Essential Mod Installer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Essential Mod Installer.exe
Size

9.4MB
MD5

f33d3c19b7fd94d6b30d0597d9319397
SHA1

b47dae72ee69195f3fca2a7b08ae0022076a605d
SHA256

73fe0a497113ad970b1c09a1164b3dfa63b0a543b1c48f08afd7649fbde2e194
SHA512

91e86721a2b228748e651d5ee6e4de802eac0d1c8d735ccaa7d40c26d0041b2b370d45c0bd17fbdebae7c991b2a94ad7cbb8c125b734f378b412c5749e47c2f0
SSDEEP

98304:g2Nmnyq9lYcutuq8ol2suKkpWVb5TmT+219vWNC:nmnzYasj5TW9

Score

1^/10

Malware Config

Signatures

Files

Essential Mod Installer.exe
.exe windows x64

01fe34b8ee4c1d724d1b48b97ac18098

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ad:aa:47:e6:c8:0e:1f:b3:82:7c:e7:10:2b:19:ef
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15-08-2022 00:00

Not After

08-09-2023 23:59

Subject

CN=ModCore Inc,O=ModCore Inc,L=Mount Vernon,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:a1:6d:99:cb:19:5a:f0:39:b9:05:03:b5:80:37:80:9a:2d:a3:e6
Signer

Actual PE Digest

c2:a1:6d:99:cb:19:5a:f0:39:b9:05:03:b5:80:37:80:9a:2d:a3:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GlobalUnlock
GetProcAddress
LoadLibraryExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FlsAlloc
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
SwitchToThread
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
TerminateProcess
WriteFile
GlobalFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
WaitForSingleObject
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FreeLibrary
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetSystemTimeAsFileTime
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
AddVectoredExceptionHandler
SetThreadStackGuarantee
CompareStringW
SetThreadErrorMode
HeapReAlloc
FlsGetValue
FlsSetValue
TlsFree
GetSystemInfo
UnmapViewOfFile
TryAcquireSRWLockExclusive
GetCurrentProcess
GetQueuedCompletionStatusEx
GetLastError
LCMapStringW
CreateIoCompletionPort
SetFileCompletionNotificationModes
SetLastError
GetFinalPathNameByHandleW
Sleep
GetModuleHandleA
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
lstrlenW
HeapSize
FlsFree
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
FlushFileBuffers
QueryPerformanceCounter
CloseHandle
GetConsoleOutputCP
GlobalLock
IsProcessorFeaturePresent
SetFilePointerEx
QueryPerformanceFrequency
GetModuleHandleW
CreateEventA
RemoveVectoredExceptionHandler
VirtualProtect
GetCurrentThreadId
HeapAlloc
MapViewOfFile
CreateFileMappingW
FindClose
GetProcessHeap
SetHandleInformation
GetCurrentThread
GetStdHandle
GetConsoleMode
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
GetTempPathW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
FindFirstFileW
PostQueuedCompletionStatus
ReleaseSRWLockShared
AcquireSRWLockShared
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetModuleFileNameW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
HeapFree
CreateEventW
CancelIo
ReadFile
ExitProcess
GetCurrentDirectoryW
RtlCaptureContext

user32

GetClipCursor
ClipCursor
GetDC
IsProcessDPIAware
ShowCursor
GetActiveWindow
DestroyIcon
TranslateMessage
GetMenu
AdjustWindowRectEx
SetWindowLongW
PostMessageW
SendMessageW
ShowWindow
SystemParametersInfoA
DispatchMessageW
RegisterWindowMessageA
DestroyWindow
GetKeyboardLayout
ToUnicodeEx
GetKeyState
GetKeyboardState
RedrawWindow
SetWindowPos
SetClipboardData
EmptyClipboard
InvalidateRgn
OpenClipboard
GetMonitorInfoW
MonitorFromPoint
SetForegroundWindow
SendInput
RegisterRawInputDevices
CloseClipboard
MapVirtualKeyW
GetMessageW
SetWindowLongPtrW
CreateWindowExW
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
RegisterClassExW
GetClipboardData
RegisterTouchWindow
GetSystemMetrics
GetUpdateRect
ValidateRect
GetRawInputData
SetWindowTextW
GetWindowLongPtrW
MapVirtualKeyA
MsgWaitForMultipleObjectsEx
MonitorFromRect
PeekMessageW
PostThreadMessageW
DefWindowProcW
SetCursor
LoadCursorW
MonitorFromWindow
GetCursorPos
ClientToScreen
GetClientRect
GetWindowLongW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ReleaseCapture
SetCapture
TrackMouseEvent

advapi32

SystemFunction036
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken

bcrypt

BCryptGenRandom

ws2_32

closesocket
WSAGetLastError
WSAIoctl
setsockopt
ioctlsocket
WSASocketW
WSACleanup
getsockname
getpeername
bind
WSASend
connect
getsockopt
shutdown
getaddrinfo
freeaddrinfo
send
recv
WSAStartup

ole32

RegisterDragDrop
RevokeDragDrop
CoInitializeEx
CoUninitialize
OleInitialize
CoCreateInstance

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod

crypt32

CertOpenStore
CertDuplicateStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertGetCertificateChain
CertCloseStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertEnumCertificatesInStore

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ntdll

NtDeviceIoControlFile
NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx

secur32

QueryContextAttributesW
InitializeSecurityContextW
ApplyControlToken
DecryptMessage
DeleteSecurityContext
AcceptSecurityContext
EncryptMessage
AcquireCredentialsHandleA
FreeCredentialsHandle
FreeContextBuffer

d3dcompiler_47

D3DCompile

shell32

DragQueryFileW
DragFinish

uxtheme

SetWindowTheme

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01fe34b8ee4c1d724d1b48b97ac18098

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

09:ad:aa:47:e6:c8:0e:1f:b3:82:7c:e7:10:2b:19:efCertificate

Extended Key Usages

Key Usages

c2:a1:6d:99:cb:19:5a:f0:39:b9:05:03:b5:80:37:80:9a:2d:a3:e6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

bcrypt

ws2_32

ole32

winmm

crypt32

gdi32

dwmapi

ntdll

secur32

d3dcompiler_47

shell32

uxtheme

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 245KB - Virtual size: 245KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 31KB - Virtual size: 30KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

09:ad:aa:47:e6:c8:0e:1f:b3:82:7c:e7:10:2b:19:ef
Certificate

c2:a1:6d:99:cb:19:5a:f0:39:b9:05:03:b5:80:37:80:9a:2d:a3:e6
Signer

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 245KB - Virtual size: 245KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 31KB - Virtual size: 30KB