531c5e7a9793f4697e9e2d672b4c08f2

Sharing

Copy URL Twitter E-mail

General

Target

531c5e7a9793f4697e9e2d672b4c08f2
Size

109KB
MD5

531c5e7a9793f4697e9e2d672b4c08f2
SHA1

33602ad3556f1bc349df2aebe531dcd86ac1d5cc
SHA256

d702b8d205cf47928d1ffad50abafe4b0fb7aec83d04b4a819236e30af9c9fc1
SHA512

8ab39121e5deec43c6936f0011324adba96c29ba14913444e4c1371e53b94aca7b79c5ed0d48ef2d42731121ad49d0fbd9cb99c83b6b4808ab5ef0792bb63e5c
SSDEEP

3072:IgXdZt9P6D3XJbCiNtxjl+RrqoOEPJs+/FyhzC:Ie3448xkolTBC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
531c5e7a9793f4697e9e2d672b4c08f2

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

531c5e7a9793f4697e9e2d672b4c08f2
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Ofo4xXEMzP
$TEMP/Ofo4xXEMzP.dll
.dll windows:5 windows x86 arch:x86

8bf7eca23f08a19eb76cd544b77cd8c1

Code Sign

06:08:88:49:b5:f4:5c:56:b1:28:0c:1d:a5:0b:cd:a2
Certificate

Issuer

CN=qt4246

Not Before

14/01/2012, 21:25

Not After

31/12/2039, 23:59

Subject

CN=qt4246

Extended Key Usages

ExtKeyUsageCodeSigning

37:0d:94:81:a5:36:bb:9e:c7:01:8d:db:d9:5a:4c:12:32:65:cf:34
Signer

Actual PE Digest

37:0d:94:81:a5:36:bb:9e:c7:01:8d:db:d9:5a:4c:12:32:65:cf:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
lstrcpyW
lstrlenW
GetWindowsDirectoryW
GetModuleHandleA
GetSystemTimeAsFileTime
AddAtomA
CancelIo
ChangeTimerQueueTimer
CompareFileTime
CopyFileW
CreateProcessW
DebugBreak
DisableThreadLibraryCalls
EndUpdateResourceA
EnumTimeFormatsA
FatalAppExitW
FatalExit
FindFirstChangeNotificationA
FindFirstFileW
FindResourceExA
FlushViewOfFile
FoldStringW
FormatMessageW
FreeConsole
FreeLibrary
FreeResource
GetAtomNameW
GetCommandLineA
GetCompressedFileSizeW
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasesA
GetConsoleCP
GetConsoleWindow
GetCurrentProcess
GetCurrentThread
GetPrivateProfileSectionW
GetProcessVersion
GetProfileIntW
GetProfileStringW
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultUILanguage
GetSystemWindowsDirectoryA
GetTimeZoneInformation
GlobalFindAtomA
VirtualAlloc
GlobalLock
HeapCreate
HeapLock
HeapValidate
HeapWalk
InterlockedDecrement
IsDBCSLeadByte
IsDBCSLeadByteEx
LCMapStringW
LoadLibraryExW
LocalHandle
LocalReAlloc
MultiByteToWideChar
OpenFileMappingW
PeekConsoleInputW
PrepareTape
PurgeComm
QueryPerformanceFrequency
QueueUserAPC
ReadConsoleOutputA
ResetEvent
ScrollConsoleScreenBufferW
SearchPathW
SetCalendarInfoW
SetComputerNameA
SetComputerNameW
SetEnvironmentVariableA
SetHandleCount
SetInformationJobObject
SetProcessAffinityMask
SetProcessShutdownParameters
SetTapePosition
SetVolumeMountPointA
SetVolumeMountPointW
TryEnterCriticalSection
UnlockFile
VerLanguageNameW
VirtualFree
VirtualUnlock
WaitCommEvent
WaitForMultipleObjectsEx
WideCharToMultiByte
WritePrivateProfileStructW
_hwrite
_lopen
lstrcatW
lstrcmpi
lstrcmpiA
GlobalFlags
ExitProcess

