f5b48556f88f7f81fd705dcbfe9dc3116399a3365eb66c2e0acc7dc154e761dc

Sharing

Copy URL Twitter E-mail

General

Target

f5b48556f88f7f81fd705dcbfe9dc3116399a3365eb66c2e0acc7dc154e761dc
Size

17.4MB
MD5

b99a80edeefce1fac3cda18ae13066ce
SHA1

b8159a86a97b9c90bfe013936f63792bc6b65818
SHA256

f5b48556f88f7f81fd705dcbfe9dc3116399a3365eb66c2e0acc7dc154e761dc
SHA512

764eea96fd65a1665b90f39e83c8be335010776bc2f8f602ba6126a0f8a19f37488a6a49e9b7603df4fa401d8d1f53f1be5faa1143fda442f6077c3ec5b5d7b1
SSDEEP

393216:UkdZjxnlyYmkpW0wC+whwHo60iqyTqkv8oWRWIQA:U2ZCY1wshOo5gqkv8NRkA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/InstallNow_01234.exe

Files

f5b48556f88f7f81fd705dcbfe9dc3116399a3365eb66c2e0acc7dc154e761dc
.zip
InstallNow_01234.exe
.exe windows:6 windows x86 arch:x86

1c8e0e491a57db4455a78b37db499a12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
FlushFileBuffers
DeleteFileW
QueryPerformanceFrequency
FindNextFileW
CreateTimerQueueTimer
GetLogicalDriveStringsW
GetTimeFormatW
CreateEventW
GetLastError
CreateDirectoryW
GlobalUnlock
TlsFree
GetCurrentDirectoryW
GetCommandLineW
GetFileAttributesExW
DeleteTimerQueueTimer
WriteFile
SetEndOfFile
SignalObjectAndWait
GetCurrentThread
GetCurrentProcessId
GetTickCount64
SetLastError
GetSystemDirectoryW
SetThreadAffinityMask
EnumSystemLocalesW
GlobalFree
InitializeCriticalSectionAndSpinCount
CreateTimerQueue
SetThreadPriority
GetFileAttributesW
ReadFile
CompareStringW
GetDriveTypeW
SetEvent
SetPriorityClass
ResetEvent
SetEnvironmentVariableW
TerminateProcess
FindFirstFileW
WaitForMultipleObjects
GetNumaHighestNodeNumber
ReleaseSemaphore
SetFileAttributesW
FreeLibraryAndExitThread
CreateThread
GetDateFormatW
HeapAlloc
GetVersion
UnregisterWait
FormatMessageW
Sleep
DuplicateHandle
GetVersionExW
GetFullPathNameW
SetFileTime
ExitProcess
IsDebuggerPresent
GetThreadTimes
LocalFree
VirtualProtect
IsValidCodePage
SetStdHandle
TlsGetValue
LCMapStringW
MoveFileW
GetModuleHandleA
SleepEx
GetFileSize
FreeLibrary
PeekNamedPipe
ExitThread
GetSystemTimeAsFileTime
RaiseException
HeapFree
GetStartupInfoW
InterlockedPushEntrySList
CloseHandle
FindFirstFileExW
SetUnhandledExceptionFilter
CreateFileW
CreateSemaphoreW
InitializeSListHead
HeapSize
GetEnvironmentVariableA
WaitForSingleObjectEx
GetModuleFileNameW
IsProcessorFeaturePresent
DecodePointer
LoadLibraryExW
EncodePointer
GetThreadPriority
FileTimeToLocalFileTime
DeleteCriticalSection
SetFilePointer
VirtualFree
GetProcAddress
ChangeTimerQueueTimer
HeapReAlloc
FileTimeToSystemTime
MoveFileExW
CompareFileTime
RegisterWaitForSingleObject
IsValidLocale
VerSetConditionMask
WideCharToMultiByte
FindClose
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileSizeEx
FreeEnvironmentStringsW
GetLogicalProcessorInformation
QueryDepthSList
GetCurrentThreadId
InitializeCriticalSection
ReleaseSRWLockExclusive
GetTimeZoneInformation
GetACP
UnhandledExceptionFilter
GetCurrentProcess
WaitForSingleObject
GetConsoleMode
GlobalLock
lstrlenA
SetFilePointerEx
RemoveDirectoryW
GetCommandLineA
GetTickCount
TlsAlloc
InterlockedFlushSList
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
InterlockedPopEntrySList
GetFileInformationByHandle
GetFileType
GetProcessAffinityMask
InitializeCriticalSectionEx
GetLocaleInfoW
VerifyVersionInfoW
GetStdHandle
GetOEMCP
SwitchToThread
AcquireSRWLockExclusive
GetSystemInfo
VirtualAlloc
GetStringTypeW
LeaveCriticalSection
GlobalAlloc
LoadLibraryW
GetConsoleOutputCP
ReadConsoleW
TlsSetValue
GlobalMemoryStatus
lstrcatA
EnterCriticalSection
TryEnterCriticalSection
WriteConsoleW
GetCPInfo
MultiByteToWideChar
GetModuleHandleW
GetProcessHeap
UnregisterWaitEx
GetUserDefaultLCID

user32

GetParent
SetTimer
DialogBoxParamW
GetFocus
MessageBoxA
EnableWindow
SendMessageW
CheckDlgButton
MoveWindow
LoadStringW
GetWindowRect
GetKeyState
GetWindowLongW
SetWindowLongW
EmptyClipboard
SetClipboardData
KillTimer
wsprintfA
PostMessageW
InvalidateRect
MapDialogRect
SystemParametersInfoW
ShowWindow
CloseClipboard
MonitorFromWindow
MessageBoxW
SetFocus
ScreenToClient
EndDialog
CharUpperW
SetWindowTextW
OpenClipboard
SetDlgItemTextW
GetMonitorInfoA
GetDlgItem
LoadIconW
SetCursor
IsDlgButtonChecked
GetWindowTextLengthW
GetWindowTextW
LoadCursorW

advapi32

CloseServiceHandle
CryptAcquireContextW
CryptGetHashParam
CryptDestroyKey
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptCreateHash

shell32

SHBrowseForFolderW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance
OleInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CertEnumCertificatesInStore
CryptDecodeObjectEx
CertGetNameStringW
CertCloseStore
CertAddCertificateContextToStore
CertGetCertificateChain
CryptQueryObject
CertFreeCertificateChain
CryptStringToBinaryW
CertOpenStore
PFXImportCertStore
CertCreateCertificateChainEngine
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateContext
CertFreeCertificateChainEngine

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAEventSelect
getaddrinfo
getsockopt
send
WSACreateEvent
WSAIoctl
WSAWaitForMultipleEvents
socket
WSAResetEvent
WSACloseEvent
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
freeaddrinfo
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
WSAEnumNetworkEvents

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c8e0e491a57db4455a78b37db499a12

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 279KB - Virtual size: 278KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 97KB - Virtual size: 97KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 279KB - Virtual size: 278KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 97KB - Virtual size: 97KB