Install[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Install.7z
Size

4.0MB
MD5

59f37e5968d172dda0b23695295fe267
SHA1

9f1e98b65bb51813b27a14a0df64edb71b827b3f
SHA256

4ede62bf85e294fe76953a7c8925fde3b6ef2474997c8dc64186d4200c36dff0
SHA512

1641ecb38b15c9c27c7926a38f27fce4fb34ee407d58bc107f30b6149fef0a9d2b2aadd7d7d282a728f0b14d9cb3505853617740fe6a5c6168bfacdfa1d90b0b
SSDEEP

98304:rtqF4zWt90B6nLl9s4ruKqMIrWOUodIHDSNCYafpEiWef9:rtqWUSis4qKqMIrPUw0ZRE7eF

Score

1^/10

Malware Config

Signatures

Files

Install.7z
.7z

Password: 1234
Install.exe
.exe windows x86

Password: 1234

5720bd0cee3ab34ad6694631cdea7f20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoInitializeEx

Sections

.MPRESS1
Size: 3.7MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mlang.dll
.dll windows x86

Password: 1234

0e32e11591084b79816edf67ffe393a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
__CxxFrameHandler3
??0exception@@QAE@ABQBD@Z
memcpy
??3@YAXPAX@Z
??1exception@@UAE@XZ
memmove
_XcptFilter
_amsg_exit
free
_initterm
_callnewh
_except_handler4_common
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
malloc
memcmp
wcsstr
strstr
atoi
_ultoa_s
_vsnprintf
strncmp
wcschr
memcpy_s
strchr
strrchr
_purecall
??_V@YAXPAX@Z
?what@exception@@UBEPBDXZ
memset

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleFileNameA
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
FindResourceExW
LoadResource
DisableThreadLibraryCalls
LoadStringA

api-ms-win-core-localization-l1-2-0

GetACP
GetSystemDefaultLangID
IsDBCSLeadByte
GetLocaleInfoA
IsDBCSLeadByteEx
GetCPInfo
IsValidCodePage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

CreateFileA
GetFileAttributesA
WriteFile
GetFileSize

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExA
GetSystemTimeAsFileTime
GetSystemDirectoryA

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExA

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-kernel32-legacy-l1-1-0

FindResourceExA
GetStringTypeExA
CreateFileMappingA

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionA
PathRenameExtensionA
PathFindFileNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpiA
lstrcmpiW
lstrcmpA

api-ms-win-core-stringansi-l1-1-0

CharNextExA
CharNextA
CharLowerA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICA

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ConvertINetMultiByteToUnicode
ConvertINetReset
ConvertINetString
ConvertINetUnicodeToMultiByte
DllCanUnloadNow
DllGetClassObject
GetGlobalFontLinkObject
IsConvertINetStringAvailable
LcidToRfc1766A
LcidToRfc1766W
Rfc1766ToLcidA
Rfc1766ToLcidW

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

5720bd0cee3ab34ad6694631cdea7f20

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.MPRESS1 Size: 3.7MB - Virtual size: 8.1MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 149KB - Virtual size: 148KB

Password: 1234

0e32e11591084b79816edf67ffe393a3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-stringansi-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 134KB

.data Size: 14KB - Virtual size: 15KB

.idata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 96B

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 8KB - Virtual size: 7KB

.MPRESS1
Size: 3.7MB - Virtual size: 8.1MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 149KB - Virtual size: 148KB

.text
Size: 134KB - Virtual size: 134KB

.data
Size: 14KB - Virtual size: 15KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 96B

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 8KB - Virtual size: 7KB