installer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

installer.exe
Size

2.4MB
MD5

928b36b73127e7118ab7611328b2aae4
SHA1

56478e331f3ffeb0b62d81908d0a40cbe133dae0
SHA256

ee4ebba96ce87c6f0ca8536b4920d364d72b774dab2ab2c069ea05e4ab054bf4
SHA512

0d66a53ffab08e91aad81e89af01ecd338f8dc9ecbb995bee494d68131e9d07f59db4584c4a2816a3977ed28b79cb2084e3580d9fa8061ef187e75df3e57ec1a
SSDEEP

49152:TyYE8NDtDABfbZ3bE72EFacEZt9GZtieuZbIZ:TyYttyfbZQfFa9GZtDuZ8

Score

1^/10

Malware Config

Signatures

Files

installer.exe
.exe windows x64

2b64f8f273e290ae9595c070731c3f4c

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:b2:f5:02:b8:c2:6a:dd:a8:4d:ea:0b:02:65:42:1f:d2:07:8f:83:3f:98:35:10:69:af:1a:02:91:ae:e3:fc
Signer

Actual PE Digest

92:b2:f5:02:b8:c2:6a:dd:a8:4d:ea:0b:02:65:42:1f:d2:07:8f:83:3f:98:35:10:69:af:1a:02:91:ae:e3:fc

Digest Algorithm

sha256

PE Digest Matches

true

92:b2:f5:02:b8:c2:6a:dd:a8:4d:ea:0b:02:65:42:1f:d2:07:8f:83:3f:98:35:10:69:af:1a:02:91:ae:e3:fc
Signer

Actual PE Digest

92:b2:f5:02:b8:c2:6a:dd:a8:4d:ea:0b:02:65:42:1f:d2:07:8f:83:3f:98:35:10:69:af:1a:02:91:ae:e3:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidCreate

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winhttp

WinHttpReadData
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpOpen
WinHttpSetOption
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse

bcrypt

BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptDestroyKey
BCryptVerifySignature
BCryptImportKeyPair
BCryptFinishHash
BCryptDestroyHash
BCryptHashData

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

SetEvent
RtlUnwindEx
SetLastError
VirtualFree
VirtualQuery
GetModuleHandleA
FreeLibrary
GetModuleFileNameA
GetModuleHandleExA
LoadLibraryA
FormatMessageA
CreateThread
ResumeThread
GetCurrentThreadId
WaitForMultipleObjects
QueueUserAPC
Sleep
ReadFile
OutputDebugStringA
OutputDebugStringW
VirtualAlloc
VirtualProtect
GetFileSizeEx
FindClose
FindFirstFileW
GetModuleFileNameW
MoveFileExW
GetFileAttributesW
FindNextFileW
CreateDirectoryW
WTSGetActiveConsoleSessionId
GetUserDefaultLangID
GetUserDefaultUILanguage
GetCurrentProcessId
OpenProcess
GetEnvironmentVariableW
WaitForSingleObject
GetExitCodeProcess
ProcessIdToSessionId
lstrcmpiW
K32EnumProcesses
QueryFullProcessImageNameW
TerminateProcess
LoadLibraryExW
LocalAlloc
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
ExitProcess
FormatMessageW
GetTickCount64
OpenEventW
GetModuleHandleExW
GetCurrentDirectoryW
ResetEvent
CreateMutexA
ReleaseMutex
WaitNamedPipeW
FindResourceExW
GetNamedPipeClientProcessId
CreateEventW
WriteFile
GetOverlappedResult
CreateSemaphoreW
ReleaseSemaphore
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
DuplicateHandle
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
GetCommandLineA
TlsAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
GetLocaleInfoEx
GetSystemTimeAsFileTime
LCMapStringEx
EncodePointer
RtlPcToFileHeader
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetCommandLineW
CancelIoEx
FindResourceW
SizeofResource
LockResource
LoadResource
DeviceIoControl
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileSize
CreateFileW
GetProcAddress
GetModuleHandleW
RemoveDirectoryW
DeleteFileW
LocalFree
CreateEventA
RtlUnwind
CloseHandle
VerSetConditionMask
VerifyVersionInfoW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
CreateProcessW
TlsGetValue
GetCurrentProcess
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleCP
CreatePipe
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
GetNamedPipeServerProcessId
AreFileApisANSI
GetTempPathW
SetFilePointerEx
SetFileInformationByHandle
SetEndOfFile
GetFileAttributesExW
FindFirstFileExW
InitOnceComplete
InitOnceBeginInitialize
QueryPerformanceFrequency
QueryPerformanceCounter
AcquireSRWLockShared
ReleaseSRWLockShared
GetExitCodeThread
WaitForSingleObjectEx
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
LoadLibraryExA
GetSystemInfo

