a45ae63d4cb705c98a35ceec0bed714f0b97777c9a77ac4f8c6cbaa9a19a9523[.]exe

General

Target

a45ae63d4cb705c98a35ceec0bed714f0b97777c9a77ac4f8c6cbaa9a19a9523.exe
Size

590KB
MD5

037d29b9f3565d2b75dd7b87bdc1da70
SHA1

37389870e48eedf42eea59a1f2dfe52ba830a3c0
SHA256

a45ae63d4cb705c98a35ceec0bed714f0b97777c9a77ac4f8c6cbaa9a19a9523
SHA512

fbdfc3d7b5a7aabee7ddf55b834e42ce2fb519b8f09a55e030235b57f1f8f0bbb0c50af312de923b3ce39d06aabace0d85db9b0075ea9871ef3349d6034d7e8b
SSDEEP

12288:Vt3/aLNxHlJgg81Szwp+MSk8upNZtnJwWDY:VtPahl7gg81Ss0upNnn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a45ae63d4cb705c98a35ceec0bed714f0b97777c9a77ac4f8c6cbaa9a19a9523.exe

Files

a45ae63d4cb705c98a35ceec0bed714f0b97777c9a77ac4f8c6cbaa9a19a9523.exe
.dll windows:6 windows x86 arch:x86

b106514432e4216528a4ad61dd3b02fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\nt.obj.x86fre\base\wcp\tools\msmcustomaction\objfre\i386\msmcustomaction.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
strchr
memset
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnprintf

kernel32

UnhandledExceptionFilter
RtlUnwind
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetLastError
CreateDirectoryA
MoveFileExA
MoveFileA
GetWindowsDirectoryA
DeleteFileA
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesA
lstrcmpiA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess

advapi32

RegEnumValueA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

rpcrt4

UuidCreate

msi

ord117
ord79
ord172
ord44
ord73
ord160
ord31
ord115
ord166
ord163
ord49
ord50
ord159
ord48
ord8
ord17
ord103
ord121
ord124

Exports

Exports

CustomAction_SxsMsmCleanup
CustomAction_SxsMsmInstall

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b106514432e4216528a4ad61dd3b02fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

msi

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 872B

.reloc Size: 4KB - Virtual size: 572B

.text
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 872B

.reloc
Size: 4KB - Virtual size: 572B