64f48b0dda2a1830ade4cffd604ba81296f10a90794a3aa24b16e6ff64c29e55

Sharing

Copy URL Twitter E-mail

General

Target

64f48b0dda2a1830ade4cffd604ba81296f10a90794a3aa24b16e6ff64c29e55
Size

23.3MB
MD5

c037f39974edf5d76204b2717bc7716a
SHA1

1ef48fd5f8cd1dfaa1cb0dd4a72aa4a1918b0b34
SHA256

64f48b0dda2a1830ade4cffd604ba81296f10a90794a3aa24b16e6ff64c29e55
SHA512

a68fb1d26499d1ee03d2c1706e4369ef07d41b99edce9046bd5a9681d4e3f30284d895fef1023c2ae51f7ce8757524e70be9744c62c9df2fe8228915a5929353
SSDEEP

393216:uypvchUtjV8fNKEDH5XK8EZMis0ZgCGG6v+8+jNQnFfZhuv1pL0FQY2snce8fPUd:u0uE6b5XKFNfO3v+fSnFfypL0rb8U3qe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Installer_2025.exe

Files

64f48b0dda2a1830ade4cffd604ba81296f10a90794a3aa24b16e6ff64c29e55
.zip
Installer_2025.exe
.exe windows:6 windows x86 arch:x86

b0e4a6b8d2afd636ec883c271ebc53b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
HeapSize
ExitProcess
InterlockedFlushSList
GetCommandLineA
SignalObjectAndWait
HeapReAlloc
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
EnumSystemLocalesW
SetPriorityClass
GetThreadPriority
SwitchToThread
WideCharToMultiByte
RemoveDirectoryW
lstrlenA
ResetEvent
GlobalAlloc
DeleteCriticalSection
GetNumaHighestNodeNumber
GetStartupInfoW
VirtualFree
GetEnvironmentVariableA
MoveFileA
WaitForSingleObjectEx
CreateDirectoryW
AcquireSRWLockExclusive
IsProcessorFeaturePresent
GetACP
MultiByteToWideChar
QueryDepthSList
FindFirstFileExW
TlsAlloc
InterlockedDecrement
TerminateProcess
ExitThread
GetModuleHandleExW
ReleaseSemaphore
InterlockedPopEntrySList
GetUserDefaultLCID
CreateThread
GetSystemTimeAsFileTime
DeleteFileA
FreeEnvironmentStringsW
VerifyVersionInfoW
SleepEx
GetDateFormatW
InitializeCriticalSectionEx
ReadFile
GetSystemInfo
SetFileAttributesA
CreateSemaphoreA
ReleaseSRWLockExclusive
GlobalUnlock
SetFilePointer
GetModuleHandleW
SetEvent
CreateFileW
GetEnvironmentStringsW
DeleteTimerQueueTimer
DeleteFileW
LeaveCriticalSection
GetFileSize
GetVersion
GetLogicalDriveStringsW
SetLastError
GetCurrentProcessId
HeapFree
IsDebuggerPresent
FlushFileBuffers
TlsSetValue
RegisterWaitForSingleObject
GetCurrentThreadId
VirtualAlloc
InterlockedExchange
ReadConsoleW
SetEnvironmentVariableA
GetLastError
GetStdHandle
GetTickCount
QueryPerformanceFrequency
SetStdHandle
GetConsoleMode
SetEndOfFile
SetFileAttributesW
GetModuleHandleA
GetProcessAffinityMask
GetCurrentThread
IsValidLocale
IsValidCodePage
EncodePointer
GlobalLock
GetThreadTimes
EnterCriticalSection
FindFirstFileW
GlobalMemoryStatus
GetCurrentDirectoryA
CompareStringW
FindNextFileA
CreateFileA
InitializeCriticalSection
GetConsoleCP
RtlUnwind
QueryPerformanceCounter
ChangeTimerQueueTimer
RemoveDirectoryA
FreeLibrary
CreateTimerQueue
WriteConsoleW
DuplicateHandle
UnhandledExceptionFilter
GetFileAttributesA
GetOEMCP
GetLogicalDriveStringsA
CompareFileTime
VerSetConditionMask
RaiseException
AreFileApisANSI
DecodePointer
LCMapStringW
LoadLibraryExW
SetThreadPriority
UnregisterWait
CreateEventA
InterlockedIncrement
TlsGetValue
CreateSemaphoreW
GetModuleFileNameW
GetProcessHeap
SetFileTime
MoveFileExW
FormatMessageW
GetTimeZoneInformation
MoveFileW
CreateEventW
PeekNamedPipe
FormatMessageA
GetFullPathNameW
LoadLibraryW
FileTimeToLocalFileTime
GetDriveTypeW
VirtualProtect
CreateDirectoryA
FindNextFileW
LocalFree
GetCurrentProcess
GetProcAddress
TlsFree
GetFileAttributesW
SetUnhandledExceptionFilter
GetCommandLineW
HeapAlloc
GlobalFree
GetTimeFormatW
WaitForMultipleObjects
GetCPInfo
SetFilePointerEx
FindClose
FreeLibraryAndExitThread
SetThreadAffinityMask
GetModuleFileNameA
InitializeSListHead
OutputDebugStringW
GetFileAttributesExW
LoadLibraryA
GetFileSizeEx
Sleep
FindFirstFileA
FileTimeToSystemTime
UnregisterWaitEx
GetVersionExA
GetLocaleInfoW
CloseHandle
GetVersionExW
lstrcatA
InterlockedPushEntrySList
GetStringTypeW
GetTickCount64
WriteFile
GetCurrentDirectoryW
GetSystemDirectoryW
GetFileInformationByHandle
CreateTimerQueueTimer

