AppInstallerFullTrustAppServiceClient[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

AppInstallerFullTrustAppServiceClient.exe
Size

286KB
MD5

bc7de5e194cc00b1dddc969880c9342f
SHA1

eacf22ea5aea52abdf10745233ba33191b621c4e
SHA256

970f4fec87a4d6db95757efdf7692ae6dec9934e01394239d3bf30c47688d939
SHA512

05a2d84eafe93ae81c4ab2d89a941c3c3f98b2fbed960d4705eb98255e6fb7885cc2a54bed095e10e7737b247e0d70eef9dc68606109197fbb5debdb4bd80706
SSDEEP

3072:ZNtKU+Ba21/z2HtpuKhvcSGr/kbtc2GwxHs4muO4OWWdCvKPjXL:ZNtKU+Yo72Ht0Khv7m2lxrGdWWdCvSb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AppInstallerFullTrustAppServiceClient.exe

Files

AppInstallerFullTrustAppServiceClient.exe
.exe windows x64

e1bf7d541bb32557de7deece8ceb2987

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
CreateEventW
EnterCriticalSection
ReleaseMutex
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
SetEvent
CreateEventExW
ReleaseSemaphore
ResetEvent
CreateSemaphoreExW
LeaveCriticalSection

api-ms-win-security-base-l1-1-0

CheckTokenMembership

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

user32

DefWindowProcW
PostQuitMessage
KillTimer
RegisterClassExW
DispatchMessageW
TranslateMessage
CreateWindowExW
GetMessageW
SetTimer

shell32

ShellExecuteW

msvcp140

?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
_Cnd_do_broadcast_at_thread_exit
_Xtime_get_ticks
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__current_exception_context
memset
__C_specific_handler
_purecall
__std_exception_copy
__std_terminate
memmove
__current_exception
memcpy
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
abort
_get_wide_winmain_command_line
_invalid_parameter_noinfo
_exit
_errno
_invalid_parameter_noinfo_noreturn
_initterm_e
_configure_wide_argv
exit
terminate
_set_app_type
_c_exit
_initialize_wide_environment
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_beginthreadex
_initterm

api-ms-win-crt-string-l1-1-0

iswspace

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-convert-l1-1-0

wcstol
wcstoull

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vswprintf
fclose
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__stdio_common_vsnprintf_s
fgetc
fgetwc
ungetwc
ungetc
fputwc

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
asctime_s

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

oleaut32

SysStringLen
SysAllocString
SetErrorInfo
GetErrorInfo
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1bf7d541bb32557de7deece8ceb2987

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

user32

shell32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-1

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 27KB - Virtual size: 33KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 73KB - Virtual size: 72KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 27KB - Virtual size: 33KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 73KB - Virtual size: 72KB

.reloc
Size: 1KB - Virtual size: 1KB