PUP.QQPC.AA

Analysis Report

General information

Family Name: PUP.QQPC.AA
Signature status: Self Signed

Known Samples

MD5: 1553ffa3614c5a7e3356e4bbb2f924eb
SHA1: a3fc420c5314d6fa94f258dd9944a6218421bb2d
SHA256: D37DC3191072EC04BB4ABE2D4459F280E0F51B0B3B53937F7C67037D73DC6A9B
File Size: 4.67 MB, 4674880 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
Tencent Technology(Shenzhen) Company Limited Symantec Class 3 SHA256 Code Signing CA Self Signed
Tencent Technology(Shenzhen) Company Limited VeriSign Class 3 Code Signing 2010 CA Self Signed

File Traits

  • dll
  • HighEntropy
  • VirtualQueryEx
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 9,103
Potentially Malicious Blocks: 1,720
Whitelisted Blocks: 7,017
Unknown Blocks: 366

Visual Map

x ? x x x x x ? x x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x ? ? x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 x x 0 x x x x x x x x x x x x 0 x x x 0 0 x x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x ? x x x x x x ? x x x 0 x x 0 0 x 0 0 0 x x x 0 0 0 0 0 0 x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 ? x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 ? ? x ? x 0 0 ? 0 x x x 0 0 ? x 0 x 0 x x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 x x x x x 1 x ? x x x x x 0 0 0 0 x x 0 x 0 x 0 0 x x x 0 0 x 0 0 ? x x x x x x ? 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x x 0 x x 0 0 0 x x 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 x ? ? 0 0 0 x 0 0 0 x x ? x x ? ? x x 0 x x x ? 0 0 0 0 0 0 0 0 0 x x 0 x x x x x x x x 0 0 x x x x x 0 0 x x x ? x 0 0 0 0 x x x 0 x x x x x x x x x x x x x x x x x 0 x x x x ? x x x x x x ? x x x x x ? x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x ? x x 0 0 0 0 0 0 0 x 0 x x x x x 0 x x 0 x x x ? 0 0 x x x x x x x 0 0 0 0 x ? x x 0 x 0 x 0 x x 0 x 0 x 0 x x x ? 0 x 0 0 x 0 0 0 x 0 0 0 x x x x x x x x x x x 0 0 x 0 0 x x x x x ? ? x 0 x x x x x x x x x 0 x x x x x x x x x x x 0 x ? x x x x x x ? ? x ? ? x x ? x ? x ? x x 0 x x x x x x 0 x 0 x x x ? x x x x x x x ? x 0 0 x x x x x ? 0 x 0 0 x x 0 x x x 0 0 ? 0 x 0 x x x x 0 x x 0 0 x x x x 0 ? x x x x x ? ? ? ? x ? ? ? ? x x ? ? 0 x x 0 x ? x x x x x ? ? ? ? x ? x ? ? ? 0 x ? x x x 0 0 ? ? 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x ? x x x x x x x x x 0 0 0 0 0 0 0 0 x x x x 0 0 x x x x 0 0 0 0 x x x x x x x x x x 0 0 0 x 0 ? x ? 0 x x ? x x x 0 x 0 x x x 0 x 0 0 0 0 x x 0 x x x x 0 0 0 0 ? 0 x x ? x ? ? ? x x x x ? ? ? x x x x x x ? x x x x ? ? ? x x x x x x x ? ? ? ? ? x x x 0 x x 0 0 x x x x x x x x x x x ? x x x x x x x x x x x ? ? ? ? x ? x x x x x x 0 x 0 x x x x x ? x ? x ? x x x x x x x x x x x x ? x ? ? x x ? x x 0 0 x 0 0 0 0 0 x 0 0 x 0 0 x 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x x ? x x x 0 0 0 0 0 0 0 x x x ? x x x x x x x x x 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 x 0 0 ? x x x x 0 0 0 x 0 x x x x x x ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x ? x 0 0 x 0 x x x 0 0 0 x x x x x x x ? 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 x x x x x x x x x x 0 x ? x x 0 x 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 x x x 0 0 0 0 x 0 x 0 x x 0 x x x x x x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 x x x 0 x 0 x x x 0 x x 0 x 0 x 0 0 x 0 x x x x x x 0 x x 0 0 x 1 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 x 0 x x 0 x x x x x x x 0 x x x x 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 x 0 1 0 x x x x 0 x x x 0 0 0 0 0 x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 x x x 0 x 0 x x x x 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x x 0 x x x 0 x x 0 x 0 x x 0 x x x x x x x x x x x x x x 0 x x x x x x x x x 0 0 x x 0 x x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 x x x 0 0 0 x x x x x x 0 x x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 ? ? 0 x 0 0 0 0 x x 0 0 x 0 x 0 x 0 x x x 0 0 x x x x x ? ? ? 0 x x 0 x 0 x x x x ? x ? ? x x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a3fc420c5314d6fa94f258dd9944a6218421bb2d_0004674880.,LiQMAxHB

Trending

Most Viewed

Loading...