General
-
Target
UMF.Installer.exe
-
Size
10.5MB
-
MD5
b6fc1faf1197d26d17b67aefd21c5a32
-
SHA1
274b906b5f64512ddb1696e22f661b6a1f6b31ba
-
SHA256
1afd0dfd353a5f55d9ded8a7c1260ee9ef6dd23cb9f9ae139d9689c5e3c588d2
-
SHA512
1f70a1e3f04cff44b5b1b18082ed842d8eb96649fed2e0664a3d3d17099bb9235e83e08109a5030c9a097f807d595afb52367d74b3708a0969d8e5c8a8551f98
-
SSDEEP
196608:7J06RL0XywO/cQZqDQP6Td2cyg6TdMGg/g5Q5RhH6Tdl3:V0QIMCQyMnliSQ5uT
Malware Config
Signatures
-
Blackguard family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource UMF.Installer.exe
Files
-
UMF.Installer.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 10.2MB - Virtual size: 10.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 313KB - Virtual size: 312KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