bff1ac9bb8b210886f4c76d7218af842412c8a90cde1c229db9aaa9d91a81a2f

Sharing

Copy URL

Twitter E-mail

General

Target

bff1ac9bb8b210886f4c76d7218af842412c8a90cde1c229db9aaa9d91a81a2f
Size

4.8MB
MD5

1dd8c81067ba1975428def96d968080c
SHA1

e6c86cd5a3ecece6fc6ad2f6dd5a8bc3e9e44d83
SHA256

bff1ac9bb8b210886f4c76d7218af842412c8a90cde1c229db9aaa9d91a81a2f
SHA512

ba14e7ab80d6c90dedb5efcfa9a84158c6ad429afde8557a82cff923dfabfd9353ec70e47397ee414435f43b6a0d50365861e05116eb64e132dae1487226a65b
SSDEEP

98304:UPTxnEk+I2PGAbhRiCu/CVUdVEy9qMBNP/qxct8q7zTILXWBFXF3Uw:u+7k4UdVEy9qMBNLtTWa7Uw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bff1ac9bb8b210886f4c76d7218af842412c8a90cde1c229db9aaa9d91a81a2f

Files

bff1ac9bb8b210886f4c76d7218af842412c8a90cde1c229db9aaa9d91a81a2f
.exe windows:6 windows x86 arch:x86

79b9243dcfa2ee29cd4714d1158c7db0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\halodesk\install_uninstall_coral\inst\Install_exe.pdb

Imports

kernel32

LoadLibraryExW
lstrcmpiW
WritePrivateProfileStringW
GetDriveTypeW
VirtualAlloc
SwitchToThread
GetFileInformationByHandle
CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
CreateDirectoryW
SearchPathW
GetCurrentDirectoryW
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetShortPathNameW
DecodePointer
GetCommandLineW
VerifyVersionInfoW
GetCurrentThreadId
InitializeCriticalSectionEx
RaiseException
VerSetConditionMask
lstrcpynW
LocalFree
FreeLibrary
GetLocalTime
WaitForMultipleObjects
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetTickCount
GetCurrentProcess
WideCharToMultiByte
UnlockFile
ReadFile
LockFile
GetFileSize
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetModuleFileNameExW
GetModuleFileNameW
OpenProcess
WriteConsoleW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
MoveFileExW
MoveFileW
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetWindowsDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CloseHandle
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetPrivateProfileStringW
LocalAlloc
GetExitCodeProcess
TerminateProcess
QueryDosDeviceW
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
lstrcmpiA
lstrcmpA
GetTempFileNameA
GetTempPathA
WriteFile
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
DeleteFileA
CreateFileA
WaitForSingleObjectEx
GetSystemDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
GetFileAttributesExW
SetFilePointer
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
OutputDebugStringA
OutputDebugStringW
GetFileSizeEx
ResetEvent
GetSystemInfo
GetTempFileNameW
FormatMessageW
GetEnvironmentVariableW
GetVersionExW
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
VirtualFree

user32

EndDialog
SetCapture
SetFocus
SetWindowPos
SendMessageW
GetShellWindow
LoadStringW
GetWindowThreadProcessId
FindWindowExW
ReleaseCapture
GetActiveWindow
DialogBoxParamW
LoadImageW
SetForegroundWindow
GetSystemMetrics
PostMessageW
IsWindowVisible
PostQuitMessage
CharNextW
BringWindowToTop
PeekMessageW
GetCursorPos
CopyRect
EnumDisplayMonitors
wsprintfW
MessageBoxW
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
FindWindowW
UnionRect
OffsetRect
EqualRect
DestroyCursor
DrawFocusRect
MoveWindow
UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
FillRect
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DrawTextW
GetAsyncKeyState
GetFocus
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
IsDialogMessageW
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
MapWindowPoints
SetCursor
GetWindowRect
GetClientRect
InvalidateRect
KillTimer
SetTimer
IsIconic
GetDC
ReleaseDC
BeginPaint
EndPaint

gdi32

DeleteDC
DeleteObject
CreateCompatibleDC
BitBlt
SelectObject
SetViewportOrgEx
CreateFontW
EnumFontFamiliesW
GetStockObject
RestoreDC
SaveDC
SelectClipRgn
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
RectVisible
CreateRectRgnIndirect
OffsetViewportOrgEx
CreateCompatibleBitmap

advapi32

LookupAccountNameW
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
LookupAccountSidW
EqualSid
DeleteAce
RegQueryValueExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
StartServiceW
GetUserNameW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW

shell32

ShellExecuteW
SHCreateDirectoryExW
ord165
SHFileOperationW
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
OleRun

oleaut32

VarBstrCmp
VariantClear
SysFreeString
SysAllocString
SysStringByteLen
VarUI4FromStr
SysStringLen
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
VariantCopy

shlwapi

SHSetValueW
PathIsDirectoryW
wnsprintfW
AssocQueryStringW
SHSetValueA
PathIsRootW
PathIsRelativeW
SHGetValueW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathAppendW
PathRenameExtensionA
PathFindFileNameA
StrToIntExW
StrCmpIW
StrStrIW
StrStrIA
StrTrimA
StrCmpNIW
PathIsPrefixW
SHGetValueA

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupIterateCabinetW

Exports

Exports

InstallEntryW
_BasicEntry@12
_Start@4

Sections

.text
Size: 916KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79b9243dcfa2ee29cd4714d1158c7db0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

setupapi

Exports

Exports

Sections

.text Size: 916KB - Virtual size: 916KB

.rdata Size: 203KB - Virtual size: 203KB

.data Size: 18KB - Virtual size: 37KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 916KB - Virtual size: 916KB

.rdata
Size: 203KB - Virtual size: 203KB

.data
Size: 18KB - Virtual size: 37KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 47KB - Virtual size: 46KB