6af97a29cdb808c3e51fb1a635e31f91c2be73328607bce19c483e0e1b64954b

Sharing

Copy URL Twitter E-mail

General

Target

6af97a29cdb808c3e51fb1a635e31f91c2be73328607bce19c483e0e1b64954b
Size

5.0MB
MD5

d982cf9cf5f08bd7a6c5e1e46fe4ea43
SHA1

0dce84f324206680f592a339749bb60c3ce344cd
SHA256

6af97a29cdb808c3e51fb1a635e31f91c2be73328607bce19c483e0e1b64954b
SHA512

318bf934738ada1d2f59918f6bb73e5a0acf195bc5ad898a9a154d603556ac04c03e48306e5c904c212b68825207cdb9e3e4ee21bef0ee68e5e078b1d0619ec8
SSDEEP

98304:q6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwww4:+AkwSf7Int6W8/K89mZHvX7H4HxgBfcK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6af97a29cdb808c3e51fb1a635e31f91c2be73328607bce19c483e0e1b64954b

Files

6af97a29cdb808c3e51fb1a635e31f91c2be73328607bce19c483e0e1b64954b
.dll windows:5 windows x86 arch:x86

c5da1b6d09c0008b51da7f020f3631df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

installer_lib.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AllocConsole
AssignProcessToJobObject
CallbackMayRunLong
CancelIo
CloseHandle
CloseThreadpool
CloseThreadpoolWork
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMailslotW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateSemaphoreW
CreateThread
CreateThreadpool
CreateThreadpoolWork
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FindResourceExW
FindResourceW
FlsAlloc
FlsSetValue
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHandleCount
GetProcessHeap
GetProcessId
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadId
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalUnlock
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetPerformanceInfo
K32GetProcessImageFileNameW
K32GetProcessMemoryInfo
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockFileEx
LockResource
MapViewOfFile
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
OpenEventW
OpenMutexW
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResumeThread
RtlCaptureStackBackTrace
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetProcessShutdownParameters
SetStdHandle
SetThreadPriority
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SleepEx
SubmitThreadpoolWork
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryAcquireSRWLockExclusive
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFileEx
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolWorkCallbacks
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpA
lstrcmpiW
lstrlenW

user32

AllowSetForegroundWindow
BeginPaint
CallNextHookEx
CallWindowProcW
CharLowerW
CharNextW
CharUpperW
ClientToScreen
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumDisplayMonitors
EnumThreadWindows
FillRect
FindWindowExW
GetActiveWindow
GetAsyncKeyState
GetClientRect
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetGuiResources
GetMessageW
GetMonitorInfoW
GetNextDlgGroupItem
GetParent
GetQueueStatus
GetSystemMenu
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InvalidateRect
IsChild
IsWindowEnabled
IsWindowVisible
KillTimer
LoadCursorW
LoadIconW
LoadStringW
MapWindowPoints
MessageBoxW
MonitorFromPoint
MonitorFromWindow
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RegisterClassExW
RegisterClassW
RegisterHotKey
ReleaseCapture
ReleaseDC
ScreenToClient
SendInput
SendMessageW
SendNotifyMessageW
SetCapture
SetCursor
SetFocus
SetForegroundWindow
SetProcessDPIAware
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UnregisterHotKey
WaitForInputIdle
wsprintfW

gdi32

BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontW
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
ExtSelectClipRgn
GetDeviceCaps
GetObjectW
GetStockObject
LineTo
MoveToEx
OffsetRgn
RoundRect
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetStretchBltMode
SetTextColor
StretchBlt

advapi32

AccessCheck
AdjustTokenPrivileges
AllocateAndInitializeSid
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
BuildTrusteeWithSidW
CheckTokenMembership
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserW
DuplicateToken
EqualSid
EventRegister
EventUnregister
EventWrite
FreeSid
GetExplicitEntriesFromAclW
GetLengthSid
GetNamedSecurityInfoW
GetTokenInformation
GetUserNameW
ImpersonateNamedPipeClient
IsValidSid
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegGetKeySecurity
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RevertToSelf
SetEntriesInAclW
SetNamedSecurityInfoW
SystemFunction036

shell32

CommandLineToArgvW
ord190
ord155
SHBrowseForFolderW
SHChangeNotify
SHCreateItemFromParsingName
SHGetDesktopFolder
SHGetFolderPathW
SHGetKnownFolderPath
SHGetPathFromIDListW
SHOpenWithDialog
ShellExecuteA
ShellExecuteExW
ShellExecuteW

ole32

CoAllowSetForegroundWindow
CoCreateInstance
CoInitializeEx
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CreateStreamOnHGlobal
IIDFromString
PropVariantClear
StringFromGUID2

msimg32

AlphaBlend
GradientFill

comctl32

ord413
ord412
ord410

gdiplus

GdipAddPathArc
GdipAddPathLine
GdipAddPathLineI
GdipAlloc
GdipCloneBrush
GdipCloneImage
GdipClosePathFigure
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateMatrix2
GdipCreatePath
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePen
GdipDisposeImage
GdipDrawEllipse
GdipDrawPath
GdipFillEllipse
GdipFillPath
GdipFillRectangle
GdipFree
GdipSetSmoothingMode
GdipTransformPath
GdiplusShutdown
GdiplusStartup

dbghelp

MiniDumpWriteDump
SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

secur32

GetUserNameExW

wininet

HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetErrorDlg
InternetOpenW
InternetReadFile
InternetSetStatusCallbackW

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertGetNameStringW
CryptBinaryToStringW
CryptDecodeObject
CryptHashCertificate
CryptMsgClose
CryptMsgGetParam
CryptQueryObject

wintrust

WinVerifyTrust

oleaut32

SafeArrayCreate
SafeArrayGetVartype
SafeArrayPutElement
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringByteLen
VarUI4FromStr
VariantClear
VariantInit
VariantTimeToSystemTime

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathMatchSpecW
SHDeleteKeyW

ncrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptOpenAlgorithmProvider

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

propsys

InitPropVariantFromCLSID

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpWriteData

Exports

Exports

GetHandleVerifier
RunInstaller

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 181B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 350B

CPADinfo
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5da1b6d09c0008b51da7f020f3631df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

comctl32

gdiplus

dbghelp

secur32

wininet

crypt32

wintrust

oleaut32

version

shlwapi

ncrypt

userenv

propsys

winmm

winhttp

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 584KB - Virtual size: 583KB

.data Size: 17KB - Virtual size: 94KB

.00cfg Size: 512B - Virtual size: 4B

.rodata Size: 512B - Virtual size: 128B

.tls Size: 512B - Virtual size: 181B

.voltbl Size: 512B - Virtual size: 350B

CPADinfo Size: 512B - Virtual size: 48B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 92KB - Virtual size: 91KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 584KB - Virtual size: 583KB

.data
Size: 17KB - Virtual size: 94KB

.00cfg
Size: 512B - Virtual size: 4B

.rodata
Size: 512B - Virtual size: 128B

.tls
Size: 512B - Virtual size: 181B

.voltbl
Size: 512B - Virtual size: 350B

CPADinfo
Size: 512B - Virtual size: 48B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 92KB - Virtual size: 91KB