General
-
Target
IObit Uninstaller Pro.exe
-
Size
5.3MB
-
Sample
211107-gnwtrsheh3
-
MD5
179eb02431d74ac80da5689254fa1f0b
-
SHA1
64b289011e17ba3f7de8850fafe7eae787eb1dd7
-
SHA256
8e4ec19445eb1409c602b0956c196f4943189bfd2a4dc230d7cf31c3be4ae277
-
SHA512
155fc255256978ab3e51db60ed0b84f5b8e2aa554565017a096247708643f5f3e342dcf08efdb836447961c83bf522b6b7c96290831caa505e1a5f04dd8eabf5
Static task
static1
Behavioral task
behavioral1
Sample
72A4F42E3A2ABA89A433727FB5E9E26B163F3BC7872A1FFC1B21D73244EBF42B.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
72A4F42E3A2ABA89A433727FB5E9E26B163F3BC7872A1FFC1B21D73244EBF42B.exe
Resource
win10-en-20211104
Malware Config
Extracted
https://www.iobit.com/downloadcenter.php?product=nl-advanced-uninstaller
Targets
-
-
Target
72A4F42E3A2ABA89A433727FB5E9E26B163F3BC7872A1FFC1B21D73244EBF42B
-
Size
5.4MB
-
MD5
b4b62cc70409c96442250f701259df0e
-
SHA1
573cc145d8c3e9e63a2d033fd7082e147088ceb6
-
SHA256
72a4f42e3a2aba89a433727fb5e9e26b163f3bc7872a1ffc1b21d73244ebf42b
-
SHA512
6b99b5ba389dc8bd7df0722a3392def93f29e5854fd695f72d99d1525da531b6990f375f0d4099789a576b1c43e70cf68b5fb6e1940505bbf557377e92bb1aa6
Score10/10-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-