Install_01004[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Install_01004.exe
Size

19.0MB
MD5

c416e8559a5ea1087e19f661c2c20a3a
SHA1

161e5cf6699c4714d345e78af1baab00bb07d37e
SHA256

b017a11ddc3837ac213d11d9531006e9353fbce48bf22199a697dff87f825fa9
SHA512

53f5be738ff598e1996636e7242425faa3dea4ad1c45ffc2cae68074daf7b665e3a7c6c76df318141e89e20fe0920741e77832ae55342e7fa044bc81d9f4786d
SSDEEP

393216:QMjcBVLR/cF460lontgq0GvNnvhWEXsLK3Tsyr1Q2x1whqqe+:QMKH60lontgMphP3TRnx1mVe+

Score

N/A

Malware Config

Signatures

Files

Install_01004.exe
.exe windows x86

9df63c099161bd6d7e82132c54da8a27

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:52:0b:7e:68:78:27:e7:c8:0c:09:2e:a2:82:b1:02
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

09/02/2022, 00:00

Not After

09/02/2023, 23:59

Subject

CN=Frequent Technologies ApS,O=Frequent Technologies ApS,ST=Hovedstaden,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:1a:22:d8:b5:d8:bb:5a:54:f1:41:ed:f2:5d:01:39:2d:f0:58:f3:65:3b:7f:2d:69:99:85:3a:60:4e:24:8a
Signer

Actual PE Digest

d3:1a:22:d8:b5:d8:bb:5a:54:f1:41:ed:f2:5d:01:39:2d:f0:58:f3:65:3b:7f:2d:69:99:85:3a:60:4e:24:8a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Frequent Technologies ApS,O=Frequent Technologies ApS,ST=Hovedstaden,C=DK

09/09/2022, 14:29
Valid: true

Chain 1

CN=Frequent Technologies ApS,O=Frequent Technologies ApS,ST=Hovedstaden,C=DK

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetSystemDirectoryW
HeapFree
GetTickCount64
Sleep
FlushFileBuffers
MulDiv
SetEvent
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetCurrentThread
GetUserDefaultUILanguage
GetOEMCP
GetEnvironmentStringsW
GlobalLock
ReadConsoleW
TlsAlloc
SetLastError
ResetEvent
LeaveCriticalSection
CreateMutexW
ExitThread
ReadFile
GetFileType
GetTimeZoneInformation
GlobalFree
GetModuleFileNameA
HeapReAlloc
GetConsoleCP
SetFilePointerEx
CopyFileW
SystemTimeToTzSpecificLocalTime
IsDebuggerPresent
WaitForSingleObject
FindNextFileA
GetFileSizeEx
GetEnvironmentVariableA
SetThreadPriority
GlobalUnlock
LockResource
RtlUnwind
HeapAlloc
LCMapStringW
GetCurrentDirectoryW
GetUserDefaultLCID
GetCommandLineW
WriteConsoleA
GetNativeSystemInfo
VerSetConditionMask
GetConsoleMode
SetEndOfFile
CreatePipe
LoadLibraryW
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
VerifyVersionInfoW
GetTempFileNameW
GetProcAddress
CompareStringW
ExpandEnvironmentStringsW
AttachConsole
WaitForMultipleObjects
GetEnvironmentVariableW
GetVersionExW
CreateProcessW
FindResourceW
SleepEx
SetNamedPipeHandleState
SetEnvironmentVariableW
GetCommandLineA
LoadResource
EnterCriticalSection
EnumSystemLocalesW
TlsGetValue
GetFileAttributesW
SetCurrentDirectoryW
GetLastError
GetCurrentProcessId
SetConsoleCursorPosition
GetFileAttributesExW
QueryPerformanceCounter
GlobalSize
HeapSize
InitializeCriticalSectionEx
GetModuleHandleA
GetLocaleInfoW
IsValidLocale
SetStdHandle
CreateFileW
FreeLibrary
LoadLibraryExW
IsProcessorFeaturePresent
TerminateProcess
GetFullPathNameW
ExitProcess
SetErrorMode
GetTickCount
GetProcessHeap
FileTimeToSystemTime
QueryPerformanceFrequency
GetLongPathNameW
FormatMessageW
UnhandledExceptionFilter
GetTimeFormatW
TlsSetValue
CreateDirectoryW
TlsFree
FillConsoleOutputCharacterW
PeekNamedPipe
GetStringTypeW
GetCurrentThreadId
CloseHandle
GetExitCodeProcess
GetCurrentProcess
GetStartupInfoW
VirtualQuery
OutputDebugStringW
CreateThread
GetStdHandle
FreeLibraryAndExitThread
FindFirstFileW
WriteFile
GetTempPathW
GetConsoleScreenBufferInfo
WriteConsoleW
GlobalAlloc
InitializeCriticalSection
FindFirstFileExA
LocalFree
FindClose
SetHandleInformation
DecodePointer
GetDateFormatW
GetLogicalDriveStringsW
GlobalHandle
GetModuleHandleExW
RaiseException
GetModuleHandleW
CreateEventW
FreeEnvironmentStringsW
SizeofResource
InitializeSListHead
GetModuleFileNameW
GetFileInformationByHandle
IsValidCodePage
MoveFileExW
GetDriveTypeW
ResumeThread
GetSystemTimeAsFileTime
WaitForSingleObjectEx
SetUnhandledExceptionFilter
DeleteFileW
ReadConsoleOutputCharacterA
FreeConsole
EncodePointer

