McAfee VirusScan 4[.]5[.]1[.]iso

Sharing

Copy URL Twitter E-mail

General

Target

McAfee VirusScan 4.5.1.iso
Size

18.2MB
MD5

a16907d3be91123f6a41aa50aa34e9fa
SHA1

2102511d56debe71f6d3a7631241bb511de61fb8
SHA256

d764921372fd9e8978074426a2917d4368990bbf63a7b3ff11ef9c7da20c9a70
SHA512

3958f378c73de5de2850bec7ef735a61ea30d16cf310c2eda20cad78f3db6ffe114fab8d87742c56ce063b6ed05dc14d4914686b4331dba3058bdf1ece340941
SSDEEP

393216:/X+ukKMyW/nNdGcwxrSzqAH4ByuHsTqNoeh2hFZ6hG1ekrU38ZwMGkuPyk:/X+ukKMyYzG5xrSeAIycsTqdh2h76hhp

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack002/InstMsi.Exe
unpack002/Setup.exe
unpack002/UnInst.Dll
unpack002/VSC451A.NAP
unpack002/instmsiw.exe
unpack002/itdinst.exe

Files

McAfee VirusScan 4.5.1.iso
.iso
out.iso
.iso
Avcmd.ini
Contact.Txt
InstMsi.Exe
.exe windows:5 windows x86 arch:x86

86f649127f320d79de0c023a60ef77bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetModuleHandleA
CloseHandle
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetStartupInfoA
CreateDirectoryA
GlobalFree
FormatMessageA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Install_ENGLISH.Pkg
License.Rtf
.rtf
License.Txt
Packing.Lst
PkgDesc.ini
Readme.Txt
Setup.exe
.exe windows:4 windows x86 arch:x86

35da02844dad69825a0f81d9d7f16d1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CopyFileA
CloseHandle
CreateMutexA
lstrlenA
lstrcmpiA
GlobalFree
GlobalAlloc
GetLastError
GetProcAddress
Sleep
LoadLibraryA
GetCommandLineA
FreeLibrary
GetModuleFileNameA
GetTempPathA
GetVersionExA
GetSystemDirectoryA
GetCurrentProcess
CreateThread
GetPrivateProfileStringA
WideCharToMultiByte
GetOEMCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetPrivateProfileIntA
SetFilePointer
MultiByteToWideChar
GetFileType
GetStdHandle
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
GetCPInfo
GetACP
WriteFile
VirtualAlloc
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetEnvironmentStringsW
SetHandleCount
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

MessageBoxA
LoadStringA
SetWindowTextA
ExitWindowsEx
EndDialog
SendMessageA
GetDlgItem
SetFocus
DialogBoxParamA
FindWindowA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegDeleteValueA
LookupPrivilegeValueA
FreeSid
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
EqualSid

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnInst.Dll
.dll windows:4 windows x86 arch:x86

86f2fff3eb64f867476e2918e601127a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetVersionExA
GlobalFree
GlobalHandle
FreeLibrary
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
GetLocalTime
OpenProcess
WaitForSingleObject
GetTempPathA
FindFirstFileA
WideCharToMultiByte
CreateFileA
SetFilePointer
ReadFile
WriteFile
DeleteFileA
CreateProcessA
OpenFile
GetFileAttributesA
SetFileAttributesA
GetPrivateProfileSectionA
FlushFileBuffers
CloseHandle
TerminateProcess
WritePrivateProfileStringA
SleepEx
GetDriveTypeA
RemoveDirectoryA
CopyFileA
GlobalReAlloc
GlobalAlloc
FindNextFileA
FindClose
GlobalLock
TlsGetValue
GetCommandLineA
GetVersion
GetFileType
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
GetStringTypeA
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeW
RtlUnwind
VirtualAlloc
HeapReAlloc

user32

wsprintfA
SendMessageA
FindWindowA

advapi32

GetUserNameA
CloseServiceHandle
ControlService
QueryServiceStatus
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegFlushKey
RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
OpenServiceA
EnumServicesStatusA
RegCloseKey
OpenSCManagerA
DeleteService

Exports

Exports

Dll_Uninstall
UninstReb

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UnInst.Ini
VSC451A.NAP
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VScan451.msi
.msi
instmsiw.exe
.exe windows:5 windows x86 arch:x86

86f649127f320d79de0c023a60ef77bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetModuleHandleA
CloseHandle
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetStartupInfoA
CreateDirectoryA
GlobalFree
FormatMessageA
GetDiskFreeSpaceA
MulDiv

gdi32

GetDeviceCaps

user32

wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
EndDialog
GetDesktopWindow
CharPrevA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
SetWindowLongA
EnableWindow
SendMessageA
LoadStringA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetDlgItemTextA
DispatchMessageA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
itdinst.exe
.exe windows:4 windows x86 arch:x86

3ad718cd2e3a8b528a43bb074a87be67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetModuleFileNameA
CloseHandle
WaitForSingleObject
CreateProcessA
HeapCreate
HeapDestroy
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetPrivateProfileStringA
GetFileType
GetStringTypeA
GetStringTypeW
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

wsprintfA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
setup.ini
vscan451.sms

Sharing

General

Malware Config

Signatures

Files

86f649127f320d79de0c023a60ef77bf

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

35da02844dad69825a0f81d9d7f16d1d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 8KB

86f2fff3eb64f867476e2918e601127a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 95KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 8KB - Virtual size: 5KB

Headers

File Characteristics

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 4KB - Virtual size: 1KB

86f649127f320d79de0c023a60ef77bf

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

3ad718cd2e3a8b528a43bb074a87be67

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 8KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 95KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB