ie4uinit[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ie4uinit.exe
Size

264KB
MD5

2150bcc9e9867b1b698c80f9e7c569e7
SHA1

9871bdcda61c01ad6928eb6411a0631669d98938
SHA256

63c059ff31fdab46bae3ec03cf8625f843fc6f39ebf7cd6b0303eac46a11dd03
SHA512

1ca7ec973d751ba27cf1608205a47af10846885400aa5a35f9315398d32d2a082b9260562b30c22e8afec8a3baa811bab04490768edd5dcd9d11b0f8e79a7d79
SSDEEP

6144:YbZQvrzUiZx91woWE5IleGn/sOrpulQV4Znes:YbZgsiZH1woWnL/sOrpqes

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ie4uinit.exe

Files

ie4uinit.exe
.exe windows:10 windows x64 arch:x64

f78f364e85e1135ab41c2c0e5521bd0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ie4uinit.pdb

Imports

advapi32

RegQueryValueExW
RegEnumValueW
ConvertSidToStringSidW
EventUnregister
RegOpenKeyExW
FreeSid
RegSetValueExW
EventSetInformation
RegCreateKeyExW
EventRegister
RegCloseKey
RegSetValueW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
CryptDeriveKey
CryptGetKeyParam
CryptEncrypt
CryptDestroyKey
CryptVerifySignatureW
CryptSetHashParam
CryptGenRandom
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
EventWriteEx
RegGetValueW
EventWriteTransfer
GetSecurityDescriptorSacl
GetAce
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
ConvertStringSidToSidW
IsValidSid
OpenProcessToken
GetKernelObjectSecurity
AddAccessAllowedAceEx
GetLengthSid
CryptSetKeyParam
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
GetTokenInformation
OpenThreadToken

kernel32

LockResource
GetVersionExA
DeleteFileW
CloseHandle
LoadResource
GetCurrentThread
QueryPerformanceFrequency
GetExitCodeProcess
GetTempFileNameW
DuplicateHandle
GetTempPathW
CompareStringOrdinal
ExpandEnvironmentStringsW
GetStdHandle
GetLocalTime
CreateThread
FindResourceW
FormatMessageW
SetFileAttributesW
CreateEventW
WaitForSingleObject
SetFilePointer
lstrcmpW
GetTickCount
CreateProcessW
DelayLoadFailureHook
ResolveDelayLoadedAPI
CreateFile2
RemoveDirectoryW
AcquireSRWLockShared
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
QueueUserWorkItem
SetEvent
OpenFileMappingW
FlushViewOfFile
SetCurrentDirectoryW
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
SetEndOfFile
LCMapStringW
GetFullPathNameW
OpenMutexW
GetFileSizeEx
SetFileTime
UnmapViewOfFile
MultiByteToWideChar
CreateMutexW
LocaleNameToLCID
DeleteCriticalSection
LoadLibraryW
GetSystemInfo
GetUserPreferredUILanguages
InitializeCriticalSection
LeaveCriticalSection
GetProductInfo
EnterCriticalSection
GetFileAttributesW
IsDebuggerPresent
DebugBreak
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ReleaseMutex
GetModuleHandleExW
ReleaseSemaphore
SetLastError
CreateSemaphoreExW
GetModuleFileNameA
WideCharToMultiByte
GetNativeSystemInfo
IsWow64Process
InitOnceExecuteOnce
RaiseFailFastException
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetVersionExW
CreateFileW
FindClose
GetShortPathNameW
WriteFile
GetCurrentProcess
FindNextFileW
SetPriorityClass
FindFirstFileExW
FindFirstFileW
SizeofResource
ReadFile
LoadLibraryExW
VerifyVersionInfoW
FreeLibrary
GetModuleHandleW
GetProcessHeap
VerSetConditionMask
LocalFree
GetProcAddress
HeapAlloc
HeapSetInformation
RaiseException
GetLastError
Sleep
GetSystemDirectoryW
GetEnvironmentVariableW
SetErrorMode
GetModuleFileNameW
HeapFree
GetCurrentDirectoryW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW

user32

LoadStringW
CharNextW
PostMessageW
SendMessageTimeoutW
PostThreadMessageW
GetMessageW
GetShellWindow

msvcrt

wcsncmp
wcschr
??1type_info@@UEAA@XZ
wcscpy_s
wcscat_s
_vsnwprintf_s
fgetws
fclose
wcsncpy_s
wcsnlen
strnlen
isalnum
_wfopen_s
swscanf_s
wcsrchr
_wcsnicmp
_time64
memcpy_s
_vsnwprintf
rand_s
_wtoi
_ultow_s
memmove_s
_wcsicmp
?terminate@@YAXXZ
_CxxThrowException
memcmp
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
_lock
sprintf_s
_unlock
__dllonexit
_onexit
iswalpha
memset

shell32

ord526
CommandLineToArgvW
SHChangeNotify
SHCreateItemFromParsingName
ord155
ord165
SHGetKnownFolderPath
SHGetSpecialFolderLocation
SHSetLocalizedName
ord190
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtClose

ieadvpack

ExecuteCabW

shlwapi

StrCmpIW
SHRegSetUSValueW
StrCmpNIW
ord388
PathFileExistsW
SHDeleteKeyW
ord158
PathRemoveBlanksW
PathFindFileNameW
PathRemoveExtensionW
SHGetValueW
SHSetValueW
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
UrlApplySchemeW
ord2
StrCmpNIA
ord487
StrCmpNA
StrCmpNW
UrlEscapeW
UrlUnescapeW
StrCmpW
ord433
ord219
StrStrIW
SHStrDupW
PathIsNetworkPathW
SHDeleteValueW
SHRegGetUSValueW
SHRegDeleteUSValueW
StrStrW
StrTrimW
SHCopyKeyW

iertutil

ord282
ord654
ord652
ord662
ord281
ord672
ord677
ord660
ord653
ord678
ord650
ord657
ord38
ord651
ord665
ord675
ord656
ord820
ord57
ord149
ord99
ord37
ord701
ord796
ord682
ord91
ord76
ord90
ord81
ord74
ord79
ord85
ord791
ord50
ord33
ord690
ord793
ord139
ord594
ord398
ord597
ord78
ord655
ord134

oleaut32

VariantCopy
VarBstrCmp
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString
VarBstrCat
SysAllocString
SysStringLen
SysAllocStringLen
SysStringByteLen

ole32

OleUninitialize
OleInitialize
PropVariantClear
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoInitializeEx
CoCreateGuid

iedkcs32

BrandIEActiveSetup

kernelbase

GetSystemDefaultLocaleName
GetUserDefaultLocaleName
LocalAlloc
OpenGlobalizationUserSettingsKey

crypt32

CertOpenStore
CryptStringToBinaryA
CryptBinaryToStringA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CryptStringToBinaryW
CertGetNameStringW
CertCreateCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CryptImportPublicKeyInfo
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptHashCertificate
CertEnumCertificatesInStore
CertGetCertificateContextProperty

urlmon

CreateIUriBuilder
CreateUri

wininet

InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle

netapi32

NetApiBufferFree
NetGetJoinInformation

diagnosticdatasettings

TelIsTelemetryTypeAllowed

version

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

mlang

ord123

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f78f364e85e1135ab41c2c0e5521bd0b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

shell32

ntdll

ieadvpack

shlwapi

iertutil

oleaut32

ole32

iedkcs32

kernelbase

crypt32

urlmon

wininet

netapi32

diagnosticdatasettings

version

mlang

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 8KB - Virtual size: 7KB

.didat Size: 4KB - Virtual size: 40B

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 8KB - Virtual size: 7KB

.didat
Size: 4KB - Virtual size: 40B

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB