Static task
static1
General
-
Target
Installnow-401504.zip
-
Size
21.0MB
-
MD5
52eac91ffb3145a8f159fa0df208cee6
-
SHA1
276d7af6538ecbda9c432bc8ed288dd0b35c1e28
-
SHA256
265082f854161ab3215f66a7d9128c615fccb053be3b359b1c6688bf40525d72
-
SHA512
526023778aed552692e4be06c3fa12385e668c4819175ace3a6788973fd6627c89c838dde1dbdd81194a05fc98656ab8ea4769c0dbde58d5057e6120be658a73
-
SSDEEP
393216:rGwZ7xWnfBEtI8qVG9BZHt5A0Cmsq6nQwkkrNXi77vGGDSPfEdODTJezKkp:57x0it+VGJN5P9J6EkM77vRDaEdOgzp
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/StartSetup_20221.exe
Files
-
Installnow-401504.zip.zip
-
StartSetup_20221.exe.exe windows:6 windows x86
ab7917c1f116757b304c7d1ea164ac40
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WaitForSingleObjectEx
GetFileAttributesA
CloseHandle
CompareStringW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
GetFileAttributesExW
InitializeCriticalSectionEx
GetModuleHandleExW
GetSystemWow64DirectoryW
FormatMessageA
GetCurrentDirectoryA
WideCharToMultiByte
EncodePointer
FindFirstFileExW
ExitThread
WriteConsoleW
UnhandledExceptionFilter
LoadLibraryExW
TlsGetValue
WaitForMultipleObjects
IsDebuggerPresent
IsValidCodePage
lstrlenA
FindFirstFileA
GetCurrentThreadId
GetCommandLineW
GetCurrentThread
GetLogicalDriveStringsW
GetLastError
GetSystemTimeAsFileTime
CreateFileA
SetFilePointer
GlobalUnlock
CreateSemaphoreA
FreeEnvironmentStringsW
EnumSystemLocalesW
GetProcessHeap
SetEndOfFile
MoveFileExW
GetProcessAffinityMask
GetConsoleMode
CreateThread
DeleteFileW
GetStringTypeW
GetDateFormatW
HeapAlloc
IsProcessorFeaturePresent
FindFirstFileW
GetStartupInfoW
IsValidLocale
GetConsoleOutputCP
GetFileType
CreateDirectoryW
GetFileInformationByHandle
VirtualAlloc
GlobalFree
GetFileSize
FileTimeToLocalFileTime
RtlUnwind
LoadLibraryA
RemoveDirectoryA
AreFileApisANSI
DeleteFileA
SetFileAttributesW
DeleteCriticalSection
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
FlushFileBuffers
TerminateProcess
GetACP
SetFileAttributesA
GetModuleFileNameW
VerSetConditionMask
GlobalAlloc
GetCurrentProcess
MoveFileW
SetFilePointerEx
FindClose
LoadLibraryW
GetEnvironmentVariableA
lstrcatW
LCMapStringEx
GetFileAttributesW
GetModuleFileNameA
GetProcAddress
lstrlenW
PeekNamedPipe
InitializeSListHead
GetCPInfo
GetModuleHandleA
LocalFree
CompareFileTime
GetTimeZoneInformation
SetLastError
VirtualFree
TlsFree
EnterCriticalSection
GetLogicalDriveStringsA
SetEvent
GlobalMemoryStatus
TlsSetValue
GetSystemDirectoryW
DecodePointer
GetDriveTypeW
GetVersionExA
HeapSize
FreeLibraryAndExitThread
HeapFree
SleepEx
QueryPerformanceFrequency
GlobalLock
GetCurrentProcessId
WriteFile
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
GetStdHandle
RemoveDirectoryW
ResetEvent
CreateDirectoryA
ReadConsoleW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetFileSizeEx
LeaveCriticalSection
FreeLibrary
SetFileTime
FindNextFileW
lstrcatA
SetEnvironmentVariableW
GetTickCount64
GetOEMCP
ExitProcess
InitializeCriticalSection
ReadFile
CreateFileW
GetCurrentDirectoryW
HeapReAlloc
FindNextFileA
VerifyVersionInfoW
TlsAlloc
QueryPerformanceCounter
GetSystemInfo
FormatMessageW
ReleaseSRWLockExclusive
ReleaseSemaphore
RaiseException
GetTickCount
FileTimeToSystemTime
LCMapStringW
GetModuleHandleW
Sleep
AcquireSRWLockExclusive
CreateEventA
GetFullPathNameW
MoveFileA
WaitForSingleObject
GetTimeFormatW
SetPriorityClass
user32
GetWindowTextW
PostMessageA
MapDialogRect
GetWindowTextLengthW
SetWindowLongA
CharUpperA
EnableWindow
LoadStringA
MonitorFromWindow
GetWindowTextLengthA
DialogBoxParamA
GetMonitorInfoA
GetDlgItem
GetKeyState
SetClipboardData
SystemParametersInfoA
GetWindowRect
LoadCursorA
GetFocus
LoadIconA
SetTimer
CharUpperW
MoveWindow
SetWindowTextW
ShowWindow
SendMessageW
MessageBoxW
InvalidateRect
KillTimer
SetFocus
SetWindowTextA
CheckDlgButton
EmptyClipboard
ScreenToClient
GetWindowTextA
OpenClipboard
SetCursor
EndDialog
SendMessageA
wsprintfA
MessageBoxA
CloseClipboard
IsDlgButtonChecked
GetWindowLongA
GetParent
DialogBoxParamW
LoadStringW
advapi32
CryptGetHashParam
RegSetValueExW
CryptEncrypt
RegCloseKey
CryptDestroyHash
RegOpenKeyExW
CryptDestroyKey
RegCreateKeyExW
CryptReleaseContext
CryptImportKey
CryptAcquireContextW
CryptHashData
CryptCreateHash
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderPathW
SHGetMalloc
CommandLineToArgvW
ole32
CoUninitialize
OleInitialize
CoInitialize
CoCreateInstance
oleaut32
VariantClear
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
bcrypt
BCryptGenRandom
crypt32
CertFindExtension
CertFreeCertificateContext
CryptQueryObject
CertFreeCertificateChain
CertEnumCertificatesInStore
CertCloseStore
CertGetNameStringW
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CertFindCertificateInStore
CryptStringToBinaryW
CertCreateCertificateChainEngine
CertOpenStore
PFXImportCertStore
CryptDecodeObjectEx
wldap32
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord73
ord208
ord41
ord117
ord26
ord27
ws2_32
getpeername
sendto
recvfrom
WSAWaitForMultipleEvents
socket
ioctlsocket
gethostname
getsockopt
send
WSACloseEvent
getaddrinfo
WSAEventSelect
freeaddrinfo
WSAIoctl
WSACreateEvent
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
WSAEnumNetworkEvents
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
WSAResetEvent
Sections
.text Size: 6.4MB - Virtual size: 6.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 229KB - Virtual size: 229KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 78KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