e44494debcaf3f99b2dd8154a8aae2b12a96f0fcdd7611f0c48fac82d7b9f809

Sharing

Copy URL Twitter E-mail

General

Target

e44494debcaf3f99b2dd8154a8aae2b12a96f0fcdd7611f0c48fac82d7b9f809
Size

391KB
MD5

8a093a64a2a42b263ad7798918b179fb
SHA1

03ded51f021ab790998bfe897481073bfbe9bd16
SHA256

e44494debcaf3f99b2dd8154a8aae2b12a96f0fcdd7611f0c48fac82d7b9f809
SHA512

08c764e600246486d9397f89e8003653ad68597be2a9d47be3e04ffa32c431a8d038cdae2ece2178f51da56a730ec0e68262ae891708696ae8e6dbbde9f5edc3
SSDEEP

6144:7o5cshx07F6eoUJe90jM4nTbpvIZYaaCj1ox1zt2ZMgb+uL:7o5f+xJ0St/pQf61AWc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e44494debcaf3f99b2dd8154a8aae2b12a96f0fcdd7611f0c48fac82d7b9f809

Files

e44494debcaf3f99b2dd8154a8aae2b12a96f0fcdd7611f0c48fac82d7b9f809
.dll windows:6 windows x64 arch:x64

b04521b4dddc6a585a26d321b563ea6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Mobility\win_mf\Build\x64\Release\Crash\Symbols\dll\CustomActions_TCUA.pdb

Imports

msi

ord74
ord32
ord103
ord8
ord145
ord49
ord125
ord121
ord17
ord159

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winhttp

WinHttpCloseHandle

kernel32

lstrlenW
GetCurrentDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetProcAddress
lstrcmpiW
CloseHandle
WaitForSingleObject
TerminateThread
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToFileTime
CreateFileW
DeleteFileW
GetTempFileNameW
DecodePointer
RaiseException
DeviceIoControl
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
GetEnvironmentVariableW
WriteFile
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
MoveFileW
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
GetSystemInfo
FreeLibrary
GetModuleHandleW
GetConsoleCP
LoadResource
LockResource
LocalFree
FormatMessageA
FormatMessageW
lstrcpynW
FindResourceW
lstrcpyW
WideCharToMultiByte
GetLocaleInfoW
SetCurrentDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
GetExitCodeProcess
CreateProcessA
OutputDebugStringA
LocalAlloc
GetCurrentDirectoryA
CreateDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetTempPathA
ReleaseMutex
CreateMutexA
GetSystemTime
GetModuleFileNameA
IsValidCodePage
HeapSize
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetStdHandle
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
PeekNamedPipe
GetFileType
GetFileInformationByHandle
AreFileApisANSI
ReadFile
GetCommandLineA
RtlPcToFileHeader
lstrcmpW
SetLastError
GetLastError
GetFileAttributesW
CreateDirectoryW
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
CompareStringW
LCMapStringW
FlushFileBuffers
WriteConsoleW
GetTimeZoneInformation
GetFullPathNameW
SetEndOfFile
GetConsoleMode
ReadConsoleW
MultiByteToWideChar
SetFilePointerEx
LoadLibraryExW
SetEnvironmentVariableA
EncodePointer
RtlUnwindEx
RtlLookupFunctionEntry
IsDebuggerPresent
HeapFree

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
GetUserNameA

shell32

SHGetFolderPathA
SHGetFolderPathW

ole32

CoCreateInstance

Exports

Exports

Ca1
Ca2
Ca3
Ca4
Ca5
Ca6
CaCreateConfiguration
CaDeleteConfiguration
CaFinalize
CaInstall
CaServerCheck
CaStartService
CaStopService
CaUpgrade
CaV4Remove

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b04521b4dddc6a585a26d321b563ea6c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

version

winhttp

kernel32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 181KB - Virtual size: 181KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 8KB - Virtual size: 17KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 181KB - Virtual size: 181KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 8KB - Virtual size: 17KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 2KB - Virtual size: 1KB