cb95f3594765c794d6439ca2be69de39128e3bc66b3234a3da0fa50d4493b3f6

Sharing

Copy URL

Twitter E-mail

General

Target

cb95f3594765c794d6439ca2be69de39128e3bc66b3234a3da0fa50d4493b3f6
Size

797KB
MD5

5e1d60aa834bf2d645c373a55c85d84e
SHA1

0af3d546c16577bf4bdccd2cfba97d6b10fea6f0
SHA256

cb95f3594765c794d6439ca2be69de39128e3bc66b3234a3da0fa50d4493b3f6
SHA512

f34cc707b27b985b2bb926c52cc263cd82f2707c95463205d10e493ed51cd2f84fef22b8ef426a53300e3981270fb390c78fbe0707ce00107c220a895b8ae503
SSDEEP

12288:malVLOIzVlbvfVbhi43B/ktkj+QUB8VbMGYQP79:ma/aiVlbvNbc43B/ktkjMBc79

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb95f3594765c794d6439ca2be69de39128e3bc66b3234a3da0fa50d4493b3f6

Files

cb95f3594765c794d6439ca2be69de39128e3bc66b3234a3da0fa50d4493b3f6
.dll windows:5 windows x86 arch:x86

b32819be6430c6bcd14f4a95e676819d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

q:\source\QB\Deployment\Install\Wiwrap\Bin\Wiwrap.pdb

Imports

msi

ord159
ord158
ord8
ord116
ord160
ord110
ord204
ord189
ord141
ord87
ord146
ord64
ord138
ord121
ord163
ord134
ord49
ord67
ord48
ord170
ord73
ord144
ord57
ord46
ord17
ord124
ord103
ord117
ord120
ord31

shlwapi

PathIsRootA
PathRemoveBlanksA
PathFileExistsA
PathMatchSpecA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

FreeEnvironmentStringsA
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
HeapFree
HeapReAlloc
GetLastError
HeapAlloc
GetProcessHeap
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
FindClose
FindFirstFileA
CompareStringA
SetFileAttributesA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
InterlockedDecrement
lstrlenA
LocalFree
FormatMessageA
RemoveDirectoryA
FindNextFileA
DeleteFileA
CopyFileA
CreateDirectoryA
MoveFileA
InterlockedIncrement
FreeLibrary
GetProcAddress
GetEnvironmentStrings
LoadLibraryA
GetDiskFreeSpaceA
GetModuleHandleA
SetFilePointer
ReadFile
LocalAlloc
GetOEMCP
Sleep
WriteFile
CreateFileA
SetLastError
GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
OpenMutexA
GetTimeFormatA
GetTempFileNameA
TerminateProcess
OpenProcess
GetCurrentProcess
IsValidCodePage
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetComputerNameA
GetDriveTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetCurrentThreadId
GetConsoleMode
GetConsoleCP
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetEndOfFile
GetLocaleInfoW
LoadLibraryExA
GetACP
UnhandledExceptionFilter
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetStringTypeW
GetStringTypeA
VirtualFree
HeapDestroy
HeapCreate
InitializeCriticalSection
lstrcpynA

user32

BroadcastSystemMessageA
RegisterWindowMessageA
EnumWindows
MessageBoxA
LoadStringA
FindWindowA
SendMessageA
GetForegroundWindow
IsWindowVisible
GetWindowTextA
wsprintfA
GetClassNameA
FindWindowExA
GetWindowThreadProcessId

advapi32

GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
LsaAddAccountRights
LsaRemoveAccountRights
LsaNtStatusToWinError
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
LsaOpenPolicy
LookupAccountNameA
RegEnumKeyExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathA
SHGetFolderPathA

ole32

StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

SysAllocStringByteLen
VariantClear
VariantCopy
VariantInit
SysAllocString
SysStringByteLen
GetErrorInfo
SysAllocStringLen
SysFreeString

activeds

ord3

Exports

Exports

?QBRemoveServerUtilityShortcut@CCustomAction@@QAEHK@Z
CheckIfRebootIsRequired
CleanupQBBinaryFiles
ConfigureFlavorSelection
CopyOEMFiles
CreateQBShortcuts
CreateServiceAccount
DeleteServiceAccount
DisplayMsgBox
DisplayStdMsgBox
ExtractQBBinaryFiles
FnTest
GetInstalledFlavorCount
GetSelectedPrevQBPath
ISWAddGroupTrust
ISWRemoveGroupTrust
InstallOverNonQBProduct
MoveFilesEx
OnBegin
OnEnd
OnFirstUIAfter
OnReadyToInstall
ParseComboValueToExtractInstallFolder
ParsePreviousInstallationDir
PopulateProgramFolders
PopulateQBProperties
PrepareConfigFiles
QBCOMPlusApplications
QBOverwrite
QBPostFinishDlgActions
QBPostInstall
ReadRegistryPermissions
RegisterOLBUAssembly
RegisterQBFCSAssempbly
RegisterQFMAssembly
RestoreRegistryToProperty
RetrieveQBVersions
SelectComponents
SelectQuickBooksComponents
SetAllUsersDocumentFolder
SetFCSPassword
SetQBModeProp
SetRegistryPermissions
SimulateRollback
TestCA
UninstallFlavor
UpdateQBServiceProperties
ValidateKeyCode
ValidateKeyCodeIM
VerifyAndUninstallOldMSIProduct
VerifyAndUninstallPreviousMSIProduct
VerifyDestinationSelection
VerifyIfBetaVersionIsInstalled
VerifyInstallDir
WriteQBApplicationParameters
XCopyFiles

Sections

.text
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b32819be6430c6bcd14f4a95e676819d

Headers

File Characteristics

PDB Paths

Imports

msi

shlwapi

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

activeds

Exports

Exports

Sections

.text Size: 489KB - Virtual size: 488KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 489KB - Virtual size: 488KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 33KB