uninstall[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

uninstall.exe
Size

34.5MB
MD5

d127b42bad65abe7555c8b62ad632b49
SHA1

96cc4d066d3557e38d9637c89cd48f5abc5e3bc4
SHA256

eb7b07496ad446b857bb8d60e306488baa84aa449dbbb4df9c00f10c6635afb3
SHA512

23fdd351575c2473dfed0cc9ff8f36180184ad84ad7c1ed2253b1d7c1e33876c45ed53b11a5de61d275afd2ba6d934bbbb5056f5fe3674fb618e8b2f18c39e7d
SSDEEP

196608:hs5S57TqdI3HR+UKo8GGnI4VaU2qCj2Up6n4X8Lcx7/2TmmpbQC8QEEBsIQ0vIrW:W5M7u

Score

1^/10

Malware Config

Signatures

Files

uninstall.exe
.exe windows x86

b6c4f1ce9200d30364805dde50ae6afc

Code Sign

39:5b:aa:df:c5:3a:54:81:4e:51:7e:be:16:0a:f4:a3
Certificate

Issuer

CN=EnsuingHint,O=Open Source Developer,ST=Bavaria,C=DE

Not Before

31-10-2022 21:00

Not After

01-11-2023 21:00

Subject

CN=EnsuingHint,O=Open Source Developer,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

39:5b:aa:df:c5:3a:54:81:4e:51:7e:be:16:0a:f4:a3
Certificate

Issuer

CN=EnsuingHint,O=Open Source Developer,ST=Bavaria,C=DE

Not Before

31-10-2022 21:00

Not After

01-11-2023 21:00

Subject

CN=EnsuingHint,O=Open Source Developer,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

3c:b0:1c:f9:bb:c2:50:44:40:af:51:95:ad:15:63:82:f8:f0:95:2a:16:b3:09:58:2d:af:30:d7:f2:a2:9e:51
Signer

Actual PE Digest

3c:b0:1c:f9:bb:c2:50:44:40:af:51:95:ad:15:63:82:f8:f0:95:2a:16:b3:09:58:2d:af:30:d7:f2:a2:9e:51

Digest Algorithm

sha256

PE Digest Matches

true

47:17:e9:b3:51:9d:4b:1b:26:48:98:ab:8f:18:b0:72:9a:2c:be:ca
Signer

Actual PE Digest

47:17:e9:b3:51:9d:4b:1b:26:48:98:ab:8f:18:b0:72:9a:2c:be:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
GetProcessHeap
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
DecodePointer
FindFirstFileExA
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
GetStringTypeW
GetFileType
HeapAlloc
HeapFree
GetCurrentThread
GetACP
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
SetFileAttributesW
GetFileAttributesExW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WriteConsoleW
CreateThread
GetCurrentDirectoryW
lstrlenW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetTickCount
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
GetCurrentProcess
GetComputerNameW
GetCurrentThreadId
GetModuleHandleW
Sleep
SetInformationJobObject
GetFileInformationByHandleEx
DeleteVolumeMountPointW
CloseHandle
SetFileValidData
GetErrorMode
CreateWaitableTimerExA
GetCurrentProcessId
ReadConsoleOutputCharacterA
CreateToolhelp32Snapshot
WriteProcessMemory
QueryDepthSList
GetConsoleCursorInfo
CreateTimerQueue
MoveFileExW
CreateProcessW
CopyFileW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetModuleFileNameW
lstrcmpiW
WaitForThreadpoolWorkCallbacks
OpenWaitableTimerW
FlushInstructionCache
CreateSymbolicLinkA
WaitForMultipleObjects
OpenThread
FindNextStreamW
CreateHardLinkW
SetWaitableTimer
LCMapStringW
FindNextFileNameW
CheckNameLegalDOS8Dot3W
SetThreadUILanguage
GlobalGetAtomNameW
MultiByteToWideChar
FindNextChangeNotification
BackupRead
SetThreadStackGuarantee
GetVolumeNameForVolumeMountPointA
DisconnectNamedPipe
AddRefActCtx
WideCharToMultiByte
FindFirstFileExW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileW

user32

CharToOemBuffA
EnumThreadWindows
OpenDesktopW
DefDlgProcA
GetClassInfoA
RealGetWindowClassW
DestroyAcceleratorTable
GetForegroundWindow
SetMessageExtraInfo
DisableProcessWindowsGhosting
GetKeyboardLayout
SetUserObjectInformationA
EnableWindow
GetKeyboardLayoutNameA
SwitchDesktop
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
EndPaint
GetRawInputDeviceInfoW
ToUnicodeEx
LoadIconW
LoadCursorW
RegisterClassExW
BroadcastSystemMessageA
EnumDesktopsA
MessageBoxW
WindowFromPhysicalPoint
GetWindowRect
GetDesktopWindow
EndDialog
OemToCharBuffW
EnumPropsExA
ChangeWindowMessageFilter
GetSysColorBrush
GetDlgItem
PostQuitMessage
BeginPaint
DefWindowProcW
SetWindowTextW
SendMessageW
DestroyWindow
DialogBoxParamW
MonitorFromWindow
EnumDisplaySettingsW
ChangeDisplaySettingsExW
UpdateWindow
ShowWindow
GetClientRect
CreateWindowExW