user32

GetCapture
PostQuitMessage
SetCursorPos
EnableScrollBar
CheckMenuItem
GetMenuItemCount
SetWindowTextW
DestroyAcceleratorTable
ChildWindowFromPointEx
GetMenuItemID
UnregisterClassW
EndDeferWindowPos
IsDialogMessageW
DestroyMenu
DdeDisconnect
UnionRect
GetMessageW
FillRect
DdeUninitialize
DdeFreeStringHandle
PostMessageW
InvalidateRect
GetWindowRect
IsMenu
GetSystemMetrics
VkKeyScanW
SendMessageW
IsIconic
GetClipboardFormatNameW
PeekMessageW
DdeCreateDataHandle
BeginDeferWindowPos
AppendMenuW
OffsetRect
TranslateMessage
DdeCreateStringHandleW
SetWindowLongW
InsertMenuItemW
KillTimer
GetWindow
SetWindowRgn
SetMenuInfo
DdeConnect
EnableMenuItem
InflateRect
CallWindowProcW
LoadCursorW
IsWindowVisible
CheckMenuRadioItem
FlashWindowEx
CopyRect
CreateDialogIndirectParamW
DrawStateW
ValidateRect
TranslateAcceleratorW
GetWindowPlacement
ValidateRgn
BringWindowToTop
SetRect
GetDlgItem
ScreenToClient
PostThreadMessageW
WindowFromPoint
MsgWaitForMultipleObjects
SetMenuItemInfoW
SetRectEmpty
MessageBeep
FindWindowExW
TrackPopupMenu
GetSysColorBrush
SetFocus
DdeGetLastError
ChildWindowFromPoint
GetMenuState
DrawFocusRect
RegisterHotKey
AnimateWindow
SetLayeredWindowAttributes
CreateAcceleratorTableW
GetMenuItemInfoW
LoadIconW
MonitorFromPoint
GetDesktopWindow
DispatchMessageW
RegisterWindowMessageW
GetMessagePos
GetSysColor
DdeFreeDataHandle
GetSubMenu
GetClassNameW
InsertMenuW
SystemParametersInfoW
UnhookWindowsHookEx
GetComboBoxInfo
CreateMenu
GetFocus
EndPaint
ReleaseDC
GetSystemMenu
DdeGetData
EnableWindow
DrawTextW
MonitorFromWindow
DrawFrameControl
CreatePopupMenu
GetUpdateRgn
LoadBitmapW
DestroyIcon
ScrollWindow
UnregisterHotKey
SetCapture
RegisterClipboardFormatW
DeferWindowPos
GetWindowLongW
DrawMenuBar
SetMenu
IsWindow
PtInRect
IsRectEmpty
SetTimer
GetScrollInfo
keybd_event
GetKeyState
IsZoomed
ShowWindow
GetIconInfo
IsWindowEnabled
DefWindowProcW
DrawEdge
DdeClientTransaction
GetDC
WaitForInputIdle
DdeQueryStringW
SetParent
RegisterClassW
CreateWindowExW
CreateDialogParamW
SetForegroundWindow
ReleaseCapture
MessageBoxW
EnumDisplayMonitors
GetAsyncKeyState
DestroyCursor
RemoveMenu
CreateIconIndirect
GetCursorPos
GetClientRect
GetWindowTextW
GetWindowTextLengthW
DdePostAdvise
HideCaret
DdeInitializeW
GetMessageTime
ChangeDisplaySettingsExW
MapWindowPoints
BeginPaint
CallNextHookEx
MapVirtualKeyW
SetWindowPos
ClientToScreen
GetDialogBaseUnits
SetScrollInfo
SetWindowsHookExW
DrawIconEx
GetWindowDC
ModifyMenuW
GetMonitorInfoW
DestroyWindow
SetCursor
UpdateWindow
DdeNameService
GetParent
MoveWindow
GetActiveWindow
LoadImageW
RedrawWindow
GetProcessDefaultLayout
GetCaretBlinkTime
GetDoubleClickTime
EnumDisplaySettingsW
IsClipboardFormatAvailable

