MDMAppInstaller[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MDMAppInstaller.exe
Size

145KB
MD5

e9d29fcbd87a6ce88529189046fa0604
SHA1

14265ca038f5610c8c969e214dfb9ae6252af829
SHA256

dc8085816dd0fcd8fb2ab8da264ed65cf264387edebfbb7221e80aa68f4785ee
SHA512

627ee6a9ff8490e56329edc81bd0d95179fca5941e0570a7df8306e79adb2816eb1d9c65ffcc99da065eb2948aec69f0081656d8ed5e8d9d5448ce533f5148eb
SSDEEP

3072:qV1LVnIRSJPPC4fbWc9V9pNhxe7VqqgNro:qV1l9JPq4f/bIqqgl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MDMAppInstaller.exe

Files

MDMAppInstaller.exe
.exe windows x64

33078c956ce9bf4e8da431af7cfefdca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventWriteTransfer
EventRegister
EventUnregister
RevertToSelf
CreateProcessAsUserW
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyExW
GetTokenInformation
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
ImpersonateLoggedOnUser
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
EventSetInformation
TraceMessage

kernel32

GetCurrentThread
ReadFile
CreateFileW
DeleteFileW
GetExitCodeProcess
CreateProcessW
GetTempFileNameW
GetSystemDirectoryW
AcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LocalFree
InitOnceComplete
InitOnceBeginInitialize
ResolveDelayLoadedAPI
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WakeAllConditionVariable
SleepConditionVariableSRW
CreateThread
CreateMutexW
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
Sleep
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
DelayLoadFailureHook
GetTickCount
ReleaseMutex
ReleaseSemaphore
CloseHandle
SetLastError
OutputDebugStringW
IsDebuggerPresent
GetProcAddress
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentThreadId
FormatMessageW
GetModuleHandleW
GetLastError
ReleaseSRWLockExclusive

msvcp110_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

_CxxThrowException
memcpy
_wcsicmp
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
memset
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
_purecall
__CxxFrameHandler3
??3@YAXPEAX@Z
toupper
memmove
_commode
_wcsnicmp
swprintf_s
wcscat_s
??_V@YAXPEAX@Z
free

dmenrollengine

ord7
GetEnrollmentSID
ord10
GetEnrollmentType
GetEnrollmentAadResourceUrl

crypt32

CertCloseStore
CertFreeCertificateContext

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSFreeMemoryExW
WTSQueryUserToken
WTSEnumerateSessionsExW

msi

ord6
ord177
ord70

omadmapi

ord40
ord38
ord34
ord39

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33078c956ce9bf4e8da431af7cfefdca

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcp110_win

msvcrt

dmenrollengine

crypt32

ntdll

rpcrt4

shell32

ole32

oleaut32

userenv

wtsapi32

msi

omadmapi

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 48B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 184B

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 184B