CLRJitAttachState
DotNetRuntimeInfo
MetaDataGetDispenser
g_CLREngineMetrics
g_dacTable
Static task
static1
1 signatures
General
-
Target
CreamInstaller.zip
-
Size
136.0MB
-
MD5
58ae86a7ca0b90f06c032f3d66cd5d8f
-
SHA1
e56386a6f934d6ccdbc8789106184ad028dd149a
-
SHA256
10a6dfa44687659e43df4578b673044d86cd21d1b49ca0e1dbb1c6e3992c3880
-
SHA512
5de5d97dc7531c10612aea0e191638190e65dfa9d4326cbc758d0853f8ab315b5f6b8bb116c8a10b604582f445b1ef140503076a35d81435ab90c8a969a48fd0
-
SSDEEP
3145728:jEFIO7k+dph77VwG+3kmZQqbM2ow5VtNGpWZ/9xb8Jz+ny+Un6k3:jEFImh3h7mvkGbM2lHNGpYwz+nnUn6o
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/CreamInstaller.exe
Files
-
CreamInstaller.zip.zip
-
CreamInstaller.exe.exe windows:6 windows x64
72ec1aa3b632a47720c2848d6b6a1eac
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
RaiseException
FreeLibrary
RaiseFailFastException
GetExitCodeProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
MultiByteToWideChar
GetTickCount
GetCurrentProcessId
FlushInstructionCache
QueryPerformanceFrequency
QueryPerformanceCounter
RtlLookupFunctionEntry
LocateXStateFeature
RtlDeleteFunctionTable
InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead
GetTickCount64
DuplicateHandle
QueueUserAPC
WaitForSingleObjectEx
SetThreadPriority
GetThreadPriority
ResumeThread
GetCurrentThreadId
TlsAlloc
GetCurrentThread
CreateThread
GetModuleHandleW
WaitForMultipleObjectsEx
SignalObjectAndWait
RtlCaptureContext
SetThreadStackGuarantee
VirtualQuery
WriteFile
GetStdHandle
GetConsoleOutputCP
MapViewOfFileEx
UnmapViewOfFile
GetStringTypeExW
SetEvent
GetCurrentProcessorNumber
GlobalMemoryStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
InterlockedPopEntrySList
GetCurrentProcessorNumberEx
ExitProcess
Sleep
CreateMemoryResourceNotification
GetProcessAffinityMask
SetThreadIdealProcessorEx
GetThreadIdealProcessorEx
GetLargePageMinimum
VirtualUnlock
GetLogicalProcessorInformation
SetThreadGroupAffinity
SetThreadAffinityMask
IsProcessInJob
QueryInformationJobObject
K32GetProcessMemoryInfo
VirtualAlloc
VirtualFree
VirtualProtect
SleepEx
SwitchToThread
InitializeContext
SetXStateFeaturesMask
RtlRestoreContext
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
ReadFile
GetFileSize
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateEventW
ResetEvent
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
GetThreadContext
SuspendThread
SetThreadContext
GetEnabledXStateFeatures
CopyContext
WerRegisterRuntimeExceptionModule
RtlInstallFunctionTableCallback
GetSystemDefaultLCID
GetUserDefaultLCID
RtlUnwind
LoadLibraryExW
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
GetACP
LCMapStringEx
LocalFree
VerSetConditionMask
VerifyVersionInfoW
QueryThreadCycleTime
VirtualAllocExNuma
GetNumaProcessorNodeEx
GetNumaHighestNodeNumber
GetLogicalProcessorInformationEx
GetThreadGroupAffinity
GetSystemTimes
GetProcessGroupAffinity
CreateFileMappingW
GetSystemTimeAsFileTime
GetModuleFileNameW
CreateProcessW
GetCPInfo
CreateFileW
GetFileAttributesExW
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameW
LoadLibraryExA
OutputDebugStringA
OpenEventW
ExitThread
HeapReAlloc
CreateNamedPipeA
WaitForMultipleObjects
DisconnectNamedPipe
CreateFileA
CancelIoEx
GetOverlappedResult
ConnectNamedPipe
FlushFileBuffers
SetFilePointer
MapViewOfFile
GetActiveProcessorGroupCount
GetSystemTime
SetConsoleCtrlHandler
GetLocaleInfoEx
GetUserDefaultLocaleName
RtlAddFunctionTable
LoadLibraryW
CreateDirectoryW
RemoveDirectoryW
GetFileSizeEx
FindFirstFileExW
FindNextFileW
FindClose
LoadLibraryA
IsWow64Process
EncodePointer
GetEnvironmentVariableA
DecodePointer
InitializeCriticalSectionAndSpinCount
CloseHandle
TlsSetValue
TlsGetValue
GetSystemInfo
GetCurrentProcess
OutputDebugStringW
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetProcAddress
GetModuleHandleExW
