a9b9e293f4a4699a06f17b14e6faba7d6143dab32dde9051db2f4f257ca14d61

Sharing

Copy URL Twitter E-mail

General

Target

a9b9e293f4a4699a06f17b14e6faba7d6143dab32dde9051db2f4f257ca14d61
Size

4.9MB
MD5

ec57e1e6c21d7c32e995936c4b5f418f
SHA1

c5ce0a1722292b7b1eb0e7214efb933e5689c342
SHA256

a9b9e293f4a4699a06f17b14e6faba7d6143dab32dde9051db2f4f257ca14d61
SHA512

f5e334942a74f9ea75d18cfd9581c892da0856e930b95a442bb6b7efc7f902771827a6525f72a4c50e89d57be7e7be00693f20bda918316fea22a2c7527b90f2
SSDEEP

98304:0GVu8EE1cgfAuMzF/LmFmbm+gUAnExo1i+:TVu8v9pM5KFmbdg1nEa1N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9b9e293f4a4699a06f17b14e6faba7d6143dab32dde9051db2f4f257ca14d61

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

a9b9e293f4a4699a06f17b14e6faba7d6143dab32dde9051db2f4f257ca14d61
.exe windows x86

19d77037036d5705067acec9b62c5ee5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathFindExtensionA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetConnectedState
HttpQueryInfoA
InternetOpenUrlA
InternetReadFile
DeleteUrlCacheEntry
InternetCheckConnectionA
InternetOpenA
InternetCloseHandle

kernel32

GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetModuleFileNameW
GetTickCount
GetFileAttributesA
GetFileSizeEx
GetFileTime
GlobalFlags
GetCPInfo
GetOEMCP
SetEndOfFile
SetErrorMode
VirtualProtect
VirtualAlloc
VirtualQuery
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwind
ExitProcess
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GetThreadLocale
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
SetLastError
CreateThread
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
CreateMutexA
LoadLibraryExA
GetModuleFileNameA
lstrcmpiA
RaiseException
lstrlenW
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
DeleteFileA
DeleteCriticalSection
GetPrivateProfileStringA
EnterCriticalSection
GetLastError
ReadFile
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteFile
lstrlenA
CreateFileA
LoadLibraryW
lstrcpyA
GetTempPathA
CreateToolhelp32Snapshot
GetModuleHandleA
GetSystemInfo
Process32Next
lstrcatA
GetSystemDirectoryA
GetWindowsDirectoryA
GetProcessHeap
GetModuleHandleW
Process32First
HeapFree
HeapAlloc
lstrcmpA
LocalFree
LockResource
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
FormatMessageA
LoadResource
FindResourceA
GetCurrentProcessId
CloseHandle
GetVersionExA
LoadLibraryA
GetProcAddress
OpenProcess
GetCurrentThread
GetCurrentProcess
SetUnhandledExceptionFilter
FreeLibrary
WritePrivateProfileStringA

user32

PostThreadMessageA
UnregisterClassA
LoadCursorA
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterClipboardFormatA
CreateDialogIndirectParamA
EndDialog
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
CharUpperA
SetWindowContextHelpId
MapDialogRect
MessageBeep
GetNextDlgTabItem
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
SetRect
IsRectEmpty
CopyAcceleratorTableA
SetCursor
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
SetMenu
IsWindowVisible
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMenu
IsIconic
LoadIconA
DrawIcon
GetClientRect
SendMessageA
SetWindowPos
AppendMenuA
GetKeyState
GetAsyncKeyState
MessageBoxA
CharNextW
CharNextA
RegisterWindowMessageA
EnableWindow
wsprintfA
GetSystemMetrics
GetWindowTextA
PostMessageA
SetForegroundWindow

gdi32

GetMapMode
RestoreDC
SaveDC
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetStockObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetDeviceCaps
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
ExtSelectClipRgn

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

SetSecurityDescriptorSacl
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
GetUserNameW
RegSetValueExA
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteExA

comctl32

InitCommonControlsEx

oledlg

ord8

ole32

CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
OleFlushClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantChangeType
LoadRegTypeLi
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
SysStringByteLen
SysAllocStringLen
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear

urlmon

URLDownloadToFileA

wtsapi32

WTSQuerySessionInformationA

netapi32

NetApiBufferFree
NetUserGetInfo

wintrust

WinVerifyTrust

Sections

.text
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19d77037036d5705067acec9b62c5ee5

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

urlmon

wtsapi32

netapi32

wintrust

Sections

.text Size: 298KB - Virtual size: 298KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 110KB - Virtual size: 125KB

.rsrc Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 298KB - Virtual size: 298KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 110KB - Virtual size: 125KB

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 53KB - Virtual size: 53KB