone.dat | Generic Write,Read Attributes |
| c:\softmgr\data\speech.dat | Generic Write,Read Attributes |
| c:\softmgr\data\support.etf | Generic Write,Read Attributes |
| c:\test.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\tpk\1.0.0.1\def\version.ini | Generic Write,Read Attributes |
| c:\tpk\2.0.13771.702\def\version.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\0816f47c4321d567fba219e5a8654e4c737cbf77_0006673056 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\16df17192387805041b7d3a9437d28f6677f9fb8_0007122032 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\1b2d2e7477d954a979a64dd052b1a59879755e39_0006685928 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\304bed6d5907bbbb1742293074ab36275d283f1a_0006673800 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\313eeb48efec056d2e3f59c091f0594a95cb82d3_0006676672 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\685aff90dbbf187b0e681ba661a0609cad65e1c0_0006655536 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\6baa5d5c08abb985f4b52a1a3bf870f81541b9fc_0006850984 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\8a6f159f5d3a6824cd2fc8e23b59770ef6e21e20_0006672760 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\a850.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\b065399919afaf11ef3b8aab14185aed3c22a552_0006685080 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\b8155278f399e297824c740a8bbd57d519733c37_0006850896 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\bb37.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\c2e6ae2291ec1ac19fc47ee2c127f8d2b02e2984_0006681672 | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\gamedownloadlog\2efd7794bce308f755642c284141c75c9755aa08_0003809456_20250707_191950.log | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\gamedownloadlog\7fca4a781252c3ac3504856d36c0d40d693c5337_0003809456_20250708_135456.log | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\gamedownloadlog\802b956ea540eef4e00955ca9c0e434344bd29c4_0003811944_20250719_194610.log | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\gamedownloadlog\802e816a9d9207a8c7f46999cea32b82c4fec357_0003809432_20250715_092146.log | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\gamedownloadlog\aad5618c8931681533cf21702b540ebb0a45dc38_0002890512_20250718_003210.log | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\gamedownloadlog\f76c4242fd8da7196ea1f547984f735da90dc835_0001565040_20250722_231011.log | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsda96b.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsed96.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsfd82d.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsff4ec.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsff4ec.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsff4ec.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsge2d6.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nshdc27.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsi8a8e.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsj14f.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsj150.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsj150.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsj150.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nskd84d.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nskd84d.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nskd84d.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsm306b.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsm306b.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsm306b.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nspc3e.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nspc3e.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nspc3e.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsqf4dc.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nssa97b.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nssa97b.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nssa97b.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nst1b17.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nst1b27.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nst1b27.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nst1b27.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsud97.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsud97.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsud97.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsw305a.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nswdc37.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nswdc37.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nswdc37.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nswe2e7.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nswe2e7.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nswe2e7.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsx8a9e.tmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsx8a9e.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsx8a9e.tmp\system.dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nszc3d.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\po5bqaw.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\tencentdownload\~20b7fa\beacon_sdk.dll | Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496 |
| c:\users\user\appdata\local\temp\tencentdownload\~20b7fa\qqpcdownload.dll | Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496 |
| c:\users\user\appdata\local\temp\tencentdownload\~20b7fa\setup.xml | Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496 |
| c:\users\user\appdata\local\temp\tencentdownload\~2ca66b\qqpcdownload.dll | Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496 |
| c:\users\user\appdata\local\temp\tencentdownload\~2ca66b\setup.xml | Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496 |
| c:\users\user\appdata\local\tencent\txgameassistant\tgbdownloader\dr.dll | Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496 |
