Yandex XP_Vista[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Yandex XP_Vista.exe
Size

58.8MB
MD5

6f5bee01894ea9a2d99778dad861b201
SHA1

10c6d69f71ce0501af572f8007025d4f85b43b68
SHA256

cc00d608219cd14fe3ae32888e1c73446f00753403bbcd055f4996878ccd3e33
SHA512

055854af35410f0dd181954c8c2066ddb12bd5fd5654ffac883d86d0ea5bfa24e84cd530fb80d137824bd1badd1382c1d046ad9544a9cfacd0c99f6369d95e83
SSDEEP

1572864:XnrXO/rZVQ0nYWCdOVK+m8VZ8MsMepZL5rfB1iCB/:irPr4amRMs1pZL5rB1t/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Yandex XP_Vista.exe

Files

Yandex XP_Vista.exe
.exe windows:5 windows x86 arch:x86

8326e048c41b93b285bf7972ba77d24c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\work\fe2b0740eca6e700\src\out\Release\full_installer.exe.pdb

Imports

kernel32

DecodePointer
RaiseException
GetLastError
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
OpenEventA
WaitForMultipleObjects
GetCurrentProcessId
GetCurrentThreadId
OpenProcess
ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryExW
GetGeoInfoW
GetUserGeoID
GetCommandLineW
LocalFree
GetModuleFileNameW
WaitForSingleObject
GetTickCount
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSize
GetTempFileNameW
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
GetTempPathW
CloseHandle
ReleaseMutex
CreateMutexW
IsProcessorFeaturePresent
FindResourceExW
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceW
GetUserDefaultUILanguage
GetModuleHandleW
SetDllDirectoryW
SetEvent
ResetEvent
CreateEventA
CreateEventW
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
HeapCreate
VirtualAlloc
VirtualFree
VirtualQuery
Sleep
ResumeThread
FlushInstructionCache
VirtualProtect
CreateToolhelp32Snapshot
OpenEventW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeLibrary
lstrcmpiW
MultiByteToWideChar
LoadLibraryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
MoveFileW
GetLocalTime
FormatMessageA
GetVersionExW
GetNativeSystemInfo
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
SetHandleInformation
GetStdHandle
AssignProcessToJobObject
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetSystemInfo
Process32NextW
Process32FirstW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetProcessId
IsDebuggerPresent
CreateThread
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetModuleHandleExW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
FormatMessageW
lstrcmpA
LoadLibraryExA
WideCharToMultiByte
EncodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ExitProcess
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58.3MB - Virtual size: 58.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8326e048c41b93b285bf7972ba77d24c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 390KB - Virtual size: 389KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 5KB - Virtual size: 14KB

SHARED Size: 512B - Virtual size: 4B

.gfids Size: 1024B - Virtual size: 816B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 58.3MB - Virtual size: 58.3MB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 390KB - Virtual size: 389KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 5KB - Virtual size: 14KB

SHARED
Size: 512B - Virtual size: 4B

.gfids
Size: 1024B - Virtual size: 816B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 58.3MB - Virtual size: 58.3MB

.reloc
Size: 17KB - Virtual size: 16KB