ie4uinit[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ie4uinit.exe
Size

243KB
MD5

fd18db33135915944a12d69d83803e5f
SHA1

be79a75a012b2b329c25de572e63b3266220fb75
SHA256

e6bc0c532cb068a7d3d33490c2bc560b879b652b280f837f4b93564e3ba5d75f
SHA512

cc6981069a2b78c797fa562adf23a68ef6f53d4d9ee929f60c6371633af3d3450c0c0bef9ffb013449702b60099440d6a5106eb96f3d5ae3626a025d95442a50
SSDEEP

6144:j5fmjwG+5q/k3NZdgeWL6vO9f6jVqVWlG05hbr:dfYwG+5q+NELXyjVqVhI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ie4uinit.exe

Files

ie4uinit.exe
.exe windows x64

17c79af810acc3edb4ee2c177001374c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegEnumValueW
ConvertSidToStringSidW
EventUnregister
RegOpenKeyExW
FreeSid
RegSetValueExW
EventSetInformation
RegCreateKeyExW
EventRegister
RegCloseKey
RegSetValueW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
CryptDeriveKey
CryptGetKeyParam
CryptEncrypt
CryptDestroyKey
CryptVerifySignatureW
CryptSetHashParam
CryptGenRandom
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
EventWriteEx
RegGetValueW
EventWriteTransfer
GetSecurityDescriptorSacl
GetAce
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
ConvertStringSidToSidW
IsValidSid
OpenProcessToken
GetKernelObjectSecurity
AddAccessAllowedAceEx
GetLengthSid
CryptSetKeyParam
OpenThreadToken
GetTokenInformation
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

GetCurrentThread
OpenFileMappingW
LockResource
DeleteFileW
CloseHandle
LoadResource
FindResourceW
GetExitCodeProcess
GetTempFileNameW
DuplicateHandle
GetTempPathW
CompareStringOrdinal
ExpandEnvironmentStringsW
GetStdHandle
GetLocalTime
CreateThread
SetEvent
FormatMessageW
CreateEventW
WaitForSingleObject
SetFilePointer
lstrcmpW
GetTickCount
CreateProcessW
DelayLoadFailureHook
ResolveDelayLoadedAPI
CreateFile2
RemoveDirectoryW
QueueUserWorkItem
QueryPerformanceFrequency
SetFileAttributesW
SetCurrentDirectoryW
FlushViewOfFile
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
SetEndOfFile
LCMapStringW
GetFullPathNameW
OpenMutexW
GetFileSizeEx
SetFileTime
UnmapViewOfFile
MultiByteToWideChar
CreateMutexW
LocaleNameToLCID
DeleteCriticalSection
AcquireSRWLockShared
LoadLibraryW
CreateThreadpoolTimer
GetSystemInfo
ReleaseSRWLockShared
SetThreadpoolTimer
CloseThreadpoolTimer
GetSystemDefaultLocaleName
GetUserPreferredUILanguages
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
GetProductInfo
GetUserDefaultLocaleName
EnterCriticalSection
VirtualAlloc
GetFileAttributesW
IsDebuggerPresent
DebugBreak
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetVersionExW
CreateFileW
FindClose
GetShortPathNameW
WriteFile
GetCurrentProcess
FindNextFileW
SetPriorityClass
FindFirstFileExW
FindFirstFileW
SizeofResource
ReadFile
LoadLibraryExW
VerifyVersionInfoW
FreeLibrary
GetModuleHandleW
GetProcessHeap
VerSetConditionMask
LocalFree
GetProcAddress
HeapAlloc
HeapSetInformation
RaiseException
GetLastError
Sleep
GetSystemDirectoryW
GetEnvironmentVariableW
SetErrorMode
GetModuleFileNameW
HeapFree
GetVersionExA
GetCurrentDirectoryW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RaiseFailFastException
InitOnceExecuteOnce
IsWow64Process
GetNativeSystemInfo
WideCharToMultiByte
GetModuleFileNameA
CreateSemaphoreExW
SetLastError
ReleaseSemaphore
GetModuleHandleExW
LocalAlloc
ReleaseMutex

user32

CharNextW
GetMessageW
PostThreadMessageW
PostMessageW
LoadStringW
GetShellWindow
SendMessageTimeoutW

msvcrt

isalnum
strnlen
wcsnlen
wcsncpy_s
_vsnwprintf_s
memmove_s
rand_s
wcscat_s
wcscpy_s
wcsncmp
wcschr
_wtoi
_wcsicmp
sprintf_s
_wcsnicmp
wcsrchr
swscanf_s
_wfopen_s
fclose
fgetws
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
iswalpha
_time64
memcpy_s
_vsnwprintf
_CxxThrowException
exit
_exit
memcmp
_ultow_s
_cexit
__setusermatherr
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
memset

shell32

ord526
CommandLineToArgvW
SHGetKnownFolderPath
SHChangeNotify
SHCreateItemFromParsingName
ord155
ord165
SHGetSpecialFolderLocation
SHSetLocalizedName
ord190
SHGetDesktopFolder
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtQueryLicenseValue
RtlCaptureContext

ieadvpack

ExecuteCabW

shlwapi

StrTrimW
StrCmpIW
SHRegSetUSValueW
StrCmpNIW
SHCopyKeyW
UrlApplySchemeW
ord388
PathFileExistsW
PathIsURLW
StrCmpNIA
SHDeleteKeyW
ord158
PathRemoveBlanksW
PathFindFileNameW
PathRemoveExtensionW
SHGetValueW
SHSetValueW
SHDeleteValueW
SHRegGetUSValueW
SHRegDeleteUSValueW
StrStrW
ord2
ord487
StrCmpNA
StrCmpNW
UrlEscapeW
UrlUnescapeW
StrCmpW
ord433
ord219
StrStrIW
UrlCanonicalizeW
UrlCreateFromPathW
PathIsNetworkPathW
SHStrDupW

iertutil

ord134
ord690
ord38
ord50
ord791
ord85
ord79
ord91
ord74
ord81
ord90
ord76
ord682
ord796
ord701
ord37
ord99
ord149
ord57
ord820
ord656
ord675
ord793
ord651
ord655
ord657
ord650
ord678
ord653
ord660
ord677
ord672
ord662
ord652
ord654
ord33
ord78
ord597
ord398
ord594
ord281
ord282
ord139
ord665

oleaut32

VarBstrCmp
VariantCopy
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysStringLen
VariantInit
VariantClear
SysFreeString
VarBstrCat
SysAllocString

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
PropVariantClear
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoCreateGuid
StringFromGUID2

iedkcs32

BrandIEActiveSetup

crypt32

CertFreeCertificateChain
CryptStringToBinaryA
CryptBinaryToStringA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CryptStringToBinaryW
CertGetNameStringW
CertOpenStore
CertCreateCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CryptImportPublicKeyInfo
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CryptHashCertificate
CertEnumCertificatesInStore
CertGetCertificateContextProperty

urlmon

CreateUri
CreateIUriBuilder
ord410

wininet

InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetCanonicalizeUrlW
HttpSendRequestW

netapi32

NetGetJoinInformation
NetApiBufferFree

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

mlang

ord123

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17c79af810acc3edb4ee2c177001374c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ntdll

ieadvpack

shlwapi

iertutil

oleaut32

ole32

iedkcs32

crypt32

urlmon

wininet

netapi32

version

mlang

Sections

.text Size: 165KB - Virtual size: 164KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 165KB - Virtual size: 164KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB