AWCCInstallationManager[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AWCCInstallationManager.exe
Size

6.0MB
MD5

321c93c8eb53657db0148fa400290e9a
SHA1

fbe34bd4d839befb137d3da959ec616cbc829abf
SHA256

ee1a922ac8cd39f967471eb460bdf49f344cdf43de207240d4b0d5f84df52927
SHA512

40065068d2d473e773ad6e4946ac1735581c9868f2410528aa24cd40bb019b2ae24be9b5b0ac39ed46c6eec4318eabcde45dad81e08e7c102912593450e874b4
SSDEEP

196608:ySde5gVO3P3oEpVAe6BC+4NJVIEIU642i:y75gVOPbVD6BC+4zVIZUjV

Score

1^/10

Malware Config

Signatures

Files

AWCCInstallationManager.exe
.exe windows:5 windows x86 arch:x86

756ddd8988f7edd7bb0217329366a12a

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:5a:e1:bb:24:25:cd:25:c8:b4:fc:c5:8e:6f:c0:1a
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

15/11/2022, 21:46

Not After

03/12/2024, 21:46

Subject

SERIALNUMBER=2141541,CN=Dell Inc,OU=Alienware,O=Dell Inc,L=Round Rock,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

be:60:72:f7:bc:ef:d3:cc:2b:23:1a:05:24:f2:ef:43:ec:a9:44:a2:fc:7c:62:c4:e8:db:fa:b6:24:ec:1a:c1
Signer

Actual PE Digest

be:60:72:f7:bc:ef:d3:cc:2b:23:1a:05:24:f2:ef:43:ec:a9:44:a2:fc:7c:62:c4:e8:db:fa:b6:24:ec:1a:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CodeBases\isdev\redist\language independent\i386\SetupSuite.pdb

Imports

kernel32

WaitForSingleObject
GetExitCodeThread
MoveFileExW
CreateNamedPipeW
GetDriveTypeW
WriteFile
SetEvent
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
CopyFileW
GetUserDefaultLangID
OpenEventW
DeleteCriticalSection
RaiseException
DecodePointer
GetCurrentThreadId
InitializeCriticalSectionEx
GetFileAttributesW
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
ReleaseMutex
CompareStringA
VirtualQuery
GetSystemInfo
IsBadReadPtr
GetFileTime
SetFileAttributesW
FlushFileBuffers
GetUserDefaultLCID
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetACP
GetSystemDefaultLangID
LoadLibraryW
WritePrivateProfileStringW
GetModuleHandleExW
ConnectNamedPipe
GetCurrentProcessId
ExitProcess
VirtualAlloc
GetFullPathNameW
GetTempPathW
GetVersionExW
FileTimeToLocalFileTime
SystemTimeToFileTime
SetFilePointer
CreateEventW
QueryPerformanceFrequency
FindFirstFileW
FindClose
ReadFile
FileTimeToSystemTime
FreeLibrary
GetEnvironmentVariableW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
LocalFree
GetModuleFileNameW
RemoveDirectoryW
DeleteFileW
CloseHandle
CreateMutexW
UnmapViewOfFile
WideCharToMultiByte
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
lstrlenA
FormatMessageW
MultiByteToWideChar
SetLastError
GetLastError
LoadLibraryA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleW
GetProcessHeap
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
LocalAlloc
GetCurrentThread
lstrlenW
lstrcatW
lstrcpyW
lstrcpynW
lstrcmpiW
GetTickCount
ResetEvent
QueryPerformanceCounter
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
GetOEMCP
IsValidCodePage
GetCPInfo
LCMapStringW
CompareStringW
GetFileType
GetStringTypeW
GetStdHandle
VirtualProtect
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
GetTimeFormatW
GetDateFormatW
InitializeCriticalSectionAndSpinCount
GetVersion
GetCurrentDirectoryW
CompareFileTime
GetTempFileNameW
SetFileTime
GetProcessTimes
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
OpenProcess
LoadLibraryExW

user32

CharUpperW
wsprintfW
GetDesktopWindow
PostThreadMessageW
WaitForInputIdle
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageW
MsgWaitForMultipleObjectsEx
MessageBoxW
ExitWindowsEx
GetGUIThreadInfo
MsgWaitForMultipleObjects
CharLowerW

advapi32

OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegOverridePredefKey
RegEnumValueW
SetEntriesInAclW
OpenThreadToken
EqualSid
GetTokenInformation
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW

shell32

SHGetKnownFolderPath
SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoAddRefServerProcess
CoCreateInstance
CoReleaseServerProcess
CLSIDFromProgID

oleaut32

SafeArrayGetLBound
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetElement
SafeArrayPutElement
VariantTimeToSystemTime
VariantChangeTypeEx
GetErrorInfo
LoadTypeLi
LoadRegTypeLi
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SystemTimeToVariantTime
VariantChangeType
BSTR_UserMarshal
SafeArrayGetUBound
BSTR_UserUnmarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserFree
BSTR_UserSize
SysAllocString
VariantCopy
VariantClear
VariantInit
SysStringLen
SysReAllocStringLen
SysAllocStringLen
SysFreeString
RegisterTypeLi
UnRegisterTypeLi
VARIANT_UserMarshal
SafeArrayCreate

shlwapi

PathFileExistsW
SHCreateStreamOnFileW
PathFindFileNameW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
IUnknown_Release_Proxy
NdrOleFree
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
NdrOleAllocate

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

756ddd8988f7edd7bb0217329366a12a

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

22:5a:e1:bb:24:25:cd:25:c8:b4:fc:c5:8e:6f:c0:1aCertificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04Certificate

Extended Key Usages

Key Usages

be:60:72:f7:bc:ef:d3:cc:2b:23:1a:05:24:f2:ef:43:ec:a9:44:a2:fc:7c:62:c4:e8:db:fa:b6:24:ec:1a:c1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.orpc Size: 512B - Virtual size: 418B

.rdata Size: 368KB - Virtual size: 368KB

.data Size: 22KB - Virtual size: 25KB

.didat Size: 512B - Virtual size: 248B

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 93KB - Virtual size: 92KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

22:5a:e1:bb:24:25:cd:25:c8:b4:fc:c5:8e:6f:c0:1a
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

be:60:72:f7:bc:ef:d3:cc:2b:23:1a:05:24:f2:ef:43:ec:a9:44:a2:fc:7c:62:c4:e8:db:fa:b6:24:ec:1a:c1
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.orpc
Size: 512B - Virtual size: 418B

.rdata
Size: 368KB - Virtual size: 368KB

.data
Size: 22KB - Virtual size: 25KB

.didat
Size: 512B - Virtual size: 248B

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 93KB - Virtual size: 92KB