gdi32

RemoveFontResourceW
SetViewportOrgEx
GetTextCharacterExtra
CreateDIBitmap
SetTextColor
SetBkMode
GetStockObject
CreateBrushIndirect
SetBitmapDimensionEx
GetOutlineTextMetricsW
CreateBitmapIndirect
ScaleWindowExtEx
GetDeviceGammaRamp
ColorMatchToTarget
RectVisible
GetDIBits
AnimatePalette
Polyline
GetCharABCWidthsI
PatBlt
EnumICMProfilesA
LineTo
CreateScalableFontResourceW
UnrealizeObject
GetTextFaceW
CreatePatternBrush

advapi32

RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegDeleteKeyValueA
GetTrusteeTypeW
AccessCheckByTypeResultList
RegDeleteKeyExW
GetSidSubAuthority
AbortSystemShutdownW
WriteEncryptedFileRaw
RegCreateKeyTransactedA
GetCurrentHwProfileW
RegSaveKeyExW
MapGenericMask
CredUnmarshalCredentialW
RegQueryReflectionKey
LookupAccountSidW
CredEnumerateW
RegOpenKeyExA
LogonUserExW
BuildTrusteeWithObjectsAndNameW
RegNotifyChangeKeyValue
LogonUserExA
BuildTrusteeWithNameA
RegLoadKeyA
IsValidSid
AllocateLocallyUniqueId
RegEnumKeyExW
InitiateSystemShutdownA
AddAuditAccessObjectAce

shell32

SHAddToRecentDocs
SHGetFileInfoA
ord167
SHGetSpecialFolderPathW
SHGetKnownFolderIDList
ord147
SHCreateItemFromParsingName
SHGetDataFromIDListA
ord524
ShellAboutA
SHEmptyRecycleBinA
ord47
SHSetTemporaryPropertyForItem
ord88
ord41
ord231
SHCreateShellItem
ord155
ord80
ord16
SHInvokePrinterCommandA
ord89
DragQueryFileW
SHGetLocalizedName

shlwapi

StrChrA
ord553
PathSearchAndQualifyW
StrIsIntlEqualA
PathMakeSystemFolderW
PathUndecorateW
StrRStrIW
PathIsDirectoryEmptyW
PathIsDirectoryW
PathFileExistsW
PathBuildRootW
PathFileExistsA
ord345
StrRetToBufA
PathIsContentTypeW
SHDeleteKeyA
StrStrNIW
PathIsLFNFileSpecW
SHGetInverseCMAP
StrToInt64ExW
PathIsNetworkPathW
SHRegDeleteEmptyUSKeyA
UrlIsNoHistoryW
PathIsUNCServerA
SHRegWriteUSValueW
PathRemoveExtensionW
PathMakePrettyA
StrCSpnIW
HashData

wininet

FindCloseUrlCache
HttpQueryInfoA
InternetSetPerSiteCookieDecisionW
FindNextUrlCacheEntryW
InternetCheckConnectionA
InternetTimeFromSystemTimeW
FtpCommandW
InternetCloseHandle
InternetTimeToSystemTimeA
FtpCreateDirectoryA
InternetDialW
InternetUnlockRequestFile
FtpDeleteFileW
InternetEnumPerSiteCookieDecisionA
RetrieveUrlCacheEntryStreamW
FtpFindFirstFileW
InternetGetPerSiteCookieDecisionW
FtpGetCurrentDirectoryW
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetSetOptionExA
GetUrlCacheGroupAttributeW
DetectAutoProxyUrl
InternetSetOptionA
GetUrlCacheEntryInfoA
CreateMD5SSOHash
InternetQueryOptionW
SetUrlCacheEntryGroupA

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34.3MB - Virtual size: 34.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6c4f1ce9200d30364805dde50ae6afc

Code Sign

39:5b:aa:df:c5:3a:54:81:4e:51:7e:be:16:0a:f4:a3Certificate

Extended Key Usages

39:5b:aa:df:c5:3a:54:81:4e:51:7e:be:16:0a:f4:a3Certificate

Extended Key Usages

3c:b0:1c:f9:bb:c2:50:44:40:af:51:95:ad:15:63:82:f8:f0:95:2a:16:b3:09:58:2d:af:30:d7:f2:a2:9e:51Signer

47:17:e9:b3:51:9d:4b:1b:26:48:98:ab:8f:18:b0:72:9a:2c:be:caSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

wininet

Sections

.text Size: 228KB - Virtual size: 228KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 34.3MB - Virtual size: 34.3MB

.reloc Size: 11KB - Virtual size: 11KB

39:5b:aa:df:c5:3a:54:81:4e:51:7e:be:16:0a:f4:a3
Certificate

39:5b:aa:df:c5:3a:54:81:4e:51:7e:be:16:0a:f4:a3
Certificate

3c:b0:1c:f9:bb:c2:50:44:40:af:51:95:ad:15:63:82:f8:f0:95:2a:16:b3:09:58:2d:af:30:d7:f2:a2:9e:51
Signer

47:17:e9:b3:51:9d:4b:1b:26:48:98:ab:8f:18:b0:72:9a:2c:be:ca
Signer

.text
Size: 228KB - Virtual size: 228KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 34.3MB - Virtual size: 34.3MB

.reloc
Size: 11KB - Virtual size: 11KB