systeminformer-3[.]0[.]6433-setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

systeminformer-3.0.6433-setup.exe
Size

11.0MB
MD5

7198c6a458f769600aa8b0aeb57e85a3
SHA1

97945b2688716b6f870ae07b6eea8683e49759d4
SHA256

0c215350b905ab89fca925355c3964516ef790b4cb0b2c03e782928d0a239acf
SHA512

5a2e2ea7f2396eb6365ebc126d1c579b927ef602bf9607abf8311a2b44ba4e991e94a3788462df044605f2b9f7b100136d5dd8b9423c5b1d22f43d3f3b3bb6d4
SSDEEP

196608:eJzBdBks4ScAaMhrIksSAwfeSN3fnUMhv8WHafucSABbVDrUMGdBks4ScApnM387:e7dBwSPamPXfeOvFLafucpbVDrLGdBwI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
systeminformer-3.0.6433-setup.exe

Files

systeminformer-3.0.6433-setup.exe
.exe windows x86

2483149496441a7ee7222b54d2a482f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtEnumerateValueKey
NtOpenKey
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
NtQuerySystemInformationEx
NtOpenProcess
NtSetInformationFile
NtDeleteValueKey
NtQueryDirectoryObject
NtCreateKey
NtCreateFile
NtQueryDirectoryFile
NtSetValueKey
NtOpenFile
NtQueryValueKey
NtCreateEvent
NtSetEvent
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
RtlUnwind
NtOpenSymbolicLinkObject
NtOpenProcessToken
LdrAccessResource
RtlLeaveCriticalSection
RtlEnterCriticalSection
LdrFindResource_U
RtlExpandEnvironmentStrings_U
NtWaitForSingleObject
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlQueryPerformanceCounter
RtlFindMessage
RtlAddAccessAllowedAce
NtDelayExecution
RtlQueryEnvironmentVariable_U
NtQueryInformationToken
RtlGetFullPathName_UEx
NtQueryPerformanceCounter
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlRandomEx
RtlSetDaclSecurityDescriptor
NtCreateDirectoryObject
RtlGetFullPathName_U
RtlNtStatusToDosErrorNoTeb
RtlCreateHeap
RtlSetHeapInformation
RtlGetVersion
NtQueryInformationProcess
NtQuerySystemInformation
RtlInterlockedPopEntrySList
RtlUnicodeToUTF8N
RtlFreeHeap
RtlCreateUserThread
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlUTF8ToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlRaiseStatus
RtlInitializeSListHead
RtlInterlockedPushEntrySList
NtQueryMutant
NtQueryInformationFile
NtReadFile
NtWriteFile
NtDeleteKey
NtOpenMutant
NtTerminateProcess
NtClose
NtQueryAttributesFile
NtCreateMutant

kernel32

DecodePointer
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileW
HeapSize
GetLastError
GetNativeSystemInfo
MoveFileExW
TlsSetValue
TlsAlloc
TlsGetValue
GetLocaleInfoW
MultiByteToWideChar
FormatMessageW
LocalFree
LoadLibraryExW
FreeLibrary
IsProcessorFeaturePresent
FindFirstFileExW
FindClose
WideCharToMultiByte
SetFilePointerEx
HeapReAlloc
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
LCMapStringW
CompareStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
GetCPInfo
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetConsoleOutputCP
WriteFile
GetConsoleMode
CloseHandle
GetFileType
CreateFileW
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2483149496441a7ee7222b54d2a482f6

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 244KB - Virtual size: 243KB

.rdata Size: 172KB - Virtual size: 170KB

.data Size: 8KB - Virtual size: 9KB

.didat Size: 4KB - Virtual size: 196B

.rsrc Size: 10.6MB - Virtual size: 10.6MB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 244KB - Virtual size: 243KB

.rdata
Size: 172KB - Virtual size: 170KB

.data
Size: 8KB - Virtual size: 9KB

.didat
Size: 4KB - Virtual size: 196B

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

.reloc
Size: 12KB - Virtual size: 9KB