HeatDistortionInstaller[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

HeatDistortionInstaller.rar
Size

1.8MB
MD5

cb2891a95d3209a4258295bfdd9ca16b
SHA1

60ddc9831258e8ec0766c303a05d5c43a68f45fb
SHA256

bf0a080ad12c1d8b089344c7fd95e5e7b0f010601f5f15ded43e699e1b3591ed
SHA512

0fa14c9d9196fbb1b5fad2651632478a9627453f7976cb61d139474a49b255b697a15123b5ca29e1d461a20b50eea0dd44652455224f09b21dac5b4fb8eb3506
SSDEEP

24576:5gh1tk2DE2IYT6pS8BIHt6rtNo5j8lsIat88zFfNXjEDvkdMn8BEXgaFUjHk0cdw:5ga72/uE6it6tCC3aCcfNQki8aX2Ed5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HeatDistortionInstaller/HeatDistortion.aex
unpack001/HeatDistortionInstaller/HeatDistortionInstaller1.0.30_Win.exe

Files

HeatDistortionInstaller.rar
.rar
HeatDistortionInstaller/HeatDistortion.aex
.dll windows:6 windows x64 arch:x64

f5959b45239ccad65c6d481682becebb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\heat\win\x64\Release\HeatDistortion.pdb

Imports

kernel32

GetVersionExA
FormatMessageA
CloseHandle
WaitForSingleObject
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
FreeLibrary
GetProcAddress
WaitForMultipleObjects
LoadLibraryA
ExpandEnvironmentStringsA
SleepEx
QueryPerformanceCounter
GetLastError
GetCurrentProcess
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
Sleep
GetTempPathW
DeleteCriticalSection
SetEndOfFile
SetEnvironmentVariableA
WriteConsoleW
GetCurrentDirectoryW
GetFullPathNameW
LoadLibraryW
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
GetConsoleCP
SystemTimeToTzSpecificLocalTime
GetLocalTime
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetTickCount
LocalFree
GetCurrentThread
CreateDirectoryW
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WriteFile
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
OutputDebugStringW
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetProcessHeap
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
GetDriveTypeW
GetSystemInfo
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetModuleHandleW
MulDiv
GlobalLock
GlobalAlloc
GlobalUnlock
FindClose
GetFileAttributesW
WideCharToMultiByte
DuplicateHandle
GetExitCodeThread
GetSystemTimeAsFileTime
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetCPInfo
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
RtlPcToFileHeader
RaiseException
HeapReAlloc
CreateThread
ExitThread
LoadLibraryExW
SetFilePointerEx
FileTimeToLocalFileTime
GetFileInformationByHandle
FileTimeToSystemTime
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait

user32

SetWindowTextW
EnableWindow
UpdateWindow
MessageBoxW
SetWindowLongPtrW
MapVirtualKeyW
GetKeyboardLayout
DestroyCaret
CreateCaret
TrackPopupMenuEx
AppendMenuW
CreatePopupMenu
AppendMenuA
IsWindowVisible
SetMenuItemInfoW
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
MessageBeep
EndPaint
GetClientRect
BeginPaint
DestroyWindow
SetTimer
GetWindowRect
GetDC
SetCapture
GetSystemMetrics
ReleaseCapture
AdjustWindowRectEx
CreateWindowExW
ShowWindow
SetWindowPos
GetDesktopWindow
MonitorFromWindow
PeekMessageW
InvalidateRect
KillTimer
TrackMouseEvent
GetWindowLongPtrW
SetFocus
WaitMessage
GetUpdateRect
RegisterClassExW
DestroyMenu
GetCursorPos
ReleaseDC
ValidateRect
LoadCursorW
ScreenToClient
SetCursor
GetKeyState
DispatchMessageW
GetWindow
DefWindowProcW
GetMonitorInfoW
TranslateMessage

advapi32

CryptCreateHash
CryptAcquireContextA
CryptDestroyHash
CryptHashData
CryptGetHashParam
CryptGenRandom
CryptReleaseContext

shell32

ShellExecuteW
SHCreateItemFromParsingName
SHGetFolderPathW
DragQueryFileW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx
RevokeDragDrop
CoLockObjectExternal
OleInitialize
OleUninitialize
ReleaseStgMedium
RegisterDragDrop

