ef2c9e0d08f3419701982351581015d3b3da9884952abf0acd8a691df50f12b4

Sharing

Copy URL Twitter E-mail

General

Target

ef2c9e0d08f3419701982351581015d3b3da9884952abf0acd8a691df50f12b4
Size

17.4MB
MD5

ab5032ecca9a5d25efb63a11c87495ed
SHA1

d288d8831669764aca977cf92932b0202a82250e
SHA256

ef2c9e0d08f3419701982351581015d3b3da9884952abf0acd8a691df50f12b4
SHA512

e8d550717a615970703097abc0fb5af11381735ac63b9527c6b1f99c33932f8a3ca42fa46e1778f841b1ce2420966a56cca4f95e10d836531388acc4d69e2e90
SSDEEP

393216:JUX+R5FdwqZjxnlyYmkpW0wC+whwHo60iqyTqkv8oWRWPAw:SuhZCY1wshOo5gqkv8NRhw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/InstallNow_01234.exe

Files

ef2c9e0d08f3419701982351581015d3b3da9884952abf0acd8a691df50f12b4
.zip
InstallNow_01234.exe
.exe windows:6 windows x86 arch:x86

1c8e0e491a57db4455a78b37db499a12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
FlushFileBuffers
DeleteFileW
QueryPerformanceFrequency
FindNextFileW
CreateTimerQueueTimer
GetLogicalDriveStringsW
GetTimeFormatW
CreateEventW
GetLastError
CreateDirectoryW
GlobalUnlock
TlsFree
GetCurrentDirectoryW
GetCommandLineW
GetFileAttributesExW
DeleteTimerQueueTimer
WriteFile
SetEndOfFile
SignalObjectAndWait
GetCurrentThread
GetCurrentProcessId
GetTickCount64
SetLastError
GetSystemDirectoryW
SetThreadAffinityMask
EnumSystemLocalesW
GlobalFree
InitializeCriticalSectionAndSpinCount
CreateTimerQueue
SetThreadPriority
GetFileAttributesW
ReadFile
CompareStringW
GetDriveTypeW
SetEvent
SetPriorityClass
ResetEvent
SetEnvironmentVariableW
TerminateProcess
FindFirstFileW
WaitForMultipleObjects
GetNumaHighestNodeNumber
ReleaseSemaphore
SetFileAttributesW
FreeLibraryAndExitThread
CreateThread
GetDateFormatW
HeapAlloc
GetVersion
UnregisterWait
FormatMessageW
Sleep
DuplicateHandle
GetVersionExW
GetFullPathNameW
SetFileTime
ExitProcess
IsDebuggerPresent
GetThreadTimes
LocalFree
VirtualProtect
IsValidCodePage
SetStdHandle
TlsGetValue
LCMapStringW
MoveFileW
GetModuleHandleA
SleepEx
GetFileSize
FreeLibrary
PeekNamedPipe
ExitThread
GetSystemTimeAsFileTime
RaiseException
HeapFree
GetStartupInfoW
InterlockedPushEntrySList
CloseHandle
FindFirstFileExW
SetUnhandledExceptionFilter
CreateFileW
CreateSemaphoreW
InitializeSListHead
HeapSize
GetEnvironmentVariableA
WaitForSingleObjectEx
GetModuleFileNameW
IsProcessorFeaturePresent
DecodePointer
LoadLibraryExW
EncodePointer
GetThreadPriority
FileTimeToLocalFileTime
DeleteCriticalSection
SetFilePointer
VirtualFree
GetProcAddress
ChangeTimerQueueTimer
HeapReAlloc
FileTimeToSystemTime
MoveFileExW
CompareFileTime
RegisterWaitForSingleObject
IsValidLocale
VerSetConditionMask
WideCharToMultiByte
FindClose
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileSizeEx
FreeEnvironmentStringsW
GetLogicalProcessorInformation
QueryDepthSList
GetCurrentThreadId
InitializeCriticalSection
ReleaseSRWLockExclusive
GetTimeZoneInformation
GetACP
UnhandledExceptionFilter
GetCurrentProcess
WaitForSingleObject
GetConsoleMode
GlobalLock
lstrlenA
SetFilePointerEx
RemoveDirectoryW
GetCommandLineA
GetTickCount
TlsAlloc
InterlockedFlushSList
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
InterlockedPopEntrySList
GetFileInformationByHandle
GetFileType
GetProcessAffinityMask
InitializeCriticalSectionEx
GetLocaleInfoW
VerifyVersionInfoW
GetStdHandle
GetOEMCP
SwitchToThread
AcquireSRWLockExclusive
GetSystemInfo
VirtualAlloc
GetStringTypeW
LeaveCriticalSection
GlobalAlloc
LoadLibraryW
GetConsoleOutputCP
ReadConsoleW
TlsSetValue
GlobalMemoryStatus
lstrcatA
EnterCriticalSection
TryEnterCriticalSection
WriteConsoleW
GetCPInfo
MultiByteToWideChar
GetModuleHandleW
GetProcessHeap
UnregisterWaitEx
GetUserDefaultLCID

user32

GetParent
SetTimer
DialogBoxParamW
GetFocus
MessageBoxA
EnableWindow
SendMessageW
CheckDlgButton
MoveWindow
LoadStringW
GetWindowRect
GetKeyState
GetWindowLongW
SetWindowLongW
EmptyClipboard
SetClipboardData
KillTimer
wsprintfA
PostMessageW
InvalidateRect
MapDialogRect
SystemParametersInfoW
ShowWindow
CloseClipboard
MonitorFromWindow
MessageBoxW
SetFocus
ScreenToClient
EndDialog
CharUpperW
SetWindowTextW
OpenClipboard
SetDlgItemTextW
GetMonitorInfoA
GetDlgItem
LoadIconW
SetCursor
IsDlgButtonChecked
GetWindowTextLengthW
GetWindowTextW
LoadCursorW

advapi32

CloseServiceHandle
CryptAcquireContextW
CryptGetHashParam
CryptDestroyKey
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptCreateHash

shell32

SHBrowseForFolderW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance
OleInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CertEnumCertificatesInStore
CryptDecodeObjectEx
CertGetNameStringW
CertCloseStore
CertAddCertificateContextToStore
CertGetCertificateChain
CryptQueryObject
CertFreeCertificateChain
CryptStringToBinaryW
CertOpenStore
PFXImportCertStore
CertCreateCertificateChainEngine
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateContext
CertFreeCertificateChainEngine

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAEventSelect
getaddrinfo
getsockopt
send
WSACreateEvent
WSAIoctl
WSAWaitForMultipleEvents
socket
WSAResetEvent
WSACloseEvent
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
freeaddrinfo
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
WSAEnumNetworkEvents

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c8e0e491a57db4455a78b37db499a12

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 279KB - Virtual size: 278KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 97KB - Virtual size: 97KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 279KB - Virtual size: 278KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 97KB - Virtual size: 97KB