0ba82327cd9492a5299d9f1b0a99dd99

Sharing

Copy URL Twitter E-mail

General

Target

0ba82327cd9492a5299d9f1b0a99dd99
Size

3.6MB
MD5

0ba82327cd9492a5299d9f1b0a99dd99
SHA1

be7b012d3d1a6c4069cbe004b8f0dd87f6183b79
SHA256

379e1e0c5b104d49a58fdd360b6495e09af794b5ac47338942365f8d5048942b
SHA512

42894308bb749c4ad1c8289b1a4f4bdfb8c4152c26b9452d3a983e59a3088a33af5abbe3c4f6c4ba1fbb76ead37bc28f3da395dda13c3fd1cc59738b681a859b
SSDEEP

98304:n1qbwI5p8OAcLy+VbsfU+RzGtbAYKFL5XzWWBbdM947mERDU+:1qbwIDNeggz9GVNKFLhRdc4xRDU+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

0ba82327cd9492a5299d9f1b0a99dd99
.zip
Closelid.msi
.msi
Install.bat
setup.exe
.exe windows:5 windows x86 arch:x86

cfa06eb8ecb157d3e1e5170182639085

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetNativeSystemInfo
SetFilePointer
HeapSetInformation
CreateEventW
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
GetVersionExW
CompareStringW
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GlobalFree
OpenProcess
GetSystemDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
LocalFree
FormatMessageW
ReadFile
GetTimeFormatW
GetDateFormatW
CreateDirectoryW
CopyFileW
WideCharToMultiByte
GetWindowsDirectoryW
GetSystemInfo
GetCurrentProcess
GetEnvironmentVariableW
GetModuleHandleW
GetVersion
CreateFileW
EndUpdateResourceW
Sleep
GetDiskFreeSpaceExW
DeleteCriticalSection
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MulDiv
lstrlenW
GetExitCodeProcess
SetEndOfFile
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GlobalAlloc
LoadLibraryW
UpdateResourceA
BeginUpdateResourceA
InterlockedCompareExchange
FindResourceA
DeleteFileA
lstrlenA
CreateFileA
UpdateResourceW
BeginUpdateResourceW
GetEnvironmentVariableA
SetStdHandle
WriteConsoleW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetProcessHeap
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
GetCurrentThreadId
InterlockedExchange
SwitchToThread
GetLastError
WaitForSingleObject
CloseHandle
GetProcAddress
FreeLibrary
WriteFile
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
LocalAlloc
LoadLibraryA
RaiseException
GetCommandLineW
GetStartupInfoW
RtlUnwind
HeapFree
InterlockedDecrement
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount

gdi32

GetStockObject
EnumFontFamiliesExW
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
GetDeviceCaps
GetObjectW
DeleteDC
SelectObject
GetTextMetricsW
GetTextExtentPoint32W

ole32

CoUninitialize
CoInitialize

secur32

GetComputerObjectNameW

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA

user32

MessageBoxA
ShowScrollBar
GetClientRect
SendMessageA
SetClassLongW
SetWindowTextW
LoadCursorW
SetCursor
CreateDialogIndirectParamW
SetForegroundWindow
EnableWindow
GetFocus
SetFocus
ScreenToClient
MoveWindow
LoadIconW
SetDlgItemTextW
SendMessageW
GetDlgItem
MsgWaitForMultipleObjects
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
ShowWindow
SendDlgItemMessageW
GetWindowRect
SystemParametersInfoW
ExitWindowsEx
MessageBoxW
DrawTextW
GetSystemMetrics
GetDC
GetDialogBaseUnits
ReleaseDC
CreateDialogParamW
LoadImageW

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain

wininet

InternetCrackUrlW
InternetCombineUrlW

msi

ord8
ord150
ord78
ord92

Exports

Exports

_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfa06eb8ecb157d3e1e5170182639085

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

ole32

secur32

shell32

user32

crypt32

wininet

msi

Exports

Exports

Sections

.text Size: 314KB - Virtual size: 314KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 314KB - Virtual size: 314KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 18KB - Virtual size: 17KB