c043_Tech05_2024-05-31_17_45_17[.]627[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

c043_Tech05_2024-05-31_17_45_17.627.zip
Size

291KB
MD5

2382c67824a68ea7e1f78b038b990b06
SHA1

5fd48fe1cc50ff2c1beefab7e6c14c2363c2260b
SHA256

490a685e41f73853205b8fff3824360674279476289e06c0b5acf6cd51dca327
SHA512

612993f630dd6b103a3c2f15cec7e5d48889123afb2373646ecaec2505b45ec9e360461fb573cd616b2fa32a46d4ec8da19e9f8c5f3d44e7b7fe9b9a6ba73ff8
SSDEEP

6144:bcO/dMIAXO33Ijrow+F4UfoESr5Cj0BOhQjDZMDOpwjtyLWEgopfYFTzlZHL:bcO+dO3qapfIrQ8OaFMaSoL1zfYFT7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume2/ProgramData/National Instruments/MDF/BinRTE/NiMsiDistKit.dll

Files

c043_Tech05_2024-05-31_17_45_17.627.zip
.zip

Password: n2TDTH1UcA943Aou1e2N
Device/HarddiskVolume2/ProgramData/National Instruments/MDF/BinRTE/NiMsiDistKit.dll
.dll windows:5 windows x86 arch:x86

Password: n2TDTH1UcA943Aou1e2N

cbd9b02046ccd535897c1b3ef227aa27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
DeleteFileW
GetTempFileNameW
GetProcAddress
CreateFileW
GetLastError
CreateThread
RemoveDirectoryW
CreateDirectoryW
GetFileTime
SetFileTime
CloseHandle
GetTempPathW
GetModuleFileNameW
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
CreateFileA
WriteConsoleW
WideCharToMultiByte
MultiByteToWideChar
SetErrorMode
GetFileAttributesW
GetCurrentProcess
GetModuleHandleW
FreeLibrary
LoadLibraryExW
FormatMessageW
FindNextFileW
FindFirstFileW
VirtualQuery
SetFileAttributesW
LoadLibraryW
GetTickCount
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
LocalFree
SetFilePointer
LockResource
LoadResource
FindResourceExW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileSize
LocalFileTimeToFileTime
DosDateTimeToFileTime
HeapFree
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
ReadFile
GetConsoleCP
GetConsoleMode
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
LCMapStringA
GetModuleHandleA
GetCurrentDirectoryA
GetDriveTypeA
FlushFileBuffers
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

advapi32

RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

ole32

StringFromGUID2
CoUninitialize
CoFreeLibrary
CoLoadLibrary
CoInitialize
CoCreateGuid

msi

ord51
ord74
ord49
ord125
ord17
ord143
ord145
ord135
ord171
ord8
ord116
ord167
ord121
ord123
ord163
ord166
ord115
ord92
ord20
ord151
ord150
ord153
ord78
ord120
ord118
ord160
ord159
ord32
ord103

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

MessageBoxW

Exports

Exports

NI_MetaToolbox_MetaOutput_GetSharedGlobalData
_nmdkAddPermissionMod@28
_nmdkSetPathToMergeModDll@4
_nmdkUpdateDirectoryTable@16
nmdkAddEntryToNiPathsRequested
nmdkAddFile
nmdkAddRegKey
nmdkAddRegKeyAdvanced
nmdkAddShortcut
nmdkCheckDependsMergeModule
nmdkClose
nmdkCommitChanges
nmdkConstReturn
nmdkConvertWin32RegTypeToNmdkEnum
nmdkCreateGUID
nmdkFreeString
nmdkGenerateMergeModuleMap
nmdkGetMMLangID
nmdkGetMMSignature
nmdkGetMsiHandle
nmdkImportVLMSettings
nmdkInitLibrary
nmdkLastError
nmdkListDirectMergeModuleDepends
nmdkLoadMergeModule
nmdkOpen
nmdkPartContains64BitComponents
nmdkRunExistingProgram
nmdkRunInstalledProgram
nmdkScheduleMAXConfigImportRuntime
nmdkScheduleRebootAfterInstall
nmdkSetAllUsersType
nmdkSetAllowUsersSelectFeatures
nmdkSetArpProperties
nmdkSetDefaultInstallDir
nmdkSetInformationalProperties
nmdkSetMAXImportFiles
nmdkSetMAXImportOptions
nmdkSetMAXPortCfgProdVerAndName
nmdkSetMainFeatureInfo
nmdkSetProperty
nmdkSetSummaryProperties
nmdkSetUpgradeInfo
nmdkTouchComponentFiles
nmdk_CVIRTE_InstallRelocate
nmdk_CVI_LVRT_InstallRelocate
nmdk_INSTRSUP_InstallRelocate
nmdk_MESA_InstallRelocate

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: n2TDTH1UcA943Aou1e2N

Password: n2TDTH1UcA943Aou1e2N

cbd9b02046ccd535897c1b3ef227aa27

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

msi

version

user32

Exports

Exports

Sections

.text Size: 283KB - Virtual size: 282KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 7KB - Virtual size: 60KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 22KB - Virtual size: 21KB

.text Size: 136KB - Virtual size: 136KB

.text
Size: 283KB - Virtual size: 282KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 7KB - Virtual size: 60KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 22KB - Virtual size: 21KB

.text
Size: 136KB - Virtual size: 136KB