SetErrorMode
FlushProcessWriteBuffers
SetLastError
GetLastError
WideCharToMultiByte
CreateMutexW
DebugBreak
InitializeCriticalSectionEx
GetStringTypeW
RtlVirtualUnwind
IsProcessorFeaturePresent
RtlUnwindEx
TlsFree
RtlPcToFileHeader
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetExitCodeThread
CreateFileMappingA
advapi32
RegGetValueW
SetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
SetThreadToken
RevertToSelf
OpenThreadToken
EventWriteTransfer
EventWrite
ole32
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler
CoGetClassObject
CoGetContextToken
CoGetObjectContext
CoUnmarshalInterface
StringFromGUID2
CoRevokeInitializeSpy
CoGetMarshalSizeMax
CoWaitForMultipleHandles
CoRegisterInitializeSpy
CoInitializeEx
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoReleaseMarshalData
IIDFromString
CLSIDFromProgID
CoUninitialize
CoMarshalInterface
oleaut32
GetRecordInfoFromTypeInfo
SafeArraySetRecordInfo
SafeArrayAllocData
SafeArrayGetElemsize
SafeArrayAllocDescriptorEx
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayPutElement
LoadRegTypeLi
CreateErrorInfo
SysStringByteLen
SysFreeString
GetErrorInfo
SetErrorInfo
SysStringLen
VariantInit
VariantClear
VariantChangeTypeEx
VariantChangeType
SafeArrayGetVartype
LoadTypeLibEx
QueryPathOfRegTypeLi
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetDim
SysAllocStringLen
SysAllocString
VarCyFromDec
user32
LoadStringW
MessageBoxW
shell32
ShellExecuteW
api-ms-win-crt-string-l1-1-0
wcsncmp
iswupper
towlower
isalpha
isdigit
wcstok_s
strnlen
iswascii
towupper
wcscat_s
wcsncat_s
strncat_s
iswspace
_strnicmp
isupper
wcsnlen
_wcsdup
strncmp
strcmp
islower
_wcsnicmp
strlen
wcscpy_s
wcsncpy_s
_wcsicmp
__strncnt
strcspn
toupper
tolower
_stricmp
isspace
_strdup
strncpy_s
strcpy_s
strcat_s
strtok_s
api-ms-win-crt-stdio-l1-1-0
fsetpos
ungetc
fgetpos
__p__commode
fgetc
fread
fputc
_wfsopen
_fseeki64
_set_fmode
_get_stream_buffer_pointers
setvbuf
_setmode
_dup
_fileno
ftell
fseek
__stdio_common_vfprintf
_flushall
fopen
fwrite
__stdio_common_vsprintf_s
fputwc
__acrt_iob_func
fflush
__stdio_common_vsnwprintf_s
fputs
__stdio_common_vsnprintf_s
fputws
__stdio_common_vfwprintf
__stdio_common_vsscanf
fgets
_wfopen
__stdio_common_vswprintf
fclose
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo
_controlfp_s
_errno
abort
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_exit
_beginthreadex
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_wcserror_s
api-ms-win-crt-convert-l1-1-0
strtoull
_wtoi
_itow_s
_atoi64
atol
strtoul
wcstoul
_wcstoui64
_ltow_s
api-ms-win-crt-heap-l1-1-0
calloc
malloc
_set_new_mode
free
realloc
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-math-l1-1-0
log10
log
fmodf
fmod
fmaf
fma
floorf
log10f
floor
log2
log2f
atanh
acosh
cbrt
asinh
asinhf
atanhf
cbrtf
acoshf
expf
logf
exp
coshf
sin
powf
sinf
sinh
acos
acosf
_fdopen
sinhf
cosh
_copysignf
_isnanf
trunc
truncf
ilogb
ilogbf
asin
_copysign
cosf
_isnan
frexp
_finite
modf
modff
asinf
tanhf
atan
sqrt
sqrtf
tan
tanf
atan2
atan2f
tanh
pow
__setusermatherr
atanf
ceil
ceilf
cos
api-ms-win-crt-time-l1-1-0
wcsftime
_gmtime64_s
_time64
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
__pctype_func
localeconv
___lc_locale_name_func
setlocale
___mb_cur_max_func
_unlock_locales
_configthreadlocale
___lc_codepage_func
_lock_locales
api-ms-win-crt-filesystem-l1-1-0
_wremove
_wrename
_lock_file
_unlock_file
Exports
Exports
Sections
.text Size: 5.9MB - Virtual size: 5.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.CLR_UEF Size: 512B - Virtual size: 221B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 216KB - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Section Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 77KB - Virtual size: 77KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