f3a362136f5cac487ca72a2c2a84c42d53a53a6439b758b78fe42238a6d1ecbc

Sharing

Copy URL

Twitter E-mail

General

Target

f3a362136f5cac487ca72a2c2a84c42d53a53a6439b758b78fe42238a6d1ecbc
Size

3.4MB
MD5

4b8e9227815d411021f221117f996a1c
SHA1

c850c03b4f7fd929bd636dc873ef5f5a91b1a795
SHA256

f3a362136f5cac487ca72a2c2a84c42d53a53a6439b758b78fe42238a6d1ecbc
SHA512

d9cb242a97b77f211043c809a1481f101d2d2181daab057a61900cc246717f02a4dd5e3ee26a7d0b4441450593c889c7e027629fd5c0f89a95c56196787eee8a
SSDEEP

49152:VB+2LqyjACyz/kcz+xRm/annofiU0HJs6gXjaEcoiDAkOSc8sb6xTyhXiS8:VBjVjACi/7Pyn7U06sLoi0kOlbbZ8

Score

1^/10

Malware Config

Signatures

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/WinNTSetup_3.9.4.0.exe	nsis_installer_1
static1/unpack001/WinNTSetup_3.9.4.0.exe	nsis_installer_2

Files

f3a362136f5cac487ca72a2c2a84c42d53a53a6439b758b78fe42238a6d1ecbc
.7z
WEiDOWN.COM_微当下载.url
.url
WinNTSetup_3.9.4.0.exe
.exe windows x86

bc77b9a252d627644710848cb34f2b28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetTickCount
ReadFile
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
SetFileAttributesA
GlobalUnlock
GlobalLock
CreateThread
CreateDirectoryA
CreateProcessA
GetTempFileNameA
WriteFile
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
RemoveDirectoryA
lstrcpyA
MoveFileExA
GetFileAttributesA
SetCurrentDirectoryA
GetLastError
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
GetModuleHandleA
LoadLibraryExA
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetDiskFreeSpaceA

user32

GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
DialogBoxParamA
ScreenToClient
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
GetSysColor
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorA
SetCursor
GetClassInfoA
GetWindowLongA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegEnumValueA
LookupPrivilegeValueA

comctl32

ImageList_Destroy
ImageList_AddMasked
ord17
ImageList_Create

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc77b9a252d627644710848cb34f2b28

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 248KB

.ndata Size: - Virtual size: 264KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 248KB

.ndata
Size: - Virtual size: 264KB

.rsrc
Size: 17KB - Virtual size: 17KB