user32

GetWindowRect
GetClientRect
ClientToScreen
GetWindowLongW
GetParent
GetClassNameW
GetDesktopWindow
FindWindowW
FindWindowExW
EnumChildWindows
SystemParametersInfoW
GetWindowInfo
ExitWindowsEx
MessageBoxW
CharLowerBuffW
UnregisterClassW
GetWindow
MsgWaitForMultipleObjectsEx
PostQuitMessage
GetMessageW
SetClassLongPtrW
SetLayeredWindowAttributes
LoadImageW
AttachThreadInput
GetForegroundWindow
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
EnableWindow
KillTimer
SetTimer
ShowWindow
EndPaint
ReleaseCapture
BringWindowToTop
SetWindowPos
SendMessageW
SetWindowLongW
GetWindowLongPtrW
DestroyWindow
CreateWindowExW
GetCursorPos
CallWindowProcW
DefWindowProcW
BeginPaint
SetCapture
ScreenToClient
MoveWindow
PostMessageW
SetWindowLongPtrW
PtInRect
GetWindowThreadProcessId
DispatchMessageW
TranslateMessage
PeekMessageW

gdi32

CreateSolidBrush

advapi32

IsValidSid
RegSetValueExA
RegQueryValueExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegSetKeySecurity
RegNotifyChangeKeyValue
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
FreeSid
SetTokenInformation
ConvertStringSidToSidW
CreateProcessAsUserW
DuplicateTokenEx
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
OpenServiceW
OpenSCManagerW
SetSecurityInfo
GetSecurityInfo
GetAce
GetAclInformation
AddAce
InitializeAcl
EqualSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
EventWrite
EventUnregister
EventRegister
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoUninitialize
StringFromCLSID
CoCreateGuid
OleSetContainedObject
OleCreate
OleLockRunning
StringFromGUID2
CLSIDFromString
CoTaskMemFree
CoInitializeEx

oleaut32

SafeArrayCreate
SafeArrayLock
SafeArrayDestroy
SysAllocStringLen
SysFreeString
SysAllocString
SysAllocStringByteLen
VariantCopy
VariantClear
VariantInit
VariantChangeType
VariantCopyInd
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnlock

shlwapi

StrRChrW
PathFileExistsW
SHDeleteKeyW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b64f8f273e290ae9595c070731c3f4c

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5eCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4Certificate

Extended Key Usages

Key Usages

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5Certificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

92:b2:f5:02:b8:c2:6a:dd:a8:4d:ea:0b:02:65:42:1f:d2:07:8f:83:3f:98:35:10:69:af:1a:02:91:ae:e3:fcSigner

92:b2:f5:02:b8:c2:6a:dd:a8:4d:ea:0b:02:65:42:1f:d2:07:8f:83:3f:98:35:10:69:af:1a:02:91:ae:e3:fcSigner

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

version

winhttp

bcrypt

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 334KB - Virtual size: 334KB

.data Size: 74KB - Virtual size: 85KB

.pdata Size: 79KB - Virtual size: 79KB

.didat Size: 512B - Virtual size: 264B

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 443KB - Virtual size: 443KB

.reloc Size: 11KB - Virtual size: 11KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

92:b2:f5:02:b8:c2:6a:dd:a8:4d:ea:0b:02:65:42:1f:d2:07:8f:83:3f:98:35:10:69:af:1a:02:91:ae:e3:fc
Signer

92:b2:f5:02:b8:c2:6a:dd:a8:4d:ea:0b:02:65:42:1f:d2:07:8f:83:3f:98:35:10:69:af:1a:02:91:ae:e3:fc
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 334KB - Virtual size: 334KB

.data
Size: 74KB - Virtual size: 85KB

.pdata
Size: 79KB - Virtual size: 79KB

.didat
Size: 512B - Virtual size: 264B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 443KB - Virtual size: 443KB

.reloc
Size: 11KB - Virtual size: 11KB