e88a4b04c0c5565a9ef80b23e70466a34411c1000f4e990f79bd823848bdb023

Sharing

Copy URL Twitter E-mail

General

Target

e88a4b04c0c5565a9ef80b23e70466a34411c1000f4e990f79bd823848bdb023
Size

757KB
MD5

496e0617af32ab4ede439f5f10aa1ff8
SHA1

bb6e29795848db79e5feb786254102f3f81c9b8d
SHA256

e88a4b04c0c5565a9ef80b23e70466a34411c1000f4e990f79bd823848bdb023
SHA512

40b14138b8e42edf3af1b583ca816418000626de7162f5f56eb8cf7509368e5d09c4206002929e7f4a1ddb44d4f58063dbf64aa2026e59836420941a9d8369f8
SSDEEP

12288:C/d1QoLttT62Pv+lnZ5MnP0wC3wn128Ta8B9OO2va0iepXhI:C11QW/TBS5MdC3wI8Tao9d2va0iKXh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e88a4b04c0c5565a9ef80b23e70466a34411c1000f4e990f79bd823848bdb023

Files

e88a4b04c0c5565a9ef80b23e70466a34411c1000f4e990f79bd823848bdb023
.exe windows:5 windows x86 arch:x86

2994879adee5d2c1a8d4f943fe8edcda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\work\fe2b0740eca6e700\src\out\Release\lite_installer.exe.pdb

Imports

kernel32

OpenEventA
HeapFree
SetLastError
EnterCriticalSection
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentThreadId
OpenProcess
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WaitForSingleObject
SizeofResource
GetCurrentProcess
WriteFile
lstrcpynW
TerminateProcess
SetFilePointer
CreateFileW
CreateEventW
SetEvent
LockResource
DeleteFileW
CloseHandle
ResetEvent
LoadResource
FindResourceW
lstrcpynA
CreateProcessW
CreateEventA
GetTickCount
GetExitCodeProcess
ReadFile
GetUserDefaultUILanguage
SetEndOfFile
GetTempPathW
CreateMutexW
GetFileAttributesW
ReleaseMutex
GetModuleHandleA
GetDiskFreeSpaceExW
FindResourceExW
GetProcAddress
SetFilePointerEx
IsProcessorFeaturePresent
GetFileSize
GetTempFileNameW
GetModuleFileNameW
SetDllDirectoryW
VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
ResumeThread
CreateToolhelp32Snapshot
Sleep
FlushInstructionCache
ExpandEnvironmentStringsW
LoadLibraryExW
GetGeoInfoW
GetUserGeoID
GetCommandLineW
LocalFree
OpenEventW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
FreeLibrary
lstrcmpiW
LoadLibraryW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
MoveFileW
GetVersionExW
GetNativeSystemInfo
GetLocalTime
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetFileSizeEx
FlushFileBuffers
QueryUnbiasedInterruptTime
FileTimeToSystemTime
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
SetHandleInformation
GetStdHandle
AssignProcessToJobObject
GetProcessId
Process32NextW
Process32FirstW
IsDebuggerPresent
CreateThread
GetModuleHandleExW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetSystemInfo
FormatMessageW
SwitchToThread
lstrcmpA
LoadLibraryExA
WideCharToMultiByte
EncodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
OutputDebugStringW
WaitForSingleObjectEx
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ExitProcess
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2994879adee5d2c1a8d4f943fe8edcda

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 407KB - Virtual size: 406KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 4KB - Virtual size: 14KB

.didat Size: 1024B - Virtual size: 680B

.tls Size: 512B - Virtual size: 9B

SHARED Size: 512B - Virtual size: 4B

Shared Size: 3KB - Virtual size: 3KB

.rsrc Size: 207KB - Virtual size: 206KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 407KB - Virtual size: 406KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 4KB - Virtual size: 14KB

.didat
Size: 1024B - Virtual size: 680B

.tls
Size: 512B - Virtual size: 9B

SHARED
Size: 512B - Virtual size: 4B

Shared
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 207KB - Virtual size: 206KB

.reloc
Size: 18KB - Virtual size: 17KB