oleaut32

SysAllocString
SysFreeString
VariantClear

d2d1

ord1

dbghelp

MiniDumpWriteDump

imm32

ImmGetVirtualKey
ImmGetCompositionStringW
ImmAssociateContext
ImmAssociateContextEx
ImmIsIME
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmNotifyIME

ws2_32

getsockname
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
WSAStartup
WSACleanup
recv
send
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
bind
closesocket
connect
getpeername
socket
getsockopt
htons
ntohs
setsockopt

wldap32

ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

dwrite

DWriteCreateFactory

gdi32

GetDeviceCaps

Exports

Exports

PluginMain
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HeatDistortionInstaller/HeatDistortion.license
HeatDistortionInstaller/HeatDistortionInstaller1.0.30_Win.exe
.exe windows:5 windows x86 arch:x86

bc1b0ad31fd6e41c03c705d669c52d74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\element\Installer\Release\ElementInstaller.pdb

Imports

kernel32

GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadLibraryW
CreateMutexW
ReleaseMutex
GetSystemTimeAsFileTime
Sleep
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetOEMCP
QueryPerformanceCounter
IsValidCodePage
GetProcessHeap
HeapSize
GetModuleHandleExW
ExitProcess
GetStdHandle
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetProcAddress
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
InitializeCriticalSectionAndSpinCount
HeapAlloc
RtlUnwind
RaiseException
GetCommandLineW
ResumeThread
ExitThread
CreateThread
HeapFree
GetLastError
GetStringTypeW
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LocalFree
CreateDirectoryW
LockResource
SizeofResource
CloseHandle
WriteFile
CreateFileW
GetTempPathW
LoadResource
FindResourceW
WaitForSingleObject
GetCurrentProcess
IsWow64Process
GetModuleHandleW
GetACP
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement

user32

GetCapture
BeginPaint
GetClientRect
EndPaint
ReleaseDC
CreatePopupMenu
DestroyMenu
ClientToScreen
TrackPopupMenuEx
InsertMenuItemW
RedrawWindow
UpdateWindow
IsWindowVisible
ShowWindow
SetWindowLongW
DestroyWindow
EnableWindow
IsWindowEnabled
SetCapture
ReleaseCapture
GetCursorPos
MessageBoxW
SetFocus
GetFocus
GetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
MoveWindow
GetWindowRect
CallWindowProcW
SetCursor
GetDC
SetTimer
KillTimer
GetUpdateRect
ValidateRect
SendMessageW
LoadImageW
ScreenToClient
InvalidateRect
TrackMouseEvent
AdjustWindowRectEx
WaitMessage
PeekMessageW
IsDialogMessageW
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
DispatchMessageW
TranslateMessage

gdi32

CreateFontIndirectW
SetBkMode
SetTextColor
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush

advapi32

SetSecurityInfo
SetEntriesInAclW
AllocateAndInitializeSid
GetSecurityInfo
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
FreeSid

shell32

DragFinish
ShellExecuteExW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW

ole32

CreateStreamOnHGlobal

gdiplus

GdiplusShutdown
GdipFree
GdipDisposeImage
GdiplusStartup
GdipCloneImage
GdipDeleteFontFamily
GdipGetLogFontW
GdipDrawString
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawLineI
GdipSetLineWrapMode
GdipCreateLineBrushFromRectI
GdipDrawRectangleI
GdipSetClipRectI
GdipMeasureString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipCreateFontFamilyFromName
GdipAlloc
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCreatePen1
GdipDeleteFont
GdipDeletePen
GdipCreateFromHWND
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill

dbghelp

MiniDumpWriteDump

shlwapi

SHRegGetValueW

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HeatDistortionInstaller/License_Agreement.pdf
.pdf

Sharing

General

Malware Config

Signatures

Files

f5959b45239ccad65c6d481682becebb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

d2d1

dbghelp

imm32

ws2_32

wldap32

dwrite

gdi32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 338KB - Virtual size: 337KB

.data Size: 48KB - Virtual size: 81KB

.pdata Size: 55KB - Virtual size: 55KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 10KB - Virtual size: 10KB

bc1b0ad31fd6e41c03c705d669c52d74

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

dbghelp

shlwapi

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 338KB - Virtual size: 337KB

.data
Size: 48KB - Virtual size: 81KB

.pdata
Size: 55KB - Virtual size: 55KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 47KB - Virtual size: 47KB