8f4b352b4045ee2d71a2e340d95f6826db1aef7b547333b4c179bde26f6de687

Sharing

Copy URL Twitter E-mail

General

Target

8f4b352b4045ee2d71a2e340d95f6826db1aef7b547333b4c179bde26f6de687
Size

715KB
MD5

276fa98254cd4d19f6830a9287ad671a
SHA1

131e92dedafb51f9d0925fd56c6c71dcec8fc000
SHA256

8f4b352b4045ee2d71a2e340d95f6826db1aef7b547333b4c179bde26f6de687
SHA512

d5b5a8dd9ba9cdf08ab632283009547825c295a050cedef653c9eff20b96ba255d5180ba085368c73652074b639a27563d350eb0519f56ef2078444fd678391d
SSDEEP

12288:TB4ohEBzHxfLxnFKMqtzIdbz2qpZsOAZZGigOrsdG0MjbHB4oU:T2dpFxFKMLdbzlZsOOVfaMjr25

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f4b352b4045ee2d71a2e340d95f6826db1aef7b547333b4c179bde26f6de687

Files

8f4b352b4045ee2d71a2e340d95f6826db1aef7b547333b4c179bde26f6de687
.exe windows:5 windows x86 arch:x86

68606d81fff15cd0d48a226661307a5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\work\fe2b0740eca6e700\src\out\Release\lite_installer.exe.pdb

Imports

kernel32

OpenEventA
HeapFree
SetLastError
EnterCriticalSection
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentThreadId
OpenProcess
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WaitForSingleObject
SizeofResource
GetCurrentProcess
WriteFile
lstrcpynW
TerminateProcess
SetFilePointer
CreateFileW
CreateEventW
SetEvent
LockResource
DeleteFileW
CloseHandle
ResetEvent
LoadResource
FindResourceW
lstrcpynA
CreateProcessW
CreateEventA
GetTickCount
GetExitCodeProcess
ReadFile
GetUserDefaultUILanguage
SetEndOfFile
GetTempPathW
CreateMutexW
GetFileAttributesW
ReleaseMutex
GetModuleHandleA
GetDiskFreeSpaceExW
FindResourceExW
GetProcAddress
SetFilePointerEx
IsProcessorFeaturePresent
GetFileSize
GetTempFileNameW
GetModuleFileNameW
SetDllDirectoryW
VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
ResumeThread
CreateToolhelp32Snapshot
Sleep
FlushInstructionCache
ExpandEnvironmentStringsW
LoadLibraryExW
GetGeoInfoW
GetUserGeoID
GetCommandLineW
LocalFree
OpenEventW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
FreeLibrary
lstrcmpiW
LoadLibraryW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
MoveFileW
GetVersionExW
GetNativeSystemInfo
GetLocalTime
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetFileSizeEx
FlushFileBuffers
QueryUnbiasedInterruptTime
FileTimeToSystemTime
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
SetHandleInformation
GetStdHandle
AssignProcessToJobObject
GetProcessId
Process32NextW
Process32FirstW
IsDebuggerPresent
CreateThread
GetModuleHandleExW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetSystemInfo
FormatMessageW
lstrcmpA
LoadLibraryExA
WideCharToMultiByte
EncodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
OutputDebugStringW
WaitForSingleObjectEx
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ExitProcess
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68606d81fff15cd0d48a226661307a5e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 399KB - Virtual size: 398KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 4KB - Virtual size: 14KB

.didat Size: 1024B - Virtual size: 660B

.tls Size: 512B - Virtual size: 9B

SHARED Size: 512B - Virtual size: 4B

Shared Size: 3KB - Virtual size: 3KB

.rsrc Size: 133KB - Virtual size: 133KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 399KB - Virtual size: 398KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 4KB - Virtual size: 14KB

.didat
Size: 1024B - Virtual size: 660B

.tls
Size: 512B - Virtual size: 9B

SHARED
Size: 512B - Virtual size: 4B

Shared
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 133KB - Virtual size: 133KB

.reloc
Size: 17KB - Virtual size: 17KB