7d6216c2e9ba362598254195e1942640

Sharing

Copy URL Twitter E-mail

General

Target

7d6216c2e9ba362598254195e1942640
Size

252KB
MD5

7d6216c2e9ba362598254195e1942640
SHA1

d4dcdb83deac5bbe4f35a94d32260731e608197e
SHA256

80296e4eda78a3a9d487602d4bc00cd88aa3c9aa7c5e02d8f198fb37533c28cf
SHA512

0af4d61a8724f0eac13572449e331450d39613867e5138dd6312941dd68acfc449c97f8f76fd780bc866409bee944421dd888f008122fb0fe60df97fbc22d69f
SSDEEP

6144:AwcL44H1ssaMX+pd1bEz2s7ETRhEgjJqX+pd1bEz2s7ETRhEgjJD:jcs4H1WMX+pd167QhE0qX+pd167QhE0D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d6216c2e9ba362598254195e1942640

Files

7d6216c2e9ba362598254195e1942640
.exe windows:6 windows x86 arch:x86

9970fa4104e4c405b7ecd7c2ba1e5649

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ieinstal.pdb

Imports

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegOpenKeyExW
RegEnumValueW
RegSetValueExA
RegQueryValueExA
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyA
RegOpenKeyExA
ConvertStringSidToSidW
EqualSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
CopySid
CreateWellKnownSid
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetSidSubAuthority
RegOpenCurrentUser
RegOverridePredefKey
GetTokenInformation
OpenProcessToken
InitializeAcl
GetLengthSid
IsValidSid
GetAce
GetSecurityDescriptorSacl
GetKernelObjectSecurity
SetSecurityInfo
GetSidSubAuthorityCount

kernel32

DeleteFileW
lstrcmpiW
lstrlenW
lstrcmpiA
lstrlenA
DeleteFileA
SetFileAttributesA
CreateProcessW
LoadLibraryExW
GetExitCodeThread
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
LocalFree
LocalAlloc
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
RemoveDirectoryA
CreateDirectoryExA
GetFileAttributesA
GetTempPathA
CopyFileW
InterlockedCompareExchange
CreateEventW
HeapSetInformation
SetEvent
UnhandledExceptionFilter
TerminateProcess
GetVersionExA
OpenEventW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcAddress
CreateFileW
GetFileAttributesW
GetCurrentProcess
OpenProcess
DuplicateHandle
CloseHandle
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetProcessShutdownParameters
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
VirtualQuery
VirtualProtect
FlushInstructionCache
VirtualAlloc
InterlockedExchange
GetModuleHandleW
GetLastError
ResumeThread
HeapFree
GetProcessHeap
HeapAlloc
CreateThread
GetThreadContext
SetThreadContext
SuspendThread
SetLastError
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetModuleFileNameW

user32

GetSystemMetrics
PostQuitMessage
CharNextW
LoadStringW

msvcrt

?terminate@@YAXXZ
memset
_vsnwprintf
wcsrchr
_vsnprintf
_wcsnicmp
memcpy
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
wcstok
_controlfp
__setusermatherr
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
__p__fmode
__p__commode

psapi

GetModuleBaseNameW

ole32

CoCreateInstance
CoRevertToSelf
CoImpersonateClient
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoGetCallContext
CoInitializeSecurity
CoInitializeEx
StringFromGUID2
CoInitialize
CoUninitialize
CoRevokeClassObject

oleaut32

UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocString
SysFreeString

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

urlmon

Extract
CompatFlagsFromClsid
CoInternetCreateSecurityManager
ord107
CoInternetSetFeatureEnabled

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminAddCatalog
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext

iertutil

ord201
ord200
ord9

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rol
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9970fa4104e4c405b7ecd7c2ba1e5649

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

psapi

ole32

oleaut32

rpcrt4

urlmon

wintrust

iertutil

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 194KB - Virtual size: 194KB

.reloc Size: 6KB - Virtual size: 5KB

.rol Size: 1KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 6KB - Virtual size: 5KB

.rol
Size: 1KB - Virtual size: 4KB