775050c673393af1a3f36dd617734d5ec79964df494c3ab954cdfcc4a93e0dbd

Sharing

Copy URL Twitter E-mail

General

Target

775050c673393af1a3f36dd617734d5ec79964df494c3ab954cdfcc4a93e0dbd
Size

1.1MB
MD5

19f530e6ee013b1e94f9c4ce1e338a9d
SHA1

58b577f2d98aafcc0b661b50c615d32c212b3f6e
SHA256

775050c673393af1a3f36dd617734d5ec79964df494c3ab954cdfcc4a93e0dbd
SHA512

e21ee753036496593c9db3add0e3e6abb29f4961db8cb6b2d2db37b1f60a3c912d56bacb4716014c97ad2390407b43f500610ffc5e295d40ff8fcc13a56d860b
SSDEEP

24576:N4U3X8wEKwArXRtrltivOT22qhwxbSUoNL/mzVf:N4U9wMRpBqhw5SUoNjMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
775050c673393af1a3f36dd617734d5ec79964df494c3ab954cdfcc4a93e0dbd

Files

775050c673393af1a3f36dd617734d5ec79964df494c3ab954cdfcc4a93e0dbd
.exe windows:5 windows x86 arch:x86

38431a0bcf2e8d6110c588c4be1878a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\master_lu\install_uninstall_ldslite\QAUSE_Release\LiteUninstall.pdb

Imports

kernel32

LoadLibraryExW
lstrcmpiW
InitializeCriticalSectionAndSpinCount
SetLastError
GetCurrentThreadId
RaiseException
InterlockedDecrement
InterlockedIncrement
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
GetModuleHandleW
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateMutexW
GetLastError
GetCurrentProcessId
OpenProcess
GetLongPathNameW
FindResourceExW
FindResourceW
GetModuleFileNameW
LoadLibraryW
CreateEventW
SizeofResource
LoadResource
WaitForMultipleObjects
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadConsoleW
WriteConsoleW
InitializeCriticalSection
GetProcAddress
FreeLibrary
LockResource
GetPrivateProfileStringW
CreateFileW
CreateFileMappingW
UnmapViewOfFile
SwitchToThread
SetFilePointerEx
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
CloseHandle
SetFilePointer
GetFileType
GetCurrentThread
GetACP
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
GetFileAttributesExW
FormatMessageW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetCurrentDirectoryW
SetCurrentDirectoryW
MapViewOfFile
GetSystemDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
InterlockedFlushSList
GetStdHandle
SetEndOfFile
TerminateProcess
GetExitCodeProcess
GetTempPathW
GetVersion
GetFileSize
ReadFile
FindClose
GetTickCount
lstrlenW
CreateProcessW
GetStartupInfoW
GetTempFileNameW
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
FindNextFileW
MoveFileExW
GetVersionExW
GetFileSizeEx
GetLocalTime
Sleep
WritePrivateProfileStringW
RemoveDirectoryW
WriteFile
GetTempPathA
GetTempFileNameA
CreateFileA
DeleteFileA
GetWindowsDirectoryW
MoveFileW
InterlockedExchange
InterlockedCompareExchange
DeviceIoControl
LocalAlloc
LocalFree
LocalFileTimeToFileTime
DosDateTimeToFileTime
OutputDebugStringW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeResource
GetSystemWindowsDirectoryW
lstrcmpA
lstrcmpiA
FlushFileBuffers
GetShortPathNameW
SetFileTime
CreateDirectoryW
SearchPathW
GetLogicalDriveStringsW
FindFirstChangeNotificationW
FindCloseChangeNotification
CompareFileTime
GetFileInformationByHandle
ResetEvent

user32

MapWindowPoints
GetWindowRect
GetClientRect
GetSystemMetrics
SetWindowPos
PostMessageW
SendMessageW
GetWindowLongW
CreateDialogParamW
CallWindowProcW
PostQuitMessage
LoadCursorW
SetWindowLongW
MessageBoxW
CharNextW
DestroyWindow
CreateWindowExW
GetClassInfoExW
GetWindow
UnregisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
FindWindowExW
SetForegroundWindow
IsIconic
IsWindowVisible
ShowWindow
MonitorFromWindow
UnregisterClassA
FindWindowW
wsprintfW
GetShellWindow
WaitForInputIdle
GetMonitorInfoW
IsDialogMessageW
RegisterClassExW
LoadImageW
GetParent
IsWindow

advapi32

DeleteService
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
DuplicateTokenEx
RegEnumValueW
GetUserNameW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
RegQueryValueExA
LockServiceDatabase
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceLockStatusW
QueryServiceStatus
QueryServiceStatusEx
StartServiceW
UnlockServiceDatabase
GetTokenInformation
RegEnumKeyExA
RegOpenKeyExA
CryptContextAddRef

ole32

CoTaskMemAlloc
CoTaskMemFree
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoTaskMemRealloc

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysStringLen
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
VarUI4FromStr
SysFreeString
CreateErrorInfo
VariantCopy

shlwapi

PathFileExistsW
SHGetValueW
PathFindFileNameW
PathUnquoteSpacesW
PathAppendW
PathCombineW
PathFindExtensionW
StrTrimA
StrStrIW
StrCmpIW
StrToIntExW
SHGetValueA
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
SHDeleteKeyW
SHSetValueW
PathFindFileNameA
PathRenameExtensionA
PathIsPrefixW
StrStrIA
PathRemoveFileSpecW
StrCmpNIW

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcesses

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

secur32

GetUserNameExW

setupapi

SetupIterateCabinetW

cabinet

ord22
ord20
ord23

crypt32

CertGetNameStringW
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
ord165
CommandLineToArgvW
SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteExW

Sections

.text
Size: 762KB - Virtual size: 761KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

38431a0bcf2e8d6110c588c4be1878a4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

version

psapi

iphlpapi

wininet

urlmon

secur32

setupapi

cabinet

crypt32

wintrust

shell32

Sections

.text Size: 762KB - Virtual size: 761KB

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 19KB - Virtual size: 31KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 114KB - Virtual size: 116KB

.text
Size: 762KB - Virtual size: 761KB

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 19KB - Virtual size: 31KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 114KB - Virtual size: 116KB