Static task
static1
General
-
Target
Uninstall.exe
-
Size
94KB
-
MD5
2f6e91c12c627c425bd08bc7c6cbd62a
-
SHA1
df2385b28ac12191c122ca2bd8b186d9f095957c
-
SHA256
1642fd2df44518b11a00ecbb1027dccd0fc1bfc39acf1911119494fd0791c418
-
SHA512
ff566d01583a5e6590b1c29f22165d5d68506598f77439050defb9c9fb6bac984f7c423c561aadbe64409db8183f21a411922cc79c5d815b09eb34bf1faec7e7
-
SSDEEP
1536:oTj2IWkIDFupWfoNMilAhXPOP7rIJxjlERy78Qd:oTwkqkp3BlGP07rIJxjlEU7Z
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Uninstall.exe
Files
-
Uninstall.exe.exe windows x86
48429dd89f53d04179630bed66068bd0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CopyFileW
FindFirstFileW
FindNextFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
FormatMessageW
WideCharToMultiByte
CreateFileA
DeleteFileA
MoveFileA
GetFileAttributesA
SetFileAttributesA
CreateProcessA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetShortPathNameA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
RemoveDirectoryA
GetDriveTypeA
LoadLibraryA
CopyFileA
FindFirstFileA
FindNextFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
FormatMessageA
GetVersionExW
SetErrorMode
MoveFileExW
GetCommandLineW
GetVersionExA
MoveFileW
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
LoadLibraryW
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetCurrentProcess
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
HeapReAlloc
HeapCompact
HeapAlloc
HeapFree
GetDriveTypeW
RemoveDirectoryW
CreateDirectoryW
FlushFileBuffers
GetCurrentDirectoryW
DeleteFileW
CreateFileW
Sleep
GetExitCodeProcess
MultiByteToWideChar
CloseHandle
SetFilePointer
WriteFile
ReadFile
FindClose
GetProcAddress
FreeLibrary
SetCurrentDirectoryW
GetFullPathNameW
GetShortPathNameW
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
CreateProcessW
SetFileAttributesW
IsBadReadPtr
GetFileAttributesW
SetStdHandle
GetLastError
user32
TranslateMessage
DefWindowProcA
CallWindowProcA
EndDialog
DialogBoxParamA
LoadIconA
IsDialogMessageA
SetWindowLongA
PostQuitMessage
DestroyWindow
GetDlgItem
GetSystemMetrics
SetCursor
GetWindow
CreateDialogParamA
PeekMessageA
LoadCursorA
RegisterClassW
GetClassNameW
CreateWindowExW
FindWindowW
DefWindowProcW
CallWindowProcW
CreateDialogParamW
DialogBoxParamW
IsDialogMessageW
DrawTextW
SetWindowTextW
GetWindowLongA
SendMessageA
SendDlgItemMessageA
PostMessageA
GetMessageA
DispatchMessageA
CharToOemA
GetDlgItemTextA
SetDlgItemTextA
SetWindowTextA
DrawTextA
FindWindowA
CreateWindowExA
GetClassNameA
RegisterClassA
LoadCursorW
LoadIconW
CharToOemW
DispatchMessageW
GetMessageW
PeekMessageW
SendDlgItemMessageW
SendMessageW
PostMessageW
GetWindowLongW
SetWindowLongW
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
gdi32
CreateFontIndirectA
RemoveFontResourceW
GetObjectA
GetObjectW
CreateFontIndirectW
DeleteObject
AddFontResourceA
RemoveFontResourceA
AddFontResourceW
GetStockObject
comdlg32
GetOpenFileNameA
GetOpenFileNameW
advapi32
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExW
shell32
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
DragQueryFileA
ole32
OleInitialize
OleUninitialize
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileA
VerFindFileW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
comctl32
ImageList_LoadImageW
ord17
ImageList_LoadImageA
Sections
.text Size: 52KB - Virtual size: 49KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