xv2ins[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

xv2ins.exe
Size

15.7MB
MD5

363bc0c5e86f34abeb46189a8b55a5b0
SHA1

0137d76e2a35245d9ccdb920faeb19e52a261bb7
SHA256

37af197b362e142e7e1f5ebe84dc1af55119fddabcdfe27197101a70766a2b23
SHA512

fb0ac56a71c909294a865105f4aa2ae5f694d8afa227ebac16476a3a159d95f54435f44e1bad72412833216381a2e4c1e19bead7f6162b0e4773f7536eefac82
SSDEEP

393216:amtgJronhqWb7+32Fe0NCEeVOb9LyamTKKX+85LzNFBNHsL9VBj7Fv7LczZVTITY:a8guI4G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xv2ins.exe

Files

xv2ins.exe
.exe windows:6 windows x64

b4e4e220a8578ee86e16fe0c25dfda46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

gdi32

RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
CombineRgn
CreateBitmap
GetDIBits
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW

ole32

CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoTaskMemAlloc
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleIsCurrentClipboard
StringFromGUID2
CoCreateInstance
CoUninitialize

user32

GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
RegisterClassW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
NotifyWinEvent
SetMenuItemInfoW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
SetCaretPos
HideCaret
DestroyCaret
CreateCaret
RegisterWindowMessageW
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
GetWindowTextW
SetClipboardViewer
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
DestroyCursor
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetDC
ReleaseDC
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetWindowLongW
ScreenToClient
GetSysColor
SystemParametersInfoW
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
EnumWindows
RealGetWindowClassW
GetUserObjectSecurity
MessageBoxA
ChangeClipboardChain
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
PostMessageW
SendMessageW
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
GetDoubleClickTime
SetWindowRgn
DestroyWindow
DefWindowProcW

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetVirtualKey

winmm

PlaySoundW

oleaut32

VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SystemTimeToVariantTime
VariantChangeType
SysStringLen

shell32

SHGetFileInfoW
ShellExecuteW
CommandLineToArgvW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationA
SHGetSpecialFolderPathW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW

kernel32

HeapReAlloc
GetCommandLineA
GetFullPathNameA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
HeapAlloc
HeapFree
AreFileApisANSI
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
VirtualFree
VirtualAlloc
CreateMutexW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
GetEnvironmentStringsW
GetGeoInfoW
GetTimeZoneInformation
GetModuleHandleExW
FreeLibrary
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
GetModuleFileNameW
IsDebuggerPresent
SetEndOfFile
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileW
CopyFileW
DeviceIoControl
SetErrorMode
GetTempPathW
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
FindFirstFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
WaitForMultipleObjects
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
Sleep
DuplicateHandle
LoadLibraryW
GetSystemDirectoryW
LCMapStringW
GetLocalTime
GetSystemTime
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryExW
ExitThread
SetFileAttributesW
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapSize
GetStartupInfoW
SetLastError
OutputDebugStringW
GetCommandLineW
GetUserDefaultLCID
CompareStringW
WaitForSingleObjectEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetConsoleWindow
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FreeEnvironmentStringsW
FileTimeToLocalFileTime
PeekNamedPipe
GetModuleFileNameA
SetEnvironmentVariableA
GetUserGeoID
WriteConsoleW
EnumSystemLocalesW
GetStringTypeW
WaitForSingleObject
CloseHandle
GetLastError
CreateMutexA
FindClose
FindFirstFileExA
FindNextFileA
GetExitCodeProcess
CreateProcessA
GetProcAddress
GetTempPathA
GetTempFileNameA
SetEvent
ReleaseMutex
CreateEventW
CreateThread
ResumeThread
GetLogicalProcessorInformation
MultiByteToWideChar
CreateFileW
DeleteFileW
MoveFileExW
GetFileSizeEx
GetFileTime
GetFileType
ReadFile
SetFilePointerEx
WriteFile
GetTickCount
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
lstrcmpW
GetCurrentThreadId
GetModuleHandleW
LocalFree
FormatMessageW
IsValidLanguageGroup
IsValidLocale
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetCurrentProcessId

ws2_32

WSAAsyncSelect

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4e4e220a8578ee86e16fe0c25dfda46

Headers

DLL Characteristics

File Characteristics

Imports

version

gdi32

ole32

user32

imm32

winmm

oleaut32

shell32

advapi32

kernel32

ws2_32

Sections

.text Size: 9.6MB - Virtual size: 9.6MB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 94KB - Virtual size: 157KB

.pdata Size: 534KB - Virtual size: 534KB

.qtmetad Size: 2KB - Virtual size: 2KB

_RDATA Size: 1024B - Virtual size: 528B

.rsrc Size: 232KB - Virtual size: 232KB

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 9.6MB - Virtual size: 9.6MB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 94KB - Virtual size: 157KB

.pdata
Size: 534KB - Virtual size: 534KB

.qtmetad
Size: 2KB - Virtual size: 2KB

_RDATA
Size: 1024B - Virtual size: 528B

.rsrc
Size: 232KB - Virtual size: 232KB

.reloc
Size: 56KB - Virtual size: 56KB