unins000[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

unins000.exe
Size

6KB
MD5

4ff75f505fddcc6a9ae62216446205d9
SHA1

efe32d504ce72f32e92dcf01aa2752b04d81a342
SHA256

a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81
SHA512

ba0469851438212d19906d6da8c4ae95ff1c0711a095d9f21f13530a6b8b21c3acbb0ff55edb8a35b41c1a9a342f5d3421c00ba395bc13bb1ef5902b979ce824
SSDEEP

96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unins000.exe

Files

unins000.exe
.exe windows:4 windows x64 arch:x64

35a25297eaad71a907abf55111fc7e24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

shlwapi

StrToIntW
StrToInt64ExW

kernel32

ReadFile
WriteFile
CloseHandle
SetConsoleCtrlHandler
SetProcessShutdownParameters
SetCurrentDirectoryW
GetSystemDirectoryW
SetErrorMode
ExitProcess
LocalFree
GetLastError
GetCommandLineW

advapi32

FreeSid
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW

shell32

CommandLineToArgvW

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