98c8a1b5638957a65756d7443eab71abe237d44be686c41d3f45878084d72ba7

Sharing

Copy URL Twitter E-mail

General

Target

98c8a1b5638957a65756d7443eab71abe237d44be686c41d3f45878084d72ba7
Size

5.3MB
MD5

392eac376672755c70de22223b2e6261
SHA1

c3fbb56ae4f1745775ac8cdad7de9ddda3a9a52f
SHA256

98c8a1b5638957a65756d7443eab71abe237d44be686c41d3f45878084d72ba7
SHA512

7de0138d3a6190d9e9a255525e7fdd2a6d5dc08669ffdc6e8a41a9687e136535bb174a1ac40d45d9d9124e7aa0c33330e0bef56fda0ba6700f220293d7e233b2
SSDEEP

98304:CYf8spJmcfSfdnvhfLhhnvBfL+Mvg0IIIJHfnFnjM3ks0+zFV1qXTj68:CU8g4HMIkf1yZYx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98c8a1b5638957a65756d7443eab71abe237d44be686c41d3f45878084d72ba7

Files

98c8a1b5638957a65756d7443eab71abe237d44be686c41d3f45878084d72ba7
.exe windows:5 windows x86 arch:x86

6253515bbd6a15c4608802d705f631d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\SVN\LiveUpdate\bootstrap\Release\setup.pdb

Imports

msi

ord175
ord96
ord136
ord88
ord8
ord169
ord232
ord70
ord190
ord150
ord205
ord72
ord141
ord78

comctl32

ord17

shlwapi

SHSetValueA
PathRemoveFileSpecW
SHDeleteValueW
SHDeleteKeyW
SHSetValueW
SHDeleteKeyA
SHGetValueW

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetSystemDefaultLangID
GetCommandLineW
lstrlenA
CreateProcessW
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
FormatMessageA
GetWindowsDirectoryA
WriteFile
WideCharToMultiByte
GetVolumeInformationA
LoadLibraryW
CopyFileW
FormatMessageW
GetExitCodeProcess
GetModuleFileNameW
CreateFileW
CompareStringW
lstrlenW
GetTempPathW
GetLastError
lstrcmpiA
GetProcAddress
lstrcmpiW
GetModuleHandleA
GetUserDefaultUILanguage
CloseHandle
DeleteFileW
LocalFree
lstrcpyW
ExpandEnvironmentStringsW
GetTempFileNameW
CreateFileA
SetFilePointer
GetModuleFileNameA
GetCurrentProcessId
SetHandleCount
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapSize
FreeLibrary
LoadResource
FindResourceExA
SizeofResource
LockResource
GetTimeZoneInformation
MultiByteToWideChar
GetCurrentThreadId
GetVersion
GetFileType
GetStdHandle
FlushConsoleInputBuffer
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExW
LoadLibraryA
FreeEnvironmentStringsA
LCMapStringW
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
ExitProcess
Sleep
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
CompareStringA
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
ReadConsoleInputA
SetConsoleMode
ReadFile
GetCPInfo
RtlUnwind
RaiseException
SetConsoleCtrlHandler
GetDateFormatA
GetTimeFormatA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime

user32

LoadStringW
DialogBoxParamW
wsprintfW
GetDlgItem
EndDialog
IsDlgButtonChecked
MessageBoxW
SetDlgItemTextW
EnableWindow
SetWindowTextW
MessageBoxExW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
SetDlgItemTextA

advapi32

ReportEventW
DeregisterEventSource
RegCloseKey
RegEnumKeyExW
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceW

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteA

ole32

CoInitialize
StringFromGUID2

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6253515bbd6a15c4608802d705f631d3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

comctl32

shlwapi

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 440KB - Virtual size: 439KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 46KB - Virtual size: 61KB

.rsrc Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 46KB - Virtual size: 61KB

.rsrc
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 33KB - Virtual size: 32KB