advapi32

RegOpenKeyExW

shell32

Shell_NotifyIconA
Shell_NotifyIcon
ShellExecuteW
ShellExecuteExW
ShellExecuteEx
ShellAboutW
SHQueryRecycleBinA
SHLoadNonloadedIconOverlayIdentifiers
SHInvokePrinterCommandW
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetSettings
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetPathFromIDList
SHGetIconOverlayIndexW
SHGetIconOverlayIndexA
SHGetFolderPathW
SHGetFolderLocation
SHGetFileInfo
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHFreeNameMappings
SHFileOperation
SHEmptyRecycleBinW
SHCreateProcessAsUserW
SHCreateDirectoryExW
SHCreateDirectoryExA
SHBrowseForFolderW
SHBrowseForFolderA
SHBrowseForFolder
SHBindToParent
SHAddToRecentDocs
FindExecutableA
ExtractIconExW
ExtractIconExA
ExtractIconEx
ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractAssociatedIconExA
ExtractAssociatedIconA
DragQueryFileW
DragQueryFileAorW
DragQueryFileA
DragQueryFile
DragAcceptFiles
DoEnvironmentSubstA
CheckEscapesW

shlwapi

AssocQueryStringA
ChrCmpIW
ColorAdjustLuma
ColorRGBToHLS
GetMenuPosFromID
HashData
IntlStrEqWorkerW
PathAddBackslashW
PathAppendW
PathBuildRootA
PathCanonicalizeW
PathCombineA
PathCommonPrefixA
PathCompactPathA
PathCompactPathExW
PathFileExistsW
PathFindExtensionA
PathFindNextComponentA
PathFindOnPathW
PathFindSuffixArrayA
PathFindSuffixArrayW
PathGetArgsA
PathGetCharTypeA
PathGetDriveNumberW
PathIsDirectoryA
PathIsDirectoryW
PathIsFileSpecW
PathIsRelativeW
PathIsUNCA
PathIsUNCServerW
PathIsUNCW
PathQuoteSpacesA
PathRemoveBackslashW
PathRemoveExtensionW
PathSearchAndQualifyA
PathSetDlgItemPathA
PathStripPathA
PathStripToRootA
PathUnExpandEnvStringsA
PathUnExpandEnvStringsW
PathUnquoteSpacesA
SHDeleteValueW
SHEnumValueW
SHGetInverseCMAP
SHGetThreadRef
SHOpenRegStreamA
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegEnumUSKeyA
SHRegEnumUSValueA
SHRegEnumUSValueW
SHRegGetUSValueW
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyW
SHRegSetUSValueW
SHRegWriteUSValueW
SHSetThreadRef
StrCatBuffW
StrCatW
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrFormatKBSizeA
StrFormatKBSizeW
StrIsIntlEqualA
StrIsIntlEqualW
StrNCatW
StrPBrkA
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrSpnA
StrStrIW
StrToIntExW
StrToIntW
UrlApplySchemeA
UrlApplySchemeW
UrlCompareA
UrlCreateFromPathA
UrlEscapeA
UrlIsNoHistoryA
UrlUnescapeA
wnsprintfW

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

8bf7eca23f08a19eb76cd544b77cd8c1

Code Sign

06:08:88:49:b5:f4:5c:56:b1:28:0c:1d:a5:0b:cd:a2Certificate

Extended Key Usages

37:0d:94:81:a5:36:bb:9e:c7:01:8d:db:d9:5a:4c:12:32:65:cf:34Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

Sections

.text Size: 108KB - Virtual size: 108KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

06:08:88:49:b5:f4:5c:56:b1:28:0c:1d:a5:0b:cd:a2
Certificate

37:0d:94:81:a5:36:bb:9e:c7:01:8d:db:d9:5a:4c:12:32:65:cf:34
Signer

.text
Size: 108KB - Virtual size: 108KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB