systeminformer-3[.]0[.]6772-setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

systeminformer-3.0.6772-setup.exe
Size

13.3MB
MD5

f5b4dd6efd822869fd43c82ef8ff8fd5
SHA1

7cc2d35ba2b14b177222a8a4999dd978065fbd2e
SHA256

5a64f7266059c71ecb072bd0ec93215d72bebc379112ac489702f695d5737689
SHA512

7bf5b8b46c308c286faaf96ea366dbf680994d5f9181b9ab2708e5283a619dba968a23889bbe73b9c6c0d6ef8c04db6b2cc41d0079fa3e2795cf9c83aa328476
SSDEEP

393216:vZQyRX7sujtsj1UgkSbbycjWNF3S0B9eFqQSw22G+qQjSbCSb:hduujt+1U9Cx6m0C47fwCCC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
systeminformer-3.0.6772-setup.exe

Files

systeminformer-3.0.6772-setup.exe
.exe windows x86

a504850bde034117984c16e9218e5c69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtEnumerateValueKey
NtOpenKey
RtlDosPathNameToNtPathName_U_WithStatus
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
NtQuerySystemInformationEx
NtOpenProcess
NtSetInformationFile
NtDeleteValueKey
NtQueryDirectoryObject
NtCreateKey
NtCreateFile
NtQueryDirectoryFile
NtSetValueKey
NtQueryValueKey
NtCreateEvent
NtSetEvent
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
RtlUnwind
NtOpenSymbolicLinkObject
NtOpenProcessToken
LdrAccessResource
RtlLeaveCriticalSection
RtlEnterCriticalSection
LdrFindResource_U
RtlExpandEnvironmentStrings_U
NtWaitForSingleObject
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlQueryPerformanceCounter
RtlFindMessage
RtlAddAccessAllowedAce
NtDelayExecution
RtlQueryEnvironmentVariable_U
NtQueryInformationToken
RtlGetFullPathName_UEx
NtQueryPerformanceCounter
RtlFreeUnicodeString
RtlRandomEx
RtlSetDaclSecurityDescriptor
NtCreateDirectoryObject
RtlGetFullPathName_U
RtlNtStatusToDosErrorNoTeb
RtlCreateHeap
RtlSetHeapInformation
RtlGetVersion
NtQueryInformationProcess
NtQuerySystemInformation
RtlInterlockedPopEntrySList
RtlUnicodeToUTF8N
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlUTF8ToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
NtCreateThreadEx
RtlUpcaseUnicodeChar
RtlAllocateHeap
NtFreeVirtualMemory
RtlRaiseStatus
RtlInitializeSListHead
RtlInterlockedPushEntrySList
NtQueryMutant
NtQueryInformationFile
NtReadFile
NtWriteFile
NtDeleteKey
NtOpenMutant
NtTerminateProcess
NtClose
NtQueryAttributesFile
NtCreateMutant

kernel32

DecodePointer
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileW
HeapSize
GetLastError
GetNativeSystemInfo
MoveFileExW
TlsSetValue
TlsAlloc
TlsGetValue
GetLocaleInfoW
MultiByteToWideChar
FormatMessageW
LocalFree
LoadLibraryExW
FreeLibrary
IsProcessorFeaturePresent
FindFirstFileExW
FindClose
WideCharToMultiByte
SetFilePointerEx
HeapReAlloc
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
LCMapStringW
CompareStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
GetCPInfo
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetConsoleOutputCP
WriteFile
GetConsoleMode
CloseHandle
GetFileType
CreateFileW
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.9MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a504850bde034117984c16e9218e5c69

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 172KB - Virtual size: 170KB

.data Size: 4KB - Virtual size: 8KB

.didat Size: 4KB - Virtual size: 192B

.rsrc Size: 12.9MB - Virtual size: 12.9MB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 172KB - Virtual size: 170KB

.data
Size: 4KB - Virtual size: 8KB

.didat
Size: 4KB - Virtual size: 192B

.rsrc
Size: 12.9MB - Virtual size: 12.9MB

.reloc
Size: 12KB - Virtual size: 9KB