lessmsi-v1[.]11[.]1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

lessmsi-v1.11.1.zip
Size

644KB
MD5

22fe019953dabe4636066b2b50b6a37b
SHA1

0852b46f31d11d3c692831295cdf11058844fb17
SHA256

00beb95257746158c7facf1bf67b23dd62d37e0ea1ae0b208981ef7f7619d730
SHA512

07d0f036d492bc45ddff2bb06bc68f9dc85e7c78063de1ccd5b55e75e0f76bbecfd05ecf0289665d75c4970e2fa5ef68e36411c5770def1df15749ed38ddfc7f
SSDEEP

12288:kiFOu9zZGkW2pigbotjiM/5CQ/tGmQFqKApOaaBQgpz3:IuhLNJ8tjiMv/t3eqKdB7z3

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LessMsi/AddWindowsExplorerShortcut.exe
unpack001/LessMsi/LessIO.dll
unpack001/LessMsi/lessmsi-gui.exe
unpack001/LessMsi/lessmsi.core.dll
unpack001/LessMsi/lessmsi.exe
unpack001/LessMsi/libmspackn.dll
unpack001/LessMsi/mspack.dll
unpack001/LessMsi/wix.dll
unpack001/LessMsi/wixcab.dll

Files

lessmsi-v1.11.1.zip
.zip
LessMsi/AddWindowsExplorerShortcut.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\lessmsi\src\ExplorerShortcutHelper\obj\x86\Release\AddWindowsExplorerShortcut.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LessMsi/LessIO.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\lessio\src\LessIO\obj\Release\LessIO.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LessMsi/lessmsi-gui.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\lessmsi\src\LessMsi.Gui\obj\x86\Release\lessmsi-gui.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LessMsi/lessmsi-gui.exe.config
.xml
LessMsi/lessmsi.core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\lessmsi\src\LessMsi.Core\obj\x86\Release\lessmsi.core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LessMsi/lessmsi.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\lessmsi\src\LessMsi.Cli\obj\x86\Release\lessmsi.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LessMsi/lessmsi.exe.config
.xml
LessMsi/libmspackn.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\libmspack4n\libmspack4n\obj\x86\Release\libmspackn.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LessMsi/mspack.dll
.dll windows:6 windows x86 arch:x86

e8414fd2078f22de6edba2b81f6ab47e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
WriteConsoleW
CreateFileW
HeapSize
HeapReAlloc
SetEndOfFile
DecodePointer
RaiseException

Exports

Exports

mspack_create_cab_compressor
mspack_create_cab_decompressor
mspack_create_chm_compressor
mspack_create_chm_decompressor
mspack_create_hlp_compressor
mspack_create_hlp_decompressor
mspack_create_kwaj_compressor
mspack_create_kwaj_decompressor
mspack_create_lit_compressor
mspack_create_lit_decompressor
mspack_create_szdd_compressor
mspack_create_szdd_decompressor
mspack_destroy_cab_compressor
mspack_destroy_cab_decompressor
mspack_destroy_chm_compressor
mspack_destroy_chm_decompressor
mspack_destroy_hlp_compressor
mspack_destroy_hlp_decompressor
mspack_destroy_kwaj_compressor
mspack_destroy_kwaj_decompressor
mspack_destroy_lit_compressor
mspack_destroy_lit_decompressor
mspack_destroy_szdd_compressor
mspack_destroy_szdd_decompressor
mspack_invoke_mscab_decompressor_append
mspack_invoke_mscab_decompressor_close
mspack_invoke_mscab_decompressor_extract
mspack_invoke_mscab_decompressor_last_error
mspack_invoke_mscab_decompressor_open
mspack_sys_selftest_internal
mspack_version

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LessMsi/wix.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 980KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LessMsi/wixcab.dll
.dll windows:4 windows x86 arch:x86

a5349331efe0d02ca395648c8603a7a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\delivery\Dev\wix_public\release\ship\wixcab.pdb

Imports

advapi32

SetNamedSecurityInfoW
InitializeAcl
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
IsValidAcl

kernel32

GetLastError
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
HeapSize
CloseHandle
DebugBreak
GetCurrentProcessId
GetModuleFileNameA
WriteFile
lstrlenA
SetFilePointer
CreateFileA
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
ReadFile
DeleteFileA
FindClose
FindFirstFileA
GetTempPathA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileAttributesExA
FreeLibrary
GetProcAddress
LoadLibraryW
SetEndOfFile
SetFileTime
CreateFileW
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpW
lstrlenW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetSystemTime
CompareStringW
CompareStringA
RaiseException
GetVersionExA
LoadLibraryA
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
ExitProcess
GetModuleHandleA
TerminateProcess
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
VirtualProtect
GetSystemInfo
FlushFileBuffers
GetLocaleInfoW
SetEnvironmentVariableA

user32

MessageBoxA

Exports

Exports

CreateCabAddFile
CreateCabAddFiles
CreateCabBegin
CreateCabFinish
ExtractCab
ExtractCabBegin
ExtractCabFinish
ResetAcls

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 17KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 295KB - Virtual size: 295KB

.rsrc Size: 194KB - Virtual size: 193KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 23KB - Virtual size: 22KB

.rsrc Size: 1024B - Virtual size: 932B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 25KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

e8414fd2078f22de6edba2b81f6ab47e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 295KB - Virtual size: 295KB

.rsrc
Size: 194KB - Virtual size: 193KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 932B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 160B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 980KB - Virtual size: 979KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 6KB