5af9c676abb1b49297dc1a9f7d390254a505847d0f8b06c408989cb8421ce7e3

Sharing

Copy URL

Twitter E-mail

General

Target

5af9c676abb1b49297dc1a9f7d390254a505847d0f8b06c408989cb8421ce7e3
Size

256KB
MD5

85f6450b0f26e881976c1fb736315e5e
SHA1

4e90fdee3e6d42da462b5bd0229bb98f00f234a4
SHA256

5af9c676abb1b49297dc1a9f7d390254a505847d0f8b06c408989cb8421ce7e3
SHA512

cab513a8078a6805f9313b09a5ddf947ccf9b2ae9d602833d56dc52682776a9a482963eed977c5ad4cd23cd9411b1b6cb6394143dd42f302972b5bd2d80bdb6c
SSDEEP

3072:ccH3OFw+B7FTHABhvYOdK10bbE75S/5BGLtWpubW+7xbowdwcIfSM:7H+G+B7WBleqbgc/foAB+7xbtTM

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

5af9c676abb1b49297dc1a9f7d390254a505847d0f8b06c408989cb8421ce7e3
.exe windows x86

cc627b667b06b61c62b1df14a48fab85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
LCMapStringA
CreateFileA
CompareStringA
HeapSize
RtlUnwind
SetFilePointer
VirtualQuery
VirtualProtect
VirtualAlloc
VirtualFree
HeapDestroy
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetEnvironmentVariableA
FlushFileBuffers
TlsGetValue
TlsSetValue
TlsAlloc
ReadFile
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
WideCharToMultiByte
HeapFree
CreateThread
ExitThread
GetFileAttributesA
EnterCriticalSection
ExitProcess
FindClose
GetStringTypeW
FindFirstFileA
GetExitCodeThread
FreeLibrary
GetCommandLineA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
MultiByteToWideChar
LeaveCriticalSection
IsDBCSLeadByteEx
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
VerifyVersionInfoA
VerSetConditionMask
SetEvent
ResetEvent
ReadDirectoryChangesW
QueueUserWorkItem
GetVolumeInformationW
GetModuleHandleA
GetLogicalDrives
GetLastError
GetFileAttributesW
GetDriveTypeW
ExpandEnvironmentStringsW
CreateFileW
CloseHandle
DisableThreadLibraryCalls
SetEndOfFile
FileTimeToLocalFileTime
GetFullPathNameA
GetCurrentDirectoryA
UnmapViewOfFile
CreateFileMappingA
GetFileAttributesExA
GetLongPathNameA
GetModuleFileNameA
MapViewOfFile
FindNextFileA

advapi32

RegOpenKeyExA
GetFileSecurityW
LookupAccountSidW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegEnumKeyA

shell32

SHFileOperationW
SHGetFileInfoW

msvcrt

strstr
strrchr
strncpy
strncmp
strlen
strtol
strchr
memmove
memchr
malloc
free
fflush
swscanf
wcscat
wcscpy
wcslen
fread
fwrite
getenv
gmtime
memcmp
atoi
fputc
localeconv
memset
perror
printf
putchar
puts
qsort
rand
realloc
rename
sprintf
sscanf
strcat
strcpy
strpbrk
time
_getch
atol
strcmp

shlwapi

AssocQueryKeyW
AssocQueryStringW

rpcrt4

RpcRaiseException

ws2_32

WSASend
WSASendTo
WSAStartup
WSAStringToAddressA
WSAWaitForMultipleEvents
accept
bind
connect
WSAEventSelect
getaddrinfo
getnameinfo
getpeername
getservbyname
getsockname
listen
recv
send
setsockopt
shutdown
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAAddressToStringA
freeaddrinfo

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc627b667b06b61c62b1df14a48fab85

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcrt

shlwapi

rpcrt4

ws2_32

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 84KB - Virtual size: 2.2MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 84KB - Virtual size: 2.2MB

.rsrc
Size: 8KB - Virtual size: 5KB