93becb3bc65424ce85bce87e090e19c314029cfdc3932c3b8032c31459344387

Sharing

Copy URL Twitter E-mail

General

Target

93becb3bc65424ce85bce87e090e19c314029cfdc3932c3b8032c31459344387
Size

11.3MB
MD5

a6c244c7e3c1b74a8f33f1b59cc16136
SHA1

5080c639d68702540675d0fc3c22f3abd2adada6
SHA256

93becb3bc65424ce85bce87e090e19c314029cfdc3932c3b8032c31459344387
SHA512

29dba49fbf8560e2951754b2f819209a475781eb3eeb1f9ed1607c5cf8f54ff5462638cf5ea0f3017f45c893c152d9561f8f775856aedb75cd19db0f84aad9d9
SSDEEP

196608:ZbNlZhiTDkOc1wCLWrnIhHXfeCr6CQbjpgJqVHZPoYOWf/hur6OFVsTx9p:ZiTDkOc10avtuDpgaZPoYViVk9p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93becb3bc65424ce85bce87e090e19c314029cfdc3932c3b8032c31459344387

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

93becb3bc65424ce85bce87e090e19c314029cfdc3932c3b8032c31459344387
.exe windows x86

4fb4cc9b6bbd0a6c225f7113efbc973e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

EndPaint
PeekMessageA
DispatchMessageA
wvsprintfA
CharPrevA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
SetClipboardData
CloseClipboard
IsDlgButtonChecked
CallWindowProcA
GetMessagePos
LoadCursorA
GetAsyncKeyState
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
GetClientRect
DrawTextA
IsWindowVisible
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
lstrcatA
WriteFile
ReadFile
lstrcpyA
CreateFileA
RemoveDirectoryA
GetTempFileNameA
CreateDirectoryA
CreateThread
CreateProcessA
GlobalUnlock
GetDiskFreeSpaceA
GlobalLock
SetErrorMode
GetVersion
lstrcpynA
GetCommandLineA
GetTempPathA
lstrlenA
SetEnvironmentVariableA
ExitProcess
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetFileSize
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
MoveFileA
GetFullPathNameA
GetLastError
SearchPathA
CompareFileTime
GetShortPathNameA
CloseHandle
lstrcmpiA
SetFileTime
ExpandEnvironmentStringsA
GlobalFree
lstrcmpA
GetModuleHandleA
LoadLibraryExA
GlobalAlloc
MultiByteToWideChar
MoveFileExA
FreeLibrary
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fb4cc9b6bbd0a6c225f7113efbc973e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 111KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 70KB - Virtual size: 69KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 111KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 70KB - Virtual size: 69KB