eee8b69ee909dbb00687f8cb617756fa6fc63bb41010176f0640996116890b8d

Sharing

Copy URL Twitter E-mail

General

Target

eee8b69ee909dbb00687f8cb617756fa6fc63bb41010176f0640996116890b8d
Size

779KB
MD5

55109ba8b564483596ea20b3fc42763f
SHA1

d75615e8ea84f14431f022e0012ef4fd1b2972ae
SHA256

eee8b69ee909dbb00687f8cb617756fa6fc63bb41010176f0640996116890b8d
SHA512

ffd6223beff9f0ec52abef1230643cbdad156585c3bcdd2c3f78f753714a7b3a02050d8a3d6a0dc5c77b179d8f50d1271d48cbf2cbfcfb45bb4a82df8fc0e9b4
SSDEEP

12288:zpFDlfL+k8qT7mbFedpmsRrYtzYgY0KPJ2ai1TlIdfnBj+6P7YKEi0a88I29a6kP:zbpfB6sRrYtzYgHfaBSaYc1a6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eee8b69ee909dbb00687f8cb617756fa6fc63bb41010176f0640996116890b8d

Files

eee8b69ee909dbb00687f8cb617756fa6fc63bb41010176f0640996116890b8d
.exe windows:5 windows x86 arch:x86

03eaf58fcc2788aeabe3fa651b6b2ac5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\data_recovery\Output\Bin\Release\Uninstall.pdb

Imports

kernel32

SetEndOfFile
SetFilePointer
MoveFileExW
SetFileAttributesW
DeviceIoControl
GetSystemInfo
GetThreadLocale
SetThreadLocale
GetFileSize
GetFileAttributesExW
lstrlenA
InitializeCriticalSection
ResetEvent
SetEvent
PostQueuedCompletionStatus
GetExitCodeThread
TerminateThread
CreateEventW
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetCurrentThread
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
QueryPerformanceFrequency
RtlUnwind
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
lstrcmpA
FindFirstFileExW
lstrlenW
SetThreadPriority
GetCurrentProcess
SetPriorityClass
GetEnvironmentVariableW
DeleteFileW
CloseHandle
WriteFile
CreateFileW
GetTempPathW
GetSystemTime
GetNativeSystemInfo
GetVersionExW
SystemTimeToFileTime
Sleep
LocalFree
GetPrivateProfileStringW
ReadFile
GetStartupInfoW
CreatePipe
WaitForSingleObject
CreateProcessW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
IsValidLocale
GetShortPathNameW
LoadLibraryW
GetCurrentProcessId
OpenProcess
MulDiv
GetVersion
FreeResource
GlobalFree
GlobalAlloc
HeapDestroy
WideCharToMultiByte
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
GetProcAddress
FreeLibrary
DecodePointer
GetTickCount
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DeleteCriticalSection
GetModuleHandleW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

user32

wsprintfW
UpdateWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
SetTimer
GetWindow
PostQuitMessage
IsWindow
ShowWindow
GetParent
UnregisterClassW
SetWindowLongW
DefWindowProcW
CallWindowProcW
DestroyWindow
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MessageBoxW
SystemParametersInfoW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
BeginPaint
CopyRect
EndPaint
IsIconic
EqualRect
InvalidateRect
PtInRect
PostMessageW
TrackMouseEvent
GetCursorPos
SetFocus
SetCapture
ReleaseCapture
ClientToScreen
SetWindowRgn
MoveWindow
EnableWindow
UpdateLayeredWindow
ReleaseDC
GetDC
GetForegroundWindow
GetWindowTextW
SetForegroundWindow
IsWindowVisible
IsZoomed
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
LoadImageW
SetRectEmpty
IsRectEmpty
GetIconInfo
SetCursor
ScreenToClient
GetClientRect
MapWindowPoints
SetWindowPos
GetDoubleClickTime
IntersectRect
FillRect
SendMessageW
GetDlgItem
DrawTextW
SetWindowTextW
GetWindowTextLengthW
KillTimer
LoadIconW

gdi32

CreateRectRgnIndirect
SaveDC
SetBitmapBits
GetStockObject
SetBkColor
SetTextColor
SetBkMode
CreateSolidBrush
GetBitmapBits
StretchBlt
ExtSelectClipRgn
SetPixel
GetObjectW
CreateDIBSection
CreateRectRgn
CombineRgn
CreateRoundRectRgn
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
RestoreDC
CreatePen
Rectangle
CreateFontIndirectW
GetTextColor
GetCurrentObject
SetStretchBltMode
SetTextCharacterExtra

advapi32

OpenServiceW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DeleteService
CloseServiceHandle
ControlService
QueryServiceStatus
OpenSCManagerW
RegEnumKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
GetUserNameW

shell32

ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
ord165
SHCreateDirectoryExW

ole32

CoInitializeSecurity
CoCreateGuid
OleRun
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadTypeLi
LoadRegTypeLi
VariantClear
VariantCopy
VariantInit
VarBstrCmp
SysStringLen
SysAllocString
VarUI4FromStr
SysFreeString
GetErrorInfo

shlwapi

SHDeleteValueW
SHGetValueW
PathSearchAndQualifyW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathCombineW
PathFindFileNameW
StrCmpIW
PathRemoveBackslashW
PathIsDirectoryW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdiplusStartup
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdipDeleteFont

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

wininet

InternetCrackUrlW
InternetOpenW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetReadFile
InternetConnectW
HttpQueryInfoW
InternetSetOptionW

psapi

GetModuleFileNameExW

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

secur32

GetUserNameExW

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03eaf58fcc2788aeabe3fa651b6b2ac5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

crypt32

wininet

psapi

netapi32

iphlpapi

secur32

Sections

.text Size: 567KB - Virtual size: 567KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 8KB - Virtual size: 17KB

.gfids Size: 1024B - Virtual size: 576B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 567KB - Virtual size: 567KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 8KB - Virtual size: 17KB

.gfids
Size: 1024B - Virtual size: 576B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 28KB - Virtual size: 28KB