mt5setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mt5setup.exe
Size

4.1MB
MD5

de0a13406f48729f435f356564a16eee
SHA1

97b0ad2455ed3fb5910457a3e04906d8145c69a8
SHA256

0a52e31032030445ee7f048bd707df2ade21bd45339061e943c304cf03cc488d
SHA512

3d2367400ccb863eac13b1d66864db7732f3a190ee97d7498c2d32dd48e3443cade996ba4d530a2e68d9c59f3855ce0aacb7d332524b4609d5e94664175f78f5
SSDEEP

49152:0vflbW30p/Qz9xpyzUYbWwaaJKTv+7lCuDHwb0X3nJZCjl:Q1WY/KgHQS5Ujl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mt5setup.exe

Files

mt5setup.exe
.exe windows:6 windows x64 arch:x64

0b28a8a6f95ee60c14c48ce1ae2a4858

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

ws2_32

recv
shutdown
ioctlsocket
select
WSAGetLastError
WSAConnect
setsockopt
WSASocketW
WSARecv
WSASend
htons
WSAStartup
WSACleanup
GetAddrInfoW
FreeAddrInfoW
send
closesocket

crypt32

CertGetNameStringW

kernel32

GetModuleHandleW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionEx
RaiseException
GetCurrentProcess
GetCurrentProcessId
Thread32Next
ReadProcessMemory
ResumeThread
GetThreadContext
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentThread
Module32NextW
LockResource
FindResourceExW
Module32FirstW
GetProcessHandleCount
GetLogicalProcessorInformationEx
GetLocalTime
K32GetProcessMemoryInfo
GetEnvironmentVariableW
LocalFree
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
DecodePointer
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
OpenProcess
HeapSize
GetProcessHeap
CompareStringW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
IsValidCodePage
FreeResource
EnumResourceNamesW
CreateProcessW
FileTimeToDosDateTime
CopyFileW
GetDiskFreeSpaceExW
RemoveDirectoryW
GetTempPathW
GetUserDefaultUILanguage
TerminateThread
Process32FirstW
K32GetProcessImageFileNameW
Process32NextW
MoveFileExW
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
GetTimeZoneInformation
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileType
GetStdHandle
FlsAlloc
FlsGetValue
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindClose
FindFirstFileW
FileTimeToSystemTime
DosDateTimeToFileTime
HeapReAlloc
HeapFree
GlobalMemoryStatusEx
HeapAlloc
DeviceIoControl
LoadLibraryW
GetProcAddress
GetModuleFileNameW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
GetFileSizeEx
SetFilePointer
GetLastError
ReadFile
FlsSetValue
FlsFree
LCMapStringW
GetCPInfo
GetStringTypeW
GetACP
GetOEMCP
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlushFileBuffers
FreeLibrary
VirtualAlloc
VirtualFree
IsBadReadPtr
VirtualQuery
GetSystemDirectoryW
GetVolumeInformationW
GetConsoleOutputCP
GetVersionExW
GetSystemTimeAsFileTime
GetFileAttributesExW
HeapDestroy
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
HeapCreate
WriteFile
SetEndOfFile
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
WideCharToMultiByte
GetTickCount
GetCurrentThreadId
SetThreadStackGuarantee
DeleteFileW
MultiByteToWideChar
Sleep
LeaveCriticalSection
GetExitCodeThread
EnterCriticalSection
FlushInstructionCache
GetSystemInfo
SetStdHandle
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
ExpandEnvironmentStringsW

user32

LoadIconW
LoadBitmapW
MessageBeep
EnableWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
DialogBoxParamW
BringWindowToTop
EndDialog
MessageBoxW
ShowWindow
GetWindowRect
SetClassLongPtrW
PostQuitMessage
LoadStringW
PostMessageW
IsWindowVisible
LoadImageW
SetTimer
KillTimer
SystemParametersInfoW
IsWindowEnabled
DrawFocusRect
SetCursor
TrackMouseEvent
GetTopWindow
GetWindowThreadProcessId
SetForegroundWindow
GetCapture
GetCursorPos
UpdateWindow
OffsetRect
SetRectEmpty
PtInRect
GetDlgCtrlID
GetActiveWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
GetSysColor
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
SetWindowLongW
LoadCursorW
RegisterClassExW
UnregisterClassW
DefWindowProcW
CharLowerW
CharNextW
PostMessageA
GetSystemMetrics
DrawTextW

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontIndirectW
BitBlt
GetStockObject
GetObjectW
GetDeviceCaps
DeleteDC
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetTextExtentPoint32W
GdiGradientFill
GetTextExtentPointW
TextOutW
RestoreDC
SaveDC
CreateFontW
EnumFontFamiliesExW
CreateDIBitmap
DeleteObject
GetDIBits

advapi32

EnumServicesStatusW
OpenSCManagerW
RegEnumKeyW
RegDeleteKeyExW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetAce
EqualSid
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CloseServiceHandle
OpenServiceW
QueryServiceStatus
ControlService
QueryServiceConfigW
RegQueryValueW
GetSecurityDescriptorDacl
GetFileSecurityW
GetTokenInformation
OpenProcessToken
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetAclInformation

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
SHChangeNotify
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteExW

ole32

CoTaskMemRealloc
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleUninitialize
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
OleInitialize

oleaut32

VariantClear
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantInit
SysAllocStringLen
VarUI4FromStr

shlwapi

PathCanonicalizeW
PathFindExtensionW

comctl32

DestroyPropertySheetPage
PropertySheetW
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Create
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx
CreatePropertySheetPageW

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

dbghelp

MiniDumpWriteDump
SymFunctionTableAccess64
SymGetModuleBase64
StackWalk64
SymSetOptions
SymLoadModule64
SymGetOptions
SymInitialize

gdiplus

GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCloneImage

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 62.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b28a8a6f95ee60c14c48ce1ae2a4858

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

bcrypt

dbghelp

gdiplus

wintrust

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 277KB - Virtual size: 276KB

.data Size: 89KB - Virtual size: 62.9MB

.pdata Size: 47KB - Virtual size: 47KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 277KB - Virtual size: 276KB

.data
Size: 89KB - Virtual size: 62.9MB

.pdata
Size: 47KB - Virtual size: 47KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 7KB - Virtual size: 7KB