9ff391357a7b76a4bb94f0771bfb40a99efc25506b2aac53270464bdcced71d3

Sharing

Copy URL

Twitter E-mail

General

Target

9ff391357a7b76a4bb94f0771bfb40a99efc25506b2aac53270464bdcced71d3
Size

6.5MB
MD5

062760f57cde371034e6bcf48ec32df5
SHA1

694bdfed0d1fec5175addce375b8ae1f9eda9cdf
SHA256

9ff391357a7b76a4bb94f0771bfb40a99efc25506b2aac53270464bdcced71d3
SHA512

58147734633ac26c938c0cf78fd3125601eb99b361028cf777f13d413f9898b22cb6e2722c9b36e49425cc08dc02512d3f79c24bd8f5d3c1697014aee2f44b75
SSDEEP

98304:0LtPduMxyTYoprLS0Ik+hyu+mdU7HclWSV7SxyqxrQ:0LZdTxyTYg+0WhJiHeaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ff391357a7b76a4bb94f0771bfb40a99efc25506b2aac53270464bdcced71d3

Files

9ff391357a7b76a4bb94f0771bfb40a99efc25506b2aac53270464bdcced71d3
.exe windows:6 windows x64 arch:x64

b234627ea15354dae42bb2806d318ebc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\workplace\Androws\p-7d0bede0cc4642bcb2fb80f584c30f51\Build\bin\Release\AndrowsInstaller.pdb

Imports

opengl32

wglMakeCurrent
wglDeleteContext
wglGetProcAddress
glGetString
wglCreateContext

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord143
ord60
ord211
ord46
ord217
ord301

normaliz

IdnToAscii

crypt32

CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptQueryObject
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA

ws2_32

sendto
shutdown
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
gethostname
gethostbyname
ioctlsocket

kernel32

GetModuleHandleExW
InitializeCriticalSectionEx
GetLocaleInfoW
CreateMutexA
ReleaseMutex
GetModuleHandleA
CreateToolhelp32Snapshot
MultiByteToWideChar
GetLastError
OpenMutexA
GetFileAttributesExW
Process32NextW
Process32FirstW
RaiseException
LoadLibraryW
DecodePointer
MoveFileExW
DeleteCriticalSection
FreeLibrary
WideCharToMultiByte
GetExitCodeProcess
HeapFree
HeapSize
GlobalFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcessHeap
GetCurrentProcessId
K32GetModuleFileNameExW
GetEnvironmentVariableW
GetSystemTimeAsFileTime
TerminateProcess
GetCommandLineW
LocalFree
AddVectoredExceptionHandler
GetCurrentDirectoryW
GetFileSize
GetTickCount
GlobalUnlock
GlobalLock
lstrlenW
GetACP
ExitProcess
MulDiv
CreateDirectoryW
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
SystemTimeToFileTime
FormatMessageW
InitializeCriticalSectionAndSpinCount
VerSetConditionMask
VerifyVersionInfoW
GlobalAlloc
GetLocalTime
lstrcmpiW
lstrcpynW
lstrcpyW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
Sleep
SetLastError
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetActiveProcessorCount
WaitForMultipleObjects
CreateFileA
GetFullPathNameW
SetEndOfFile
GetTempPathW
SetFilePointerEx
CreateDirectoryExW
InitializeCriticalSection
CreateMutexW
SignalObjectAndWait
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseSemaphore
CreateProcessA
FindClose
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
SetFileAttributesW
GetCurrentThreadId
GetSystemDirectoryW
MoveFileW
VirtualAlloc
VirtualFree
FlushFileBuffers
FormatMessageA
GetSystemTime
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
CreateEventW
SetEvent
CreateDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
SwitchToThread
CopyFileW
GetVersionExW
RtlVirtualUnwind
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemInfo
GetStringTypeW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
RtlPcToFileHeader
GetNativeSystemInfo
GetExitCodeThread
GetFileInformationByHandleEx
SetFileInformationByHandle
FindFirstFileExW
InitializeSRWLock
InitOnceBeginInitialize
InitOnceComplete
GetCPInfoExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
DeleteFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetDriveTypeW
IsProcessorFeaturePresent
GetProcAddress
CreateSemaphoreW
WaitForSingleObject
PeekNamedPipe
CreatePipe
DeviceIoControl
WriteFile
GetCurrentProcess
GetLogicalDrives
GetVolumeInformationW
GlobalMemoryStatusEx
GetPhysicallyInstalledSystemMemory
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
GetModuleHandleW
CloseHandle
CreateFileW
GetModuleFileNameW
GetFileSizeEx
ReadFile
EncodePointer
LCMapStringEx
GetCPInfo
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetCommandLineA
CreateThread
ExitThread
FreeLibraryAndExitThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
GetConsoleCP
SetEnvironmentVariableW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetStdHandle
SetConsoleMode
ReadConsoleInputW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFileType
RtlUnwind

user32

GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
FindWindowW
ShowWindow
ReleaseDC
GetSystemMetrics
GetDC
EnumDisplayDevicesA
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
GetWindowRect
EnumDisplayDevicesW
GetMessageW
TranslateMessage
CreateAcceleratorTableW
DrawTextA
wsprintfA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
UpdateWindow
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
FillRect
DrawTextW
CharPrevW
CharUpperW
GetWindowRgn
IsWindowEnabled
MoveWindow
UpdateLayeredWindow
MessageBoxW
SetWindowRgn
SetWindowLongPtrW
GetWindowLongPtrW
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
EnableWindow
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
wsprintfW
InflateRect
LoadCursorW
SetCursor
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
DispatchMessageW
SendMessageW
PostMessageW
IsWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
InvalidateRgn
GetProcessWindowStation
GetUserObjectInformationW
ClientToScreen
PtInRect
GetWindowLongW
SetWindowLongW
GetParent

gdi32

GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
CloseEnhMetaFile
SelectObject
SetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
CreateEnhMetaFileW
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetDeviceCaps
SetPixelFormat
ChoosePixelFormat
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
GetBitmapBits
SetTextColor
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
SaveDC

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
CommandLineToArgvW
SHGetFolderPathA
DragQueryFileW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
DoDragDrop
CoInitializeEx
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoInitialize
CoTaskMemFree
OleDuplicateData
CoUninitialize

oleaut32

SysStringLen
SysAllocStringLen
VariantInit
SysFreeString
VariantClear
SysAllocString

advapi32

CryptGetHashParam
RegQueryValueExW
RegOpenKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptAcquireContextW
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
GetTokenInformation
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipAddPathArc
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipCreatePen1
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipSetInterpolationMode
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipDrawImageI
GdipDrawLine
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreatePen2
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipCreateFontFromDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipDeletePen
GdipCreateFontFromLogfontA
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

shlwapi

PathFileExistsW
StrCpyNW
PathAppendW
StrRChrW

winhttp

WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpQueryDataAvailable

bcrypt

BCryptGenRandom

netapi32

Netbios

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QMGuid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b234627ea15354dae42bb2806d318ebc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

wldap32

normaliz

crypt32

ws2_32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

comctl32

gdiplus

imm32

shlwapi

winhttp

bcrypt

netapi32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 208KB - Virtual size: 232KB

.pdata Size: 149KB - Virtual size: 149KB

_RDATA Size: 512B - Virtual size: 244B

.QMGuid Size: 512B - Virtual size: 32B

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 208KB - Virtual size: 232KB

.pdata
Size: 149KB - Virtual size: 149KB

_RDATA
Size: 512B - Virtual size: 244B

.QMGuid
Size: 512B - Virtual size: 32B

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 35KB - Virtual size: 34KB