overhaulinstaller[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

overhaulinstaller.exe
Size

10.5MB
MD5

12ea3960a5c12ba057c0606b74dde2f3
SHA1

f4b7d45072ed136965fe9eb824bc03f515ee54b5
SHA256

302a01dd95d6baab865419e79c3d3dba6037569660f7bfa7ad3ab1abe1597f91
SHA512

757694d12c6cee150d17b474adc530cbdcce12758ebe7e9caf2a273aa35aad32bbbcfda705346df24be0fdbaf6d20a0296d3ab167a511573df60f3c6681404ac
SSDEEP

98304:z/hZTCJ+Jw3jg3gxJYFSq7jrmy/pGTcI:TO3bxJYFSinO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
overhaulinstaller.exe

Files

overhaulinstaller.exe
.exe windows:6 windows x64 arch:x64

234c7de5d4b912d74199eac7e40862f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Commander\Desktop\Wynncraft Overhaul\installer\target\release\deps\installer.pdb

Imports

kernel32

RtlLookupFunctionEntry
GetEnvironmentVariableW
CreateMutexA
GetCurrentProcessId
LoadLibraryA
WaitForSingleObjectEx
ReleaseMutex
GetCurrentProcess
GetCurrentDirectoryW
FormatMessageW
QueryPerformanceFrequency
LoadLibraryW
WriteConsoleW
MultiByteToWideChar
WaitForSingleObject
GetConsoleMode
GetStdHandle
GetCurrentThread
SetHandleInformation
RtlCaptureContext
ReleaseSRWLockExclusive
PostQueuedCompletionStatus
GetModuleHandleA
SetFileCompletionNotificationModes
GetTempPathW
GetModuleFileNameW
FreeLibrary
CreateFileW
GetFileInformationByHandle
SleepConditionVariableSRW
GetUserDefaultUILanguage
LCIDToLocaleName
CreateIoCompletionPort
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
FindFirstFileW
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
WakeConditionVariable
GetSystemInfo
SetThreadStackGuarantee
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
AddVectoredExceptionHandler
FindClose
lstrlenW
SwitchToThread
GetProcAddress
GetModuleHandleW
GetSystemDirectoryA
SetFilePointerEx
FindNextFileW
CreateDirectoryW
WakeAllConditionVariable
Sleep
HeapReAlloc
GetEnvironmentVariableA
GetProcessHeap
CloseHandle
GetEnvironmentStringsW
GetCurrentThreadId
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
SetFileInformationByHandle
MoveFileExA
VerSetConditionMask
VerifyVersionInfoW
HeapAlloc
CreateFileA
GetFileSizeEx
ReadFile
DeleteFileW
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
InitializeCriticalSectionAndSpinCount
WriteFileEx
SleepEx
DuplicateHandle
CreateThread
OutputDebugStringA
OutputDebugStringW
AcquireSRWLockShared
ReleaseSRWLockShared
GetLastError
CreateNamedPipeW
LoadLibraryExW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SetEvent
ResetEvent
InitializeProcThreadAttributeList
CreateEventW
DeleteProcThreadAttributeList
SetLastError
UpdateProcThreadAttribute
AcquireSRWLockExclusive
InitializeSListHead
IsDebuggerPresent
ReadFileEx
IsProcessorFeaturePresent
GetFileAttributesW
HeapFree

user32

GetCursorPos
MonitorFromWindow
SetWindowPos
SetCursor
LoadCursorW
GetMonitorInfoW
SendMessageW
EnumChildWindows
PostMessageW
SetCapture
MonitorFromRect
ClientToScreen
GetClientRect
GetWindowLongW
DispatchMessageA
GetMessageA
CloseTouchInputHandle
IsProcessDPIAware
GetDC
PostQuitMessage
ScreenToClient
GetTouchInputInfo
RegisterClassExW
SystemParametersInfoA
AdjustWindowRectEx
TrackMouseEvent
ShowCursor
ClipCursor
RedrawWindow
GetActiveWindow
SetWindowLongW
EnableMenuItem
GetSystemMenu
ShowWindow
DestroyAcceleratorTable
DestroyIcon
GetWindowLongPtrW
DispatchMessageW
TranslateMessage
ToUnicodeEx
GetKeyboardLayout
ReleaseCapture
TranslateAcceleratorW
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
RegisterWindowMessageA
CreateIcon
MapVirtualKeyExW
GetWindowRect
CreateWindowExW
IsWindow
GetAncestor
GetSystemMetrics
RegisterTouchWindow
MapVirtualKeyW
SendInput
SetForegroundWindow
SetWindowDisplayAffinity
InvalidateRgn
RegisterRawInputDevices
GetMessageW
GetClipCursor
GetUpdateRect
ValidateRect
GetRawInputData
DefWindowProcW
GetKeyboardState
GetKeyState
GetAsyncKeyState
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
PeekMessageW
PostThreadMessageW
RegisterHotKey
VkKeyScanW
DestroyWindow
GetMenu
CreateAcceleratorTableW
SetMenu

