bec07529a6b87c7602c24de2b82648d748a3ce6f0eb27a0c4993b52669a75707

Sharing

Copy URL Twitter E-mail

General

Target

bec07529a6b87c7602c24de2b82648d748a3ce6f0eb27a0c4993b52669a75707
Size

3.9MB
MD5

910ac07fed10e8bb981b61621af542fe
SHA1

2afa00ebbe64369ef48bee3ef515b790afdb1255
SHA256

bec07529a6b87c7602c24de2b82648d748a3ce6f0eb27a0c4993b52669a75707
SHA512

db0cadd8153da7cf60f6b7e0673f60e5d5ea8f23fd34b2eb10b9b5b4980580afe0f00d69c4532971292a74dea09057901782e9c72be78f09e908a4dafc26fbb7
SSDEEP

98304:DqF6RYOecwckVPG8hRiCu/CVUdVEy9qMBNP/qxct8q:ueFwi4UdVEy9qMBNLt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bec07529a6b87c7602c24de2b82648d748a3ce6f0eb27a0c4993b52669a75707

Files

bec07529a6b87c7602c24de2b82648d748a3ce6f0eb27a0c4993b52669a75707
.exe windows:6 windows x86 arch:x86

7ba18ed33e33fbdd490e48e614c89d09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\Zipper\ZipperInstAndUinst\Inst\Install.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetDriveTypeW
WritePrivateProfileStringW
lstrcmpiW
LoadLibraryExW
GetCommandLineW
SwitchToThread
SystemTimeToFileTime
GetSystemTime
GetFileInformationByHandle
CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
CreateDirectoryW
SearchPathW
GetCurrentDirectoryW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThreadId
InitializeCriticalSectionEx
RaiseException
DecodePointer
lstrcpynW
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
K32GetProcessImageFileNameW
GetTickCount
GetCurrentProcess
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetModuleFileNameExW
WriteConsoleW
SetEndOfFile
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
MoveFileExW
MoveFileW
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetWindowsDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CloseHandle
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
IsDebuggerPresent
GetPrivateProfileStringW
LocalAlloc
GetSystemDirectoryW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
GetTempFileNameA
GetTempPathA
WriteFile
RtlUnwind
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
DeleteFileA
CreateFileA
GetDiskFreeSpaceExW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileAttributesExW
SetFilePointer
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
TerminateProcess
GetExitCodeProcess
CopyFileW
GetShortPathNameW
OutputDebugStringA
OutputDebugStringW
GetFileSizeEx
ResetEvent
GetSystemInfo
GetTempFileNameW
LocalFree
FormatMessageW
GetEnvironmentVariableW
GetVersionExW
FlushFileBuffers

user32

ReleaseDC
GetDC
ReleaseCapture
SetCapture
SetFocus
EndDialog
SetWindowPos
BeginPaint
SendMessageW
LoadImageW
SetForegroundWindow
GetSystemMetrics
GetActiveWindow
DialogBoxParamW
IsIconic
IsWindowVisible
GetMonitorInfoW
wsprintfW
MessageBoxW
SendMessageTimeoutW
SendNotifyMessageW
UnionRect
OffsetRect
EqualRect
DestroyCursor
DrawFocusRect
MoveWindow
UnregisterClassA
FindWindowW
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
FillRect
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DrawTextW
GetAsyncKeyState
GetFocus
UpdateLayeredWindow
ShowWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
DestroyWindow
MonitorFromWindow
IsDialogMessageW
LoadCursorW
GetWindow
GetParent
SetWindowLongW
CopyRect
CharLowerBuffW
GetShellWindow
LoadStringW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
GetWindowLongW
PtInRect
MapWindowPoints
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
SetTimer
PostQuitMessage

gdi32

DeleteDC
DeleteObject
SelectObject
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
CreateRectRgnIndirect
EnumFontFamiliesW
GetStockObject
RestoreDC
SaveDC
SelectClipRgn
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
RectVisible
CreateSolidBrush
OffsetViewportOrgEx
BitBlt

advapi32

CryptAcquireContextW
RegSetKeySecurity
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
GetSidSubAuthorityCount
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetSidSubAuthority
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
ConvertSidToStringSidW
LookupAccountNameW
LookupAccountSidW
EqualSid
GetUserNameW
RegDeleteKeyValueW
RegDeleteTreeW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeleteAce

shell32

ShellExecuteW
SHCreateDirectoryExW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
ord165
SHFileOperationW

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeSecurity
CoUninitialize
CoCreateGuid
CoCreateInstance
CLSIDFromProgID
CoInitializeEx
CreateStreamOnHGlobal
OleRun
CoSetProxyBlanket

oleaut32

VarBstrCmp
VariantClear
SysFreeString
SysAllocString
SysStringByteLen
VarUI4FromStr
SysStringLen
VariantInit
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
VariantCopy

shlwapi

PathIsPrefixW
SHSetValueW
PathIsDirectoryW
AssocQueryStringW
SHDeleteValueW
PathIsRootW
PathIsRelativeW
SHGetValueW
PathRemoveFileSpecW
wnsprintfW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathAppendW
PathRenameExtensionA
PathFindFileNameA
StrTrimA
SHDeleteKeyW
SHGetValueA
StrToIntExW
StrCmpIW
StrStrIW
StrStrIA
StrCmpNIW
SHSetValueA

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdiplusShutdown
GdiplusStartup

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupIterateCabinetW

Exports

Exports

InstallEntryW
_BasicEntry@12
_CreateApp@0
_Start@4
_Uninst@4

Sections

.text
Size: 967KB - Virtual size: 966KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ba18ed33e33fbdd490e48e614c89d09

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

setupapi

Exports

Exports

Sections

.text Size: 967KB - Virtual size: 966KB

.rdata Size: 214KB - Virtual size: 213KB

.data Size: 22KB - Virtual size: 44KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 967KB - Virtual size: 966KB

.rdata
Size: 214KB - Virtual size: 213KB

.data
Size: 22KB - Virtual size: 44KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 49KB - Virtual size: 49KB