5cef7133faa89b45e8153158df16a7d894a09b1cd195a8bc5444d9bbcb4fbedb

Sharing

Copy URL

Twitter E-mail

General

Target

5cef7133faa89b45e8153158df16a7d894a09b1cd195a8bc5444d9bbcb4fbedb
Size

1.1MB
MD5

f5d391d63c0a3ecd374172b7033ad6d0
SHA1

3a7d750516594c72c0e88ea823c4059457eef143
SHA256

5cef7133faa89b45e8153158df16a7d894a09b1cd195a8bc5444d9bbcb4fbedb
SHA512

7bb18f679f303c69bf269033b13cfc13d31a821d74d0d000e45439cf59fb3c34728915bf38235f7695da1e933425d5a42d2abc63f29ad0f294105c762d9fc8cd
SSDEEP

24576:v+oeFzXoi57xZJyk7bI2Ex7qCjkersuY/pRqSGc8MY:Go7i57xZdnIZuC/QuYRRqSd/Y

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

5cef7133faa89b45e8153158df16a7d894a09b1cd195a8bc5444d9bbcb4fbedb
.exe windows x86

cc627b667b06b61c62b1df14a48fab85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
LCMapStringA
CreateFileA
CompareStringA
HeapSize
RtlUnwind
SetFilePointer
VirtualQuery
VirtualProtect
VirtualAlloc
VirtualFree
HeapDestroy
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetEnvironmentVariableA
FlushFileBuffers
TlsGetValue
TlsSetValue
TlsAlloc
ReadFile
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
WideCharToMultiByte
HeapFree
CreateThread
ExitThread
GetFileAttributesA
EnterCriticalSection
ExitProcess
FindClose
GetStringTypeW
FindFirstFileA
GetExitCodeThread
FreeLibrary
GetCommandLineA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
MultiByteToWideChar
LeaveCriticalSection
IsDBCSLeadByteEx
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
VerifyVersionInfoA
VerSetConditionMask
SetEvent
ResetEvent
ReadDirectoryChangesW
QueueUserWorkItem
GetVolumeInformationW
GetModuleHandleA
GetLogicalDrives
GetLastError
GetFileAttributesW
GetDriveTypeW
ExpandEnvironmentStringsW
CreateFileW
CloseHandle
DisableThreadLibraryCalls
SetEndOfFile
FileTimeToLocalFileTime
GetFullPathNameA
GetCurrentDirectoryA
UnmapViewOfFile
CreateFileMappingA
GetFileAttributesExA
GetLongPathNameA
GetModuleFileNameA
MapViewOfFile
FindNextFileA

advapi32

RegOpenKeyExA
GetFileSecurityW
LookupAccountSidW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegEnumKeyA

shell32

SHFileOperationW
SHGetFileInfoW

msvcrt

strstr
strrchr
strncpy
strncmp
strlen
strtol
strchr
memmove
memchr
malloc
free
fflush
swscanf
wcscat
wcscpy
wcslen
fread
fwrite
getenv
gmtime
memcmp
atoi
fputc
localeconv
memset
perror
printf
putchar
puts
qsort
rand
realloc
rename
sprintf
sscanf
strcat
strcpy
strpbrk
time
_getch
atol
strcmp

shlwapi

AssocQueryKeyW
AssocQueryStringW

rpcrt4

RpcRaiseException

ws2_32

WSASend
WSASendTo
WSAStartup
WSAStringToAddressA
WSAWaitForMultipleEvents
accept
bind
connect
WSAEventSelect
getaddrinfo
getnameinfo
getpeername
getservbyname
getsockname
listen
recv
send
setsockopt
shutdown
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAAddressToStringA
freeaddrinfo

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc627b667b06b61c62b1df14a48fab85

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcrt

shlwapi

rpcrt4

ws2_32

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 84KB - Virtual size: 2.2MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 84KB - Virtual size: 2.2MB

.rsrc
Size: 8KB - Virtual size: 5KB