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CertFreeCertificateContext
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertCloseStore
CertDuplicateCertificateContext
CertFindExtension
CryptStringToBinaryA
CertOpenStore

ole32

CoTaskMemFree
RegisterDragDrop
CoTaskMemAlloc
CoCreateInstance
OleInitialize
CoInitializeEx
CoUninitialize
RevokeDragDrop
CreateStreamOnHGlobal

comctl32

DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

shell32

DragQueryFileW
DragFinish
SHGetKnownFolderPath

ws2_32

WSAGetLastError
bind
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
closesocket
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAIoctl
setsockopt
htons
socket
ntohs
WSASetLastError
__WSAFDIsSet
select
accept
connect
getsockname
htonl
listen
recv
getpeername
ioctlsocket
WSASocketW

ntdll

NtReadFile
NtCreateFile
RtlNtStatusToDosError
NtWriteFile

bcrypt

BCryptGenRandom

advapi32

RegOpenKeyExW
RegGetValueW
CryptHashData
EventRegister
SystemFunction036
RegQueryValueExW
RegCloseKey
EventUnregister
EventSetInformation
CryptAcquireContextA
CryptDestroyHash
CryptCreateHash
EventWriteTransfer
CryptGetHashParam
CryptReleaseContext

uxtheme

SetWindowTheme

shlwapi

AssocQueryStringW

oleaut32

SysStringLen
SysFreeString
SetErrorInfo
GetErrorInfo

vcruntime140

memcmp
memcpy
memmove
memset
_CxxThrowException
strchr
strrchr
memchr
strstr
wcsrchr
_purecall
__C_specific_handler
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
_strdup
strncpy
strlen
_wcsicmp
strcspn
wcslen
strpbrk
strcpy
strspn

api-ms-win-crt-math-l1-1-0

truncf
pow
powf
exp2f
round
trunc
roundf
ceil
floor
_fdopen
__setusermatherr

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
_callnewh
calloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-stdio-l1-1-0

fread
fopen
fseek
fputs
__stdio_common_vsprintf
fputc
_set_fmode
__p__commode
fgets
ftell
fflush
_read
_write
_close
feof
__acrt_iob_func
fwrite
_fileno
fclose
_open
_lseeki64
__stdio_common_vsscanf

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
exit
_seh_filter_exe
_beginthreadex
_register_onexit_function
_errno
_exit
_wassert
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
abort
_crt_atexit
__sys_nerr
__sys_errlist
terminate
_set_app_type
_get_initial_narrow_environment

api-ms-win-crt-convert-l1-1-0

wcstol
strtol
wcstombs
_ultow_s
strtoll
strtoul
atoi

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_time64

api-ms-win-crt-filesystem-l1-1-0

_access
_unlink
_fstat64
_stat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

234c7de5d4b912d74199eac7e40862f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

crypt32

ole32

comctl32

gdi32

dwmapi

shell32

ws2_32

ntdll

bcrypt

advapi32

uxtheme

shlwapi

oleaut32

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 6.0MB - Virtual size: 6.0MB

.data Size: 7KB - Virtual size: 12KB

.pdata Size: 179KB - Virtual size: 179KB

.rsrc Size: 144KB - Virtual size: 143KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 6.0MB - Virtual size: 6.0MB

.data
Size: 7KB - Virtual size: 12KB

.pdata
Size: 179KB - Virtual size: 179KB

.rsrc
Size: 144KB - Virtual size: 143KB

.reloc
Size: 35KB - Virtual size: 35KB