user32

SetCursor
CharUpperW
GetWindowLongA
GetDlgItem
SendMessageW
CloseClipboard
InvalidateRect
MessageBoxW
CharUpperA
SystemParametersInfoA
SetFocus
GetParent
PostMessageA
EmptyClipboard
LoadCursorA
MonitorFromWindow
wsprintfA
GetWindowTextW
GetMonitorInfoA
CheckDlgButton
DialogBoxParamW
GetWindowTextLengthA
OpenClipboard
GetWindowTextLengthW
LoadStringW
LoadStringA
GetFocus
DialogBoxParamA
MapDialogRect
KillTimer
ScreenToClient
SetWindowTextW
SendMessageA
SetClipboardData
LoadIconA
EndDialog
GetWindowTextA
MessageBoxA
MoveWindow
SetWindowLongA
EnableWindow
SetWindowTextA
SetTimer
IsDlgButtonChecked
ShowWindow
GetKeyState
GetWindowRect

advapi32

CryptHashData
CloseServiceHandle
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptImportKey
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptEncrypt

shell32

SHGetPathFromIDListA
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize

oleaut32

SysStringLen
SysFreeString
VariantClear
SysAllocString
SysAllocStringLen

bcrypt

BCryptGenRandom

crypt32

CertOpenStore
CryptDecodeObjectEx
CryptQueryObject
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertFindCertificateInStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CertFindExtension
CertCreateCertificateChainEngine
CertGetNameStringW
CertAddCertificateContextToStore
CertCloseStore

wldap32

ord26
ord145
ord219
ord46
ord14
ord216
ord73
ord208
ord41
ord117
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301

ws2_32

WSASetLastError
getsockopt
send
WSACreateEvent
WSAIoctl
WSAResetEvent
WSACloseEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket
WSAGetLastError
ntohs
gethostname
WSAStartup
WSACleanup
setsockopt
getaddrinfo
htons
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
socket
freeaddrinfo
WSAEventSelect
recvfrom
sendto
getpeername
ioctlsocket

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0e4a6b8d2afd636ec883c271ebc53b2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 244KB - Virtual size: 243KB

.data Size: 15KB - Virtual size: 49KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 118KB - Virtual size: 118KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 244KB - Virtual size: 243KB

.data
Size: 15KB - Virtual size: 49KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 118KB - Virtual size: 118KB