7a74a1544e90e7580b3b68c7d3e8e0d421ef26bc575f527319ed75949290f35d

Sharing

Copy URL

Twitter E-mail

General

Target

7a74a1544e90e7580b3b68c7d3e8e0d421ef26bc575f527319ed75949290f35d
Size

1.1MB
MD5

ff371c37b8c52e822315806f8f1e5901
SHA1

0ff9bd8bc20d1507c67fdcd87c193aac349cda85
SHA256

7a74a1544e90e7580b3b68c7d3e8e0d421ef26bc575f527319ed75949290f35d
SHA512

9ee032760f665b605c31a9f7480e72f725ece6398ac9c77b7fa69f54e9591cff6336d9062c50cce71ddeba28032fb95f915980c4faa9f21d502e112b3b3704ad
SSDEEP

24576:q+oeaXowr7xy9UqPk8RhPKIxuq9bhGRLj2NA+/9gQ5niNx:7oGwr7xy9UqPk8RLAq9bKKNA+/wx

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

7a74a1544e90e7580b3b68c7d3e8e0d421ef26bc575f527319ed75949290f35d
.exe windows x86

cc627b667b06b61c62b1df14a48fab85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
LCMapStringA
CreateFileA
CompareStringA
HeapSize
RtlUnwind
SetFilePointer
VirtualQuery
VirtualProtect
VirtualAlloc
VirtualFree
HeapDestroy
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetEnvironmentVariableA
FlushFileBuffers
TlsGetValue
TlsSetValue
TlsAlloc
ReadFile
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
WideCharToMultiByte
HeapFree
CreateThread
ExitThread
GetFileAttributesA
EnterCriticalSection
ExitProcess
FindClose
GetStringTypeW
FindFirstFileA
GetExitCodeThread
FreeLibrary
GetCommandLineA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
MultiByteToWideChar
LeaveCriticalSection
IsDBCSLeadByteEx
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
VerifyVersionInfoA
VerSetConditionMask
SetEvent
ResetEvent
ReadDirectoryChangesW
QueueUserWorkItem
GetVolumeInformationW
GetModuleHandleA
GetLogicalDrives
GetLastError
GetFileAttributesW
GetDriveTypeW
ExpandEnvironmentStringsW
CreateFileW
CloseHandle
DisableThreadLibraryCalls
SetEndOfFile
FileTimeToLocalFileTime
GetFullPathNameA
GetCurrentDirectoryA
UnmapViewOfFile
CreateFileMappingA
GetFileAttributesExA
GetLongPathNameA
GetModuleFileNameA
MapViewOfFile
FindNextFileA

advapi32

RegOpenKeyExA
GetFileSecurityW
LookupAccountSidW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegEnumKeyA

shell32

SHFileOperationW
SHGetFileInfoW

msvcrt

strstr
strrchr
strncpy
strncmp
strlen
strtol
strchr
memmove
memchr
malloc
free
fflush
swscanf
wcscat
wcscpy
wcslen
fread
fwrite
getenv
gmtime
memcmp
atoi
fputc
localeconv
memset
perror
printf
putchar
puts
qsort
rand
realloc
rename
sprintf
sscanf
strcat
strcpy
strpbrk
time
_getch
atol
strcmp

shlwapi

AssocQueryKeyW
AssocQueryStringW

rpcrt4

RpcRaiseException

ws2_32

WSASend
WSASendTo
WSAStartup
WSAStringToAddressA
WSAWaitForMultipleEvents
accept
bind
connect
WSAEventSelect
getaddrinfo
getnameinfo
getpeername
getservbyname
getsockname
listen
recv
send
setsockopt
shutdown
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAAddressToStringA
freeaddrinfo

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc627b667b06b61c62b1df14a48fab85

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcrt

shlwapi

rpcrt4

ws2_32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 84KB - Virtual size: 2.2MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 84KB - Virtual size: 2.2MB

.rsrc
Size: 8KB - Virtual size: 5KB