Installer_RedAV[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Installer_RedAV.exe
Size

314.4MB
MD5

2fe1c37140d50809f72733a5849e394a
SHA1

b1699b730dfb19afb3c500ccb2c449a7559f4c1c
SHA256

044156a9512adae0778149ef31a26ebcc28bcb3d352eb52daf9abd019de3194a
SHA512

231d0b158ff61bc9a8595647a4d29922827634a16bcaa8d08e91a15a03db49e4d4f8cbf893ba64a775a091e93ccb16054e1a2ac248a41dd424e489d291181398
SSDEEP

6291456:Odzj20Usw7QASDCMBZSgbDmp+lmHZ/Ancg3oA0SdH7FgQdvtFb8jg:OhjKsw7ymMOgfmMkHZYnc8F0Sd7FNdvz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Installer_RedAV.exe

Files

Installer_RedAV.exe
.exe windows:4 windows x86 arch:x86

26ca8bfb8fa605a027fdf343592eca3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
SetFileAttributesA
CreateProcessA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetShortPathNameA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
RemoveDirectoryA
GetDriveTypeA
LoadLibraryA
CopyFileA
FindFirstFileA
FindNextFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
FormatMessageA
GetVersionExW
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MoveFileA
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
ExitProcess
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
HeapCompact
HeapAlloc
HeapFree
DeleteFileA
CreateFileA
FormatMessageW
WritePrivateProfileStringW
GetPrivateProfileStringW
FindNextFileW
FindFirstFileW
CopyFileW
LoadLibraryW
GetDriveTypeW
RemoveDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
GetShortPathNameW
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
CreateProcessW
SetFileAttributesW
GetFileAttributesW
MoveFileW
DeleteFileW
FlushFileBuffers
CreateFileW
GetVersion
GetVersionExA
GetCommandLineW
GetCurrentProcess
MoveFileExW
WideCharToMultiByte
GetUserDefaultLangID
SetFileTime
SetErrorMode
GetLocalTime
Sleep
GetExitCodeProcess
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CloseHandle
SetFilePointer
WriteFile
ReadFile
FindClose
GetProcAddress
FreeLibrary
GetDiskFreeSpaceW
GetDiskFreeSpaceA
IsBadCodePtr
GetLastError

user32

PostMessageA
SendDlgItemMessageA
PeekMessageA
GetMessageA
DispatchMessageA
CharToOemA
GetDlgItemTextA
SetDlgItemTextA
SetWindowTextA
DrawTextA
FindWindowA
CreateWindowExA
RegisterClassA
LoadCursorW
GetWindow
GetSysColor
ScreenToClient
GetWindowLongA
CharToOemW
DispatchMessageW
GetMessageW
PeekMessageW
SendDlgItemMessageW
PostMessageW
GetWindowLongW
SetWindowLongW
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
SetWindowTextW
DrawTextW
IsDialogMessageW
DialogBoxParamW
CreateDialogParamW
CallWindowProcW
DefWindowProcW
SetWindowLongA
IsDialogMessageA
LoadIconA
DialogBoxParamA
CreateDialogParamA
CallWindowProcA
DefWindowProcA
LoadIconW
GetWindowRect
GetClassNameA
GetDlgItem
EndPaint
BeginPaint
GetClientRect
FillRect
GetSystemMetrics
SetCursor
LoadCursorA
EnableWindow
TranslateMessage
SendMessageA
SendMessageW
FindWindowW
CreateWindowExW
GetClassNameW
RegisterClassW
GetLastActivePopup
BringWindowToTop
ExitWindowsEx
IsIconic
PostQuitMessage
AdjustWindowRectEx
EndDialog
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
SetFocus
GetParent
UpdateWindow
IsWindowVisible
InvalidateRect
RedrawWindow
SetWindowPos
ShowWindow
DestroyWindow
IsWindowEnabled
ValidateRect

gdi32

AddFontResourceW
RemoveFontResourceW
CreateFontIndirectA
GetObjectW
AddFontResourceA
RemoveFontResourceA
CreateFontIndirectW
GetStockObject
SetBkMode
SetTextColor
StretchDIBits
SetStretchBltMode
SetBrushOrgEx
CreateSolidBrush
CreateDIBPatternBrush
CreateHalftonePalette
SelectPalette
RealizePalette
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
ExtTextOutA
SetBkColor
CreatePalette
GetSystemPaletteEntries
GetDeviceCaps
GetObjectA
BitBlt
DeleteDC

comdlg32

GetOpenFileNameA
GetOpenFileNameW

advapi32

RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
OpenProcessToken

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
DragQueryFileA

ole32

CoGetMalloc
OleInitialize
OleUninitialize
CoCreateInstance

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileA
VerFindFileW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

ImageList_LoadImageW
ord17
ImageList_LoadImageA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26ca8bfb8fa605a027fdf343592eca3b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

comctl32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 12KB - Virtual size: 10KB