ole32

CoLockObjectExternal
OleInitialize
CoTaskMemAlloc
OleIsCurrentClipboard
RegisterDragDrop
OleFlushClipboard
CoCreateInstance
RevokeDragDrop
CoTaskMemFree
OleSetClipboard
OleUninitialize
OleGetClipboard
ReleaseStgMedium

comctl32

ord16
ImageList_Destroy
ImageList_Add
ImageList_Draw
ImageList_GetIconSize
ImageList_Create
ImageList_SetBkColor
ImageList_Replace
ImageList_GetImageInfo
ord17

gdi32

EndDoc
SetWindowExtEx
CreatePen
Arc
GetTextMetricsW
ModifyWorldTransform
SetMapMode
EndPage
GetEnhMetaFileW
SetROP2
StartDocW
BitBlt
GetObjectW
DeleteEnhMetaFile
CreateDCW
CreatePatternBrush
LPtoDP
SetStretchBltMode
GetViewportExtEx
GetGraphicsMode
CreateDIBSection
GetRgnBox
CreateRectRgnIndirect
PlayEnhMetaFile
Polygon
GetNearestPaletteIndex
SetViewportExtEx
ExtSelectClipRgn
GetDeviceCaps
GetDIBColorTable
PolyPolygon
SetViewportOrgEx
StretchBlt
SetWindowOrgEx
GetWindowExtEx
DeleteDC
RectInRegion
GetRegionData
CreateHatchBrush
MaskBlt
SelectPalette
GetTextExtentExPointW
Polyline
Rectangle
CreateBitmapIndirect
CreatePalette
SetBkMode
CreateBitmap
OffsetRgn
SetGraphicsMode
GetStockObject
CombineRgn
StartPage
StretchDIBits
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
CreateDIBitmap
DeleteObject
ExtCreatePen
SelectClipRgn
SetLayout
SetWorldTransform
SetBrushOrgEx
CreateICW
CreateFontIndirectW
SetPixel
ExcludeClipRect
SetPolyFillMode
SetBkColor
SetTextColor
GdiFlush
GetEnhMetaFileHeader
EnumFontFamiliesExW
CloseEnhMetaFile
GetBkColor
SetAbortProc
Ellipse
GetLayout
CreateCompatibleDC
MoveToEx
GetObjectType
CreateCompatibleBitmap
CreateRectRgn
CreateSolidBrush
PolyBezier
DPtoLP
RoundRect
SetDIBColorTable
GetDIBits
ExtCreateRegion
RealizePalette
CreateEnhMetaFileW
GetCharABCWidthsW
GetWorldTransform
EqualRgn
PtInRegion
GetOutlineTextMetricsW
LineTo
GetPixel
GetSystemPaletteEntries
SelectObject
GetPaletteEntries
ExtFloodFill
Pie

