uninstgs[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

uninstgs.exe
Size

100KB
MD5

e1c0ec79c3ec947e97299b338273517f
SHA1

89cf084b79679c12cc83a81b0df1547f4e61a57f
SHA256

3774e93d0a26f1af173ef06bef9d68e191ab40ee58e529b6b0838109465be1b8
SHA512

66e2a3f05397b34da9499f597336041c2e2a706a40d1dc63a5996ca8526dbfc1cea6dfa2e488a6a969d591aaf54902ee263e9df1491bb7a10d5fa5f443d370e1
SSDEEP

768:ATB3CAPn0CXRmms+XjQ+RQKy3aig+f2azZSiQ8QBlprit3UzQxBs9OFr:ilCI0CXcVqs3aig+OaZTQnot3UEaOFr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
uninstgs.exe

Files

uninstgs.exe
.exe windows x86

fd5007ad3b85cada326fa3183e9a1c9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetDlgItemTextA
PostMessageA
IsDialogMessageA
PeekMessageA
CreateDialogParamA
SetWindowPos
GetMessageA
GetDlgItem
EnableWindow
MessageBoxA
SetFocus
DestroyWindow
SetWindowTextA
TranslateMessage
DispatchMessageA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

kernel32

GetConsoleOutputCP
WriteConsoleA
CreateFileA
WriteConsoleW
GetLocaleInfoA
HeapSize
SetEndOfFile
TlsFree
GetStringTypeW
GetStringTypeA
SetCurrentDirectoryA
RemoveDirectoryA
DeleteFileA
MultiByteToWideChar
Sleep
GetCommandLineA
GetVersion
GetLastError
HeapFree
HeapAlloc
CreateDirectoryA
SetEnvironmentVariableA
GetCurrentDirectoryA
GetVersionExA
GetProcessHeap
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
ReadFile
InitializeCriticalSection
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryA
LCMapStringA
LCMapStringW

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd5007ad3b85cada326fa3183e9a1c9c

Headers

File Characteristics

Imports

user32

advapi32

ole32

kernel32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 28KB - Virtual size: 26KB