220f6493d1fe38cc428ac0a3b41e83f5f0e9d30734a51c8d9ca98a82d2d4c6a3 | Triage

Sharing

General

Target

220f6493d1fe38cc428ac0a3b41e83f5f0e9d30734a51c8d9ca98a82d2d4c6a3
Size

8.6MB
MD5

1bbc723ee69bf3a8cc8399ec225835e6
SHA1

98cbf76554bd27124d503789e92d502a057ace98
SHA256

220f6493d1fe38cc428ac0a3b41e83f5f0e9d30734a51c8d9ca98a82d2d4c6a3
SHA512

08ac2f32923110a88ed08aa24406076ed0afef085875b94febd24b36055227786449ba086859901fbfabba69ad90717419fecbfd4b7de84a8f7566285e9e8f07
SSDEEP

384:kFJzz7j5vWGccDHsswfVyfy7W+JFzpQu8HgJUrDWOCX6MsxDC7P:kBRWGccD9wfsEZCHyqMs5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
220f6493d1fe38cc428ac0a3b41e83f5f0e9d30734a51c8d9ca98a82d2d4c6a3

Files

220f6493d1fe38cc428ac0a3b41e83f5f0e9d30734a51c8d9ca98a82d2d4c6a3
.exe windows:4 windows x86 arch:x86

8e5e2eb068d303a72252fb9c94095513

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mini_installer_patch_3stage.pdb

Imports

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

LocalFree
LockResource
SizeofResource
LoadResource
FindResourceW
lstrcmpiW
GetCommandLineW
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
MultiByteToWideChar
ReadFile
WriteFile
CloseHandle
SetFilePointer
CreateFileW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetProcAddress
LoadLibraryExW
ExpandEnvironmentStringsW
lstrlenW
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateProcessW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
GetTickCount
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameW
MoveFileExW
EnumResourceNamesW
GetTempPathW
FindFirstFileExW
SetProcessWorkingSetSize
GetCurrentProcess
ExitProcess
GetModuleHandleW

shell32

CommandLineToArgvW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