shell32

DragQueryFileW
ExtractIconW
ExtractIconExW
DragFinish
SHGetFolderPathW
CommandLineToArgvW
SHGetFileInfoW
ord6
DragQueryPoint
DragAcceptFiles

oleacc

LresultFromObject

uxtheme

IsThemePartDefined
GetThemeBackgroundExtent
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemeSysFont
IsAppThemed
OpenThemeData
GetThemeInt
CloseThemeData
GetThemeFont
IsThemeActive
GetThemeMargins
GetThemeSysColor
DrawThemeBackground
GetThemeColor
GetThemePartSize
GetCurrentThemeName
GetThemeBackgroundContentRect

advapi32

CryptGetHashParam
CryptDestroyHash
GetUserNameW
CryptCreateHash
RegDeleteValueW
RegQueryValueExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
RegCloseKey
CryptHashData
RegEnumValueW
CryptGenRandom
CryptAcquireContextW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
CryptReleaseContext
RegCreateKeyExW

shlwapi

SHAutoComplete

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntoa
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

ws2_32

WSAIoctl
WSAEnumNetworkEvents
getaddrinfo
WSACloseEvent
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSACreateEvent
freeaddrinfo

comdlg32

PrintDlgW
ChooseFontW
PageSetupDlgW
CommDlgExtendedError

msimg32

GradientFill
AlphaBlend

crypt32

CryptDecodeObjectEx
CertFindExtension
CertOpenStore
CertGetNameStringW
CertGetCertificateChain
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
PFXImportCertStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateChain
CryptStringToBinaryW
CryptQueryObject
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateContext

wldap32

ord301
ord73
ord117
ord127
ord26
ord133
ord142
ord145
ord147
ord41
ord167
ord27
ord208
ord14
ord216
ord219
ord46
ord79

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 626KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9df63c099161bd6d7e82132c54da8a27

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

f7:52:0b:7e:68:78:27:e7:c8:0c:09:2e:a2:82:b1:02Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d3:1a:22:d8:b5:d8:bb:5a:54:f1:41:ed:f2:5d:01:39:2d:f0:58:f3:65:3b:7f:2d:69:99:85:3a:60:4e:24:8aSigner

Signature Validations

Verification

09/09/2022, 14:29 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

comctl32

gdi32

shell32

oleacc

uxtheme

advapi32

shlwapi

wsock32

ws2_32

comdlg32

msimg32

crypt32

wldap32

winspool.drv

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 626KB - Virtual size: 625KB

.data Size: 1.1MB - Virtual size: 1.1MB

.00cfg Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 157KB - Virtual size: 156KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

f7:52:0b:7e:68:78:27:e7:c8:0c:09:2e:a2:82:b1:02
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d3:1a:22:d8:b5:d8:bb:5a:54:f1:41:ed:f2:5d:01:39:2d:f0:58:f3:65:3b:7f:2d:69:99:85:3a:60:4e:24:8a
Signer

09/09/2022, 14:29
Valid: true

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 626KB - Virtual size: 625KB

.data
Size: 1.1MB - Virtual size: 1.1MB

.00cfg
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 157KB - Virtual size: 156KB