install[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

install.rar
Size

1.2MB
MD5

086f77a230b490aebc4cc15655dbb9ec
SHA1

aafbca7f90bc19d3962da53c8f1d1f6127308021
SHA256

191e92a29c5c5fe6c3698670bc2ae595c2c6e2a1f4a836611012637d9b202245
SHA512

236372fc94e79f06d8175ab5be09e7dfc7984bcf87d9a17ad6774a4f2fc6066c058fbde5472b8d72bdd76324b9c4e6df9a0621b2d9dd65755bac900fbce09a81
SSDEEP

24576:XYQei130hwcDacmjcW+yQOvhB4aUwZ4WK+xpKoie56zf5x2JS9zpJLG6O8zN:IHi1gwcOcmjT+jO34lwZ4v+7K2Wx2Gu2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe

Files

install.rar
.rar
Setup.exe
.exe windows x86

Password: 1375

60f6241d521cb0140c9377b92c376f7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegFlushKey

gdi32

PolyPolyline
GetMapMode
OffsetWindowOrgEx

oleaut32

VarI8FromR8
LPSAFEARRAY_UserUnmarshal

mprapi

MprInfoBlockFind

winspool.drv

SetPrinterW

mscms

UninstallColorProfileW

setupapi

SetupDiGetClassDevsA
CM_Get_Hardware_Profile_Info_ExW

kernel32

EnterCriticalSection
SetCommTimeouts
GetVolumePathNameW
OutputDebugStringA
GetBinaryTypeA
GetModuleHandleA
GetModuleFileNameA
CloseHandle
GetLastError
GetModuleFileNameW

user32

GetAsyncKeyState
SetProcessDefaultLayout
SetActiveWindow
CharUpperBuffW
CreateMenu
GetSysColor
SetLayeredWindowAttributes
WindowFromPoint

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dataa/Data/16.0.15128.20264/stream.x86.x-none.dat.cat
dataa/Data/branch.txt
dataa/Data/v32.cab
.cab

Password: 1375
VersionDescriptor.xml
v32.hash
dataa/Data/v32_16.0.15128.20264.cab
.cab

Password: 1375
VersionDescriptor.xml
v32.hash
dataa/Data/v64.cab
.cab

Password: 1375
VersionDescriptor.xml
v64.hash

Sharing

General

Malware Config

Signatures

Files

Password: 1375

60f6241d521cb0140c9377b92c376f7c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

oleaut32

mprapi

winspool.drv

mscms

setupapi

kernel32

user32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 656KB - Virtual size: 652KB

.data Size: 40KB - Virtual size: 53KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 13KB

Password: 1375

Password: 1375

Password: 1375

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 656KB - Virtual size: 652KB

.data
Size: 40KB - Virtual size: 53KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 13KB