UnInstall[.]exe

General

Target

UnInstall.exe
Size

68KB
MD5

ae9097a1fad149a288c874acfa78f8e6
SHA1

91b15b13a11b463528d55be00941eec8b4ff12d7
SHA256

895e9d60fe25271a5daaa2eaab4f50862afe043407980c5808170f5cc8f5bebd
SHA512

f34f9beaa971d02b21db9f805263bad33ddb88afb1f7aeb5a8b28c6da24a55a4cdfbff44989adc8d65d5297fc041189c28c5f4b751b49ddcf15a860b27ed4e44
SSDEEP

768:+iLTNUNzwGJt3DdU5hNUk/wB7I+APQsv7mJvJWHKyhDD+up6ovGn5PVCFvx:t0zJxy5LwRiBv7oh2nUovGnH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UnInstall.exe

Files

UnInstall.exe
.exe windows x86

c082448c014e4f530dd8da7998aabb87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetEnvironmentVariableA
GetTempPathA
ExitProcess
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
CloseHandle
CreateFileA
CreateProcessA
GetVersionExA
LCMapStringA
GetModuleFileNameA
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStrings
Sleep
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetLastError
WriteFile
HeapFree
TerminateProcess
GetCurrentProcess
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
VirtualFree
RtlUnwind
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualAlloc
FlushFileBuffers
HeapAlloc
SetStdHandle
HeapReAlloc
ReadFile

user32

DdeClientTransaction
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
DdeFreeDataHandle
DdeDisconnect
LoadStringA
MessageBoxA

advapi32

RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c082448c014e4f530dd8da7998aabb87

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 1KB