7396c613ec353cefe0ba1286f0846aff

Sharing

Copy URL Twitter E-mail

General

Target

7396c613ec353cefe0ba1286f0846aff
Size

2.4MB
MD5

7396c613ec353cefe0ba1286f0846aff
SHA1

a270b885ab135eb471c26f9ec9f7f7b2ad86d550
SHA256

661499a0022333d265bcf4f5a57bac8f0304d02ffc40e2793d6fca51174631de
SHA512

7beb49dd5e99dad1f5f6bf718c599a929b857171d6f3a071e3dbbd87635ab86459f601a57ac085c4c468e56a621e3988a562314f010518d34426c1c8ac768468
SSDEEP

49152:N0lhfTPNZlZnKrWkwxkgI9+jSP5CHcp9HYASlGJeZ56JL4VmQ:N0lhDLnnAH0llYez68

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7396c613ec353cefe0ba1286f0846aff

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

7396c613ec353cefe0ba1286f0846aff
.exe windows:4 windows x86 arch:x86

804880c295247c3fdfff1bf0437f3f1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
LoadLibraryW
GetPrivateProfileSectionNamesW
FormatMessageW
SetFilePointer
CreateDirectoryW
GetProcAddress
ResumeThread
GlobalFree
ResetEvent
SetEvent
CompareStringW
GetDriveTypeW
MulDiv
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpW
CreateMutexW
FreeLibrary
lstrcmpiW
GetCurrentThreadId
InterlockedIncrement
SetLastError
GetWindowsDirectoryW
GetComputerNameA
lstrlenA
IsBadWritePtr
GetSystemTimeAdjustment
GetTempPathW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
GetLocalTime
MoveFileW
CreateEventW
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
GetModuleHandleA
GetSystemTimeAsFileTime
GetFileAttributesW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadLocale
LoadLibraryExW
InterlockedDecrement
GetModuleHandleW
FlushInstructionCache
GetCurrentProcess
GetFileSize
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
GetDiskFreeSpaceExW
GetVersionExW
ExitProcess
CreateProcessW
DeleteFileW
CopyFileW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetPrivateProfileStringW
GetModuleFileNameW
IsBadReadPtr
Sleep
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
FindResourceW
lstrlenW
InitializeCriticalSection
GetTickCount
TerminateThread
ReadFile
WriteFile
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateFileW
CloseHandle
RaiseException
WaitNamedPipeW
WideCharToMultiByte
CreateThread
WritePrivateProfileStringW
GetLastError
GetPrivateProfileIntW
MultiByteToWideChar
SetFileAttributesW

user32

CreateWindowExW
GetDlgItem
MapWindowPoints
GetClientRect
IsWindow
GetWindow
SetWindowLongW
EndDialog
GetParent
GetWindowLongW
SetWindowTextW
SystemParametersInfoW
LoadBitmapW
MessageBoxW
DispatchMessageW
TranslateMessage
PeekMessageW
SendMessageW
PostMessageW
IsWindowVisible
SetRect
GetUpdateRect
SetWindowRgn
SetDlgItemTextW
SetRectEmpty
CreateDialogParamW
TrackPopupMenuEx
GetSystemMenu
SetFocus
GetDesktopWindow
GetSysColor
GetWindowTextLengthW
DestroyAcceleratorTable
CreateAcceleratorTableW
EnableWindow
RedrawWindow
GetWindowTextW
GetClassInfoExW
GetDC
ScreenToClient
RegisterClassExW
GetClassNameW
InvalidateRgn
EnableMenuItem
IsChild
GetFocus
LoadStringW
TrackPopupMenu
PostQuitMessage
DrawEdge
CreatePopupMenu
FillRect
LoadIconW
DrawFocusRect
InflateRect
IsIconic
RegisterWindowMessageW
OpenIcon
GetCursorPos
GetMonitorInfoW
MonitorFromPoint
DestroyMenu
CallWindowProcW
GetActiveWindow
DrawTextW
GetWindowDC
CharNextW
UpdateWindow
DialogBoxParamW
LoadImageW
IsWindowEnabled
EndPaint
GetDlgCtrlID
BeginPaint
ReleaseDC
OffsetRect
ReleaseCapture
GetCapture
DestroyWindow
SetCapture
PtInRect
SetCursor
DefWindowProcW
GetSystemMetrics
ClientToScreen
MoveWindow
KillTimer
SetTimer
ShowWindow
AdjustWindowRectEx
SetWindowPos
GetMenu
LoadCursorW
GetWindowRect
InvalidateRect
DestroyCursor
UnregisterClassA
CopyImage
ExitWindowsEx
AppendMenuW

gdi32

CreateFontIndirectW
DeleteObject
CreateFontW
GetObjectW
CreateCompatibleDC
CreateSolidBrush
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
BitBlt
GetStockObject
SetBkMode
StretchBlt
SetTextColor
TextOutW
SetBkColor
ExtTextOutW
GetDeviceCaps
CreateRectRgn
DeleteDC

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

StringFromGUID2
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CoUninitialize
OleLockRunning
CoGetClassObject
OleUninitialize
CLSIDFromProgID
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
VariantInit
SysAllocString
SysStringByteLen
SysStringLen
OleCreateFontIndirect
SysAllocStringLen
LoadTypeLi
VarUI4FromStr
OleLoadPicture
SysFreeString
LoadRegTypeLi

shlwapi

StrCmpNW
PathUnquoteSpacesW
StrToIntW
PathFileExistsW
PathAppendW
PathAddBackslashW
PathRemoveFileSpecW

comctl32

CreatePropertySheetPageW
ImageList_Create
DestroyPropertySheetPage
ImageList_Draw
_TrackMouseEvent
PropertySheetW
InitCommonControlsEx
ImageList_Destroy
ImageList_GetIconSize
ImageList_Add

wintrust

WinVerifyTrust

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 376KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30.3MB - Virtual size: 30.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

804880c295247c3fdfff1bf0437f3f1e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wintrust

version

Sections

.text Size: 376KB - Virtual size: 374KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 24KB - Virtual size: 30KB

.rsrc Size: 30.3MB - Virtual size: 30.3MB

.text
Size: 376KB - Virtual size: 374KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 24KB - Virtual size: 30KB

.rsrc
Size: 30.3MB - Virtual size: 30.3MB