cav_installer_10387_17[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

cav_installer_10387_17.exe
Size

5.4MB
MD5

7be4a95313c926e0233571f89291f487
SHA1

a16e410af1f001434d5ed5194f0755aa24173589
SHA256

4e3da75745b7e4887965862b11ba68bc7aadf3ea000636554dfc8f0b8e3261ae
SHA512

31df4d21db3ddaa96a7f2492572660990621050dc74ec56fe6eca725cc2d9beb63f8b74f8c8ffc85f42fcc32540117f97b9235f0d6256f10e1da7819b5d940bc
SSDEEP

98304:23oeoi7dSeyB6A89FbeCD25kvriejkx9sZjMK6vx6IF/M8aWzBWcPNkNzt/c:23oeoYSeyB6vnKCD25kvmeh6vFF//aF0

Score

1^/10

Malware Config

Signatures

Files

cav_installer_10387_17.exe
.exe windows x86

cb2f8861ae9e888fc248b97ed817726f

Code Sign

1b:42:7b:06:0e:28:66:bf:b5:86:cc:26:7e:1c:3e:aa
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04-12-2018 00:00

Not After

03-12-2021 23:59

Subject

SERIALNUMBER=3910805,CN=Comodo Security Solutions\, Inc.,O=Comodo Security Solutions\, Inc.,POSTALCODE=07013,STREET=1255 Broad St,L=Clifton,ST=NJ,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:a2:a8:3f:8d:8d:f4:67:66:f3:bc:52:fa:9e:b6:ba:65:f9:10:65:a4:47:c0:5f:8f:54:f5:3c:18:e8:6c:88
Signer

Actual PE Digest

16:a2:a8:3f:8d:8d:f4:67:66:f3:bc:52:fa:9e:b6:ba:65:f9:10:65:a4:47:c0:5f:8f:54:f5:3c:18:e8:6c:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

SizeofResource
GetStdHandle
WriteFile
FindClose
MulDiv
GetSystemTimeAsFileTime
CompareFileTime
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrlenA
lstrlenW
LoadLibraryA
GetModuleHandleW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
FindResourceExA
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLCID
GetVersion
SetProcessWorkingSetSize
GetCurrentProcess
GetExitCodeProcess
CreateIoCompletionPort
GetQueuedCompletionStatus
ResumeThread
CloseHandle
GetModuleFileNameW
CreateProcessW
GetStartupInfoW
GetCommandLineW
SetEnvironmentVariableW
GetDriveTypeW
GetSystemDirectoryA
GetTempPathW
SetCurrentDirectoryW
CreateFileW
GetVersionExW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
InitializeCriticalSection
SetEvent
ResetEvent
CreateEventW
LocalFree
GetCurrentThreadId
TerminateThread
SuspendThread
FormatMessageW
lstrcpyW
GetSystemDirectoryW
IsBadReadPtr
EnterCriticalSection
LoadResource
DeleteCriticalSection
VirtualAlloc
VirtualFree
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
WaitForMultipleObjects
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
LoadLibraryW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetProcessHeap
TlsFree
TlsSetValue
WriteConsoleW
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
IsDebuggerPresent
HeapSize
GetModuleHandleExW
ExitProcess
InterlockedDecrement
IsProcessorFeaturePresent
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
RaiseException
RtlUnwind
LoadLibraryExW
ExitThread
DecodePointer
GlobalFree
GlobalAlloc
GetProcAddress
LockResource
SetFileAttributesW
GetDiskFreeSpaceExW
SystemTimeToFileTime
GetLocalTime
Sleep
SetLastError
WaitForSingleObject
GetLastError
GetExitCodeThread
CreateThread
LeaveCriticalSection
EncodePointer

user32

EndDialog
SendMessageW
wsprintfW
wsprintfA
SystemParametersInfoW
DrawIconEx
LoadImageW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetWindowLongW
PtInRect
ClientToScreen
MessageBeep
GetClientRect
GetDC
DrawTextW
EnableMenuItem
GetSystemMenu
GetSystemMetrics
EnableWindow
SetFocus
GetDlgItem
DialogBoxIndirectParamW
ShowWindow
IsWindow
CreateWindowExA
CallWindowProcW
DefWindowProcW
MessageBoxA
GetKeyState
CopyImage
GetClassNameA
GetParent
GetWindowLongW
GetSysColor
ScreenToClient
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
ReleaseDC
GetWindowDC
GetMenu
KillTimer
SetTimer
CharUpperW
SetWindowPos
DestroyWindow
CreateWindowExW
DispatchMessageW
GetMessageW
wvsprintfW

gdi32

CreateFontIndirectW
GetObjectW
SetStretchBltMode
StretchBlt
SelectObject
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

shell32

SHGetFileInfoW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
OleLoadPicture
SysAllocString
VariantClear
SysAllocStringLen

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb2f8861ae9e888fc248b97ed817726f

Code Sign

1b:42:7b:06:0e:28:66:bf:b5:86:cc:26:7e:1c:3e:aaCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

16:a2:a8:3f:8d:8d:f4:67:66:f3:bc:52:fa:9e:b6:ba:65:f9:10:65:a4:47:c0:5f:8f:54:f5:3c:18:e8:6c:88Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 29KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 14KB - Virtual size: 13KB

1b:42:7b:06:0e:28:66:bf:b5:86:cc:26:7e:1c:3e:aa
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

16:a2:a8:3f:8d:8d:f4:67:66:f3:bc:52:fa:9e:b6:ba:65:f9:10:65:a4:47:c0:5f:8f:54:f5:3c:18:e8:6c:88
Signer

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 29KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 14KB - Virtual size: 13KB