FortiClientSetup_6[.]4[.]3_x86[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FortiClientSetup_6.4.3_x86.exe
Size

14.0MB
MD5

fd300da4865c3e3ee1aa61c8466654cd
SHA1

aac941e016e4bc0bdb3d8b75089c843d5edf0c24
SHA256

06a7f1ffd53dd3f09971443b04e308fbbd7445c0041cbac73b76c5acc9dc25bd
SHA512

a6de8c9f8a87cebd0b4447bb2fe7a7155d948f04d920e0896232c9ae62c88661b3c1d39b23f08a11e5bfb7c6051999d219cb712cc36ac7eaccd7d8c93164c4be
SSDEEP

196608:rYenj0M37e/zavyapRdeMb42odJxgUJGLl7bLWPFLOyomFHKnPyFTLRLxvqe:rY6j0ae7av/YMklsl7bLWPFHFTlLxv7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FortiClientSetup_6.4.3_x86.exe

Files

FortiClientSetup_6.4.3_x86.exe
.exe windows x86

2d748ef66a7cbe23260536921c23585b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
ioctlsocket
getsockname
getsockopt
gethostbyname
WSAStartup
WSAAddressToStringA
WSAGetLastError
getnameinfo
recv
send
WSASetLastError
accept
bind
closesocket
connect
listen
setsockopt
socket
getaddrinfo
WSACleanup
freeaddrinfo
ntohl

rpcrt4

UuidCreate

crypt32

CertGetCertificateContextProperty
CertNameToStrW
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFindCertificateInStore
CryptProtectData
CryptUnprotectData
CryptProtectMemory
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertFreeCertificateChain
CryptUnprotectMemory
CryptMsgClose
CryptMsgGetParam

userenv

LoadUserProfileW
UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSQuerySessionInformationW
WTSFreeMemory

msi

ord137
ord141
ord205
ord173
ord113
ord118
ord169
ord158
ord160
ord159
ord32
ord70
ord8
ord111
ord88
ord190
ord175
ord43
ord78
ord151
ord150
ord92

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

SHCopyKeyW
SHDeleteKeyW
PathIsDirectoryW
PathBuildRootW
PathGetDriveNumberW
PathMatchSpecW

psapi

GetModuleFileNameExW
EnumProcesses

kernel32

DeviceIoControl
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
WideCharToMultiByte
SetEvent
GetCurrentProcessId
WriteFile
SetNamedPipeHandleState
WaitNamedPipeW
GetOverlappedResult
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
WaitForMultipleObjects
CopyFileW
VerSetConditionMask
GetSystemInfo
VerifyVersionInfoW
OpenProcess
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetLogicalDrives
GetLongPathNameW
GetVolumePathNameW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
TerminateProcess
OpenThread
ReadProcessMemory
lstrlenW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
LocalAlloc
Process32FirstW
Process32NextW
GetCurrentThread
QueryPerformanceCounter
MultiByteToWideChar
OpenEventW
CreateProcessW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetACP
SetThreadLocale
GetUserDefaultUILanguage
GetSystemDirectoryA
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
CreateFileA
SetFilePointer
DebugBreak
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameA
lstrlenA
GetFileInformationByHandle
GetFileTime
SetFileTime
GlobalAlloc
GlobalFree
GetTempPathA
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceExA
EnumResourceLanguagesW
CreateDirectoryA
GetFullPathNameW
FindFirstFileA
FindNextFileA
GetFileAttributesA
LocalFileTimeToFileTime
SetFileAttributesA
FileTimeToDosDateTime
DosDateTimeToFileTime
LoadLibraryA
GetCommandLineW
ExitProcess
GetExitCodeProcess
CreateThread
FormatMessageW
FindResourceA
FindResourceW
GlobalFindAtomW
MoveFileW
CompareStringW
SetEnvironmentVariableW
lstrcmpW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetWaitableTimer
TerminateThread
CreateWaitableTimerW
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
GetStdHandle
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FreeLibrary
GetVersionExW
GetTickCount
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
CreateFileW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetFullPathNameA
GetFileSizeEx
GetVolumeInformationW
SetEndOfFile
GetStringTypeW
FindFirstFileExW
GetDiskFreeSpaceExW
AreFileApisANSI
CreateDirectoryExW
CreateHardLinkW
GetCPInfo
GetFileSize
GetFileAttributesExW
GetFileAttributesW
EncodePointer
SwitchToThread
LCMapStringW
GetLocaleInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
PeekNamedPipe
FileTimeToSystemTime
SetFilePointerEx
GetConsoleCP
SetConsoleCtrlHandler
WriteConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetLogicalDriveStringsW
GetDriveTypeW
SearchPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
MoveFileExW
GetCurrentThreadId
CloseHandle
ReadFile
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
LoadLibraryW
FileTimeToLocalFileTime
LocalFree
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateToolhelp32Snapshot
GetSystemTime

user32

GetSystemMetrics
MoveWindow
EndDialog
FindWindowW
SetDlgItemTextW
CheckDlgButton
MessageBoxW
ExitWindowsEx
GetWindowThreadProcessId
MessageBoxA
LoadStringA
LoadStringW
GetDlgItem
IsDlgButtonChecked
EnableWindow
SetWindowTextW
GetUserObjectInformationW
GetWindowRect
MessageBoxExW
GetProcessWindowStation
UnregisterClassW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
LookupAccountSidW
DuplicateTokenEx
CreateProcessAsUserW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RevertToSelf
MapGenericMask
ImpersonateSelf
AccessCheck
OpenThreadToken
RegOpenKeyW
ImpersonateLoggedOnUser
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetUserNameW
IsValidSid
GetTokenInformation
FreeSid
DuplicateToken
CheckTokenMembership
AllocateAndInitializeSid
LookupPrivilegeValueW
LookupAccountNameW
SetSecurityDescriptorDacl
SetFileSecurityW
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetLengthSid
GetFileSecurityW
GetAclInformation
GetAce
EqualSid
AdjustTokenPrivileges
AddAce
AddAccessAllowedAce
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
ChangeServiceConfigW
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
RegQueryValueExA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegOpenCurrentUser
InitiateSystemShutdownW
ChangeServiceConfig2W
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
LsaOpenPolicy

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
StringFromCLSID
CoCreateInstance
IIDFromString

oleaut32

SysAllocString
SysFreeString

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.2MB - Virtual size: 11.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d748ef66a7cbe23260536921c23585b

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

crypt32

userenv

wtsapi32

msi

version

shlwapi

psapi

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

bcrypt

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 580KB - Virtual size: 580KB

.data Size: 17KB - Virtual size: 48KB

.rsrc Size: 11.2MB - Virtual size: 11.2MB

.reloc Size: 94KB - Virtual size: 93KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 580KB - Virtual size: 580KB

.data
Size: 17KB - Virtual size: 48KB

.rsrc
Size: 11.2MB - Virtual size: 11.2MB

.reloc
Size: 94KB - Virtual size: 93KB