| c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db-journal | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db-shm | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db-wal | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\roaming\tencent\deskupdate\globalmgr.db | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\roaming\tencent\deskupdate\globalmgr.db | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\appdata\roaming\tencent\logs\15e84a4b05ceb8baebb4ae252b2361c6e83db3d6_0000351800.tlg | Generic Write,Read Attributes |
| c:\users\user\appdata\roaming\tencent\logs\4dc81289eb00800c56e716802ccd2d96c657dbde_0000457920.tlg | Generic Write,Read Attributes |
| c:\users\user\appdata\roaming\tencent\logs\5dabe6256430e4be7ba0b62ffadad16093985e30_0000473888.tlg | Generic Write,Read Attributes |
| c:\users\user\appdata\roaming\tencent\logs\c3309a37cd4c086feb562eab424aa90e978c3de0_0000474872.tlg | Generic Write,Read Attributes |
| c:\users\user\appdata\roaming\tencent\mobilegamepc\appmarket3\bc_003008ou5r3b9nuu_05.db | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\roaming\tencent\mobilegamepc\appmarket3\bc_003008ou5r3b9nuu_0e.db | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\roaming\tencent\qmdownload\downloaderrlogfile.log | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\roaming\tencent\qqpcmgr\download\version | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\roaming\tencent\qqpcmgr\download\version | Generic Write,Read Attributes |
| c:\users\user\appdata\roaming\winsl | Synchronize,Write Attributes |
| c:\users\user\appdata\roaming\winsl\l12\20\2025 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\._cache_fcd0ad3db5d7023186a351f8234a2ce3d549b588_0004578816 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\._cache_fcd0ad3db5d7023186a351f8234a2ce3d549b588_0004578816 | Synchronize,Write Attributes |
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKCU\software\tencent\mobilegamepc\beacon::last_sid_2efd7794bce308f755642c284141c75c9755aa08_0003809456.exe | 98E083AA-B386-4674-8D7E-CC7ACA6CD9D2 | RegNtPreCreateKey |
| HKCU\software\tencent\mobilegamepc::temppath | C:\Temp\TxGameDownload\Component\ | RegNtPreCreateKey |
| HKCU\software\tencent\mobilegamepc::userlanguage | en | RegNtPreCreateKey |
| HKCU\software\tencent\mobilegamepc\beacon::last_sid_7fca4a781252c3ac3504856d36c0d40d693c5337_0003809456.exe | F50CCB24-5B61-4097-9B71-360345483119 | RegNtPreCreateKey |
| HKCU\software\tencent\mobilegamepc\beacon::last_sid_802e816a9d9207a8c7f46999cea32b82c4fec357_0003809432.exe | 5B467E24-3154-4E95-B825-1B4FAAAD6407 | RegNtPreCreateKey |
| HKCU\software\tencent\mobilegamepc\beacon::last_sid_aad5618c8931681533cf21702b540ebb0a45dc38_0002890512.exe | E270994D-86E9-4209-9AFE-2EA6EE09694C | RegNtPreCreateKey |
| HKLM\software\wow6432node\tencent\mobilegamepc::supplyid | Ἆ㮞 | RegNtPreCreateKey |
| HKCU\software\tencent\mobilegamepc::keyword | RegNtPreCreateKey | |
| HKCU\software\tencent\mobilegamepc\beacon::last_sid_802b956ea540eef4e00955ca9c0e434344bd29c4_0003811944.exe | 8CA398C2-0213-46EE-94E5-B94C90CF26BF | RegNtPreCreateKey |
| HKCU\software\tencent\todaydo::runtaskqq | aĵ | RegNtPreCreateKey |
Show More
| HKLM\software\wow6432node\tencent\mobilegamepc::supplyid | 㖨 | RegNtPreCreateKey |
| HKCU\software\tencent\mobilegamepc::keyword | a1518 | RegNtPreCreateKey |
| HKLM\software\wow6432node\tencent\qqpcmgrapps\qmdynamicpackage::install | RegNtPreCreateKey | |
| HKLM\software\wow6432node\tencent\qqpcmgrapps\qmdynamicpackage::version | 1.0.0 | RegNtPreCreateKey |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | \??\C:\Users\Rutahkxx\AppData\Local\Temp\nsuD97.tmp\ | RegNtPreCreateKey |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | \??\C:\Users\Monrjhev\AppData\Local\Temp\nsm306B.tmp\ | RegNtPreCreateKey |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | \??\C:\Users\Fqnronmn\AppData\Local\Temp\nsfF4EC.tmp\ | RegNtPreCreateKey |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | \??\C:\Users\Ywudlesz\AppData\Local\Temp\nskD84D.tmp\ | RegNtPreCreateKey |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | \??\C:\Users\Zsvcayex\AppData\Local\Temp\nsx8A9E.tmp\ | RegNtPreCreateKey |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | \??\C:\Users\Zazlxybk\AppData\Local\Temp\nswE2E7.tmp\ | RegNtPreCreateKey |
| HKCU\software\tencent\todaydo::runtaskqq | Ɠĵ | RegNtPreCreateKey |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | \??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9 \??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp \ | RegNtPreCreateKey |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | \??\C:\Windows\SystemTemp\77e37ce0-8214-4414-aced-551c5ae204d7.tmp \??\C:\Windows\SystemTemp\e28eadcf-6ab0-4d8c-8821-7ce9a6aba1 | RegNtPreCreateKey |
| HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries | RegNtPreCreateKey | |
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey | |
| HKLM\software\wow6432node\microsoft\windows\currentversion\run::ss crack retrix | C:\ProgramData\Synaptics\Synaptics.exe | RegNtPreCreateKey |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet | RegNtPreCreateKey | |
| HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect | RegNtPreCreateKey | |
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 | RegNtPreCreateKey | |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4 *1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352 *1\??\C:\P | RegNtPreCreateKey |
| HKLM\system\controlset001\control\session manager::pendingfilerenameoperations | *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52 *1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62 *1\??\C:\P | RegNtPreCreateKey |
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey | |
| HKCU\software\tencent\todaydo::runtaskqq | ♆ĵ | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Network Winsock2 |
|
| Network Info Queried |
|
| Encryption Used |
|
| Network Winsock |
|
| User Data Access |
|
| Network Winhttp |
|
| Keyboard Access |
|
| Anti Debug |
|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Other Suspicious |
|
| Service Control |
|
| Process Manipulation Evasion |
|
| Network Wininet |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1d72a9ce403135c953d49f8b7523d76e6fc1ead2_0001980512.,LiQMAxHB
|
runas c:\users\user\downloads\._cache_fcd0ad3db5d7023186a351f8234a2ce3d549b588_0004578816
|
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate
|