UninstallView[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

UninstallView.exe
Size

191KB
MD5

03bdb34ec9d1fbd7ddb213fbd59f0a71
SHA1

ad9021927486e0dbc41ef4f1663dcb2204046fef
SHA256

43b28b33f77a5038abc86cfcbf3d3ae13be6e5cff6448160bf160a03a673d4b5
SHA512

7754604e0ef38ccbb24a43db619d5d392cbcc1ae1f1031b9643627a0e4b234875b6951092803a1645de7e5e46b2b5f53fc17044112192b92246a3f65368d4e4d
SSDEEP

3072:NafaA1FPstk5CWVq6O4u1y87o5xMADJbSWu9kGHwG7MIPwXaCf:o1FFwvP7o5xMAYW5qE

Score

N/A

Malware Config

Signatures

Files

UninstallView.exe
.exe windows x64

4ca2efebadabb9937c795e7481d9027e

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:f1:0e:c0:98:de:40:bd:4d:cf:11:7b:3f:de:e4:e1:23:ca:70:a7:5a:5f:cd:bd:36:8a:0b:41:5b:b8:00:f2
Signer

Actual PE Digest

5c:f1:0e:c0:98:de:40:bd:4d:cf:11:7b:3f:de:e4:e1:23:ca:70:a7:5a:5f:cd:bd:36:8a:0b:41:5b:b8:00:f2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

15-12-2022 13:57
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_initterm
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
__setusermatherr
_commode
_fmode
__set_app_type
_cexit
_wcslwr
strlen
qsort
_itow
memmove
_ultow
_memicmp
malloc
free
modf
wcschr
memcmp
wcsrchr
wcstoul
towupper
wcscmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
_wcsicmp
wcsncmp
wcslen
_wcsnicmp
_wtoi
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
ord17
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

mpr

WNetGetUniversalNameW

kernel32

GetCurrentThreadId
SetEnvironmentVariableW
Sleep
EnumResourceTypesW
CreateThread
GetStartupInfoW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetDriveTypeW
GetLogicalDrives
GetTickCount
FormatMessageW
GetLastError
GetVersionExW
FindNextFileW
GetTimeFormatW
WriteFile
FindClose
GetFileAttributesW
FindResourceW
LoadResource
SystemTimeToTzSpecificLocalTime
ReadFile
GetModuleFileNameW
LoadLibraryExW
GlobalAlloc
CreateFileW
GetSystemDirectoryW
CloseHandle
GetWindowsDirectoryW
GetDateFormatW
WideCharToMultiByte
FileTimeToLocalFileTime
GetTempFileNameW
MultiByteToWideChar
GetCurrentProcess
lstrlenW
GetNumberFormatW
LockResource
GetFileSize
LocalFree
GlobalUnlock
GetLocaleInfoW
lstrcpyW
GlobalLock
GetTempPathW
SizeofResource
FindFirstFileW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
CreateProcessW
GetCurrentDirectoryW
DeleteFileW
ExpandEnvironmentStringsW
GetCurrentProcessId
ReadProcessMemory
ExitProcess
OpenProcess

user32

ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
GetDC
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
DestroyIcon
GetParent
LoadImageW
LoadIconW
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetFocus
ChildWindowFromPoint
SetTimer
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
CheckMenuRadioItem
GetMenuStringW
CloseClipboard
MoveWindow
GetMenu
EmptyClipboard
EnableMenuItem
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
InsertMenuItemW
GetMenuItemCount
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
SetMenuItemInfoW
GetKeyState
CreatePopupMenu
IsDialogMessageW
RegisterWindowMessageW
TrackPopupMenu
TranslateMessage
PostQuitMessage
GetMessageW
InsertMenuW
DrawTextExW
RemoveMenu
DispatchMessageW
MonitorFromWindow
GetMonitorInfoW
AttachThreadInput
SetForegroundWindow
GetWindowThreadProcessId
EnumWindows
KillTimer
SetWindowTextW

gdi32

SetBkMode
GetStockObject
DeleteObject
GetTextExtentPoint32W
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
CreateCompatibleDC
GetObjectW
DeleteDC
GetPixel
SetPixel
CreateFontIndirectW
SetTextColor
SelectObject
SetBkColor
GetDeviceCaps

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

OpenProcessToken
GetTokenInformation
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
StartServiceW
GetFileSecurityW
RegDeleteKeyW
OpenServiceW
ControlService
GetUserNameW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
RegConnectRegistryW
QueryServiceStatus
RegQueryInfoKeyW

shell32

ExtractIconExW
ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
Shell_NotifyIconW

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ca2efebadabb9937c795e7481d9027e

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

5c:f1:0e:c0:98:de:40:bd:4d:cf:11:7b:3f:de:e4:e1:23:ca:70:a7:5a:5f:cd:bd:36:8a:0b:41:5b:b8:00:f2Signer

Signature Validations

Verification

15-12-2022 13:57 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

mpr

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 28KB - Virtual size: 28KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

5c:f1:0e:c0:98:de:40:bd:4d:cf:11:7b:3f:de:e4:e1:23:ca:70:a7:5a:5f:cd:bd:36:8a:0b:41:5b:b8:00:f2
Signer

15-12-2022 13:57
Valid: true

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 28KB