NoRiskClient-Windows-setup(1)[.]exe

Resubmissions

19/06/2024, 18:41

240619-xb2r9aweqf 8

19/06/2024, 18:38

240619-w952wswdpd 8

19/06/2024, 18:36

240619-w88rdswdlc 8

Sharing

Copy URL Twitter E-mail

General

Target

NoRiskClient-Windows-setup(1).exe
Size

8.3MB
MD5

a31d996a8bf5c3ba7e1798fe7c506c5c
SHA1

3e2fa505f9b26e44dc24d04b6be130aa4d6ce8ce
SHA256

27fbca10c3358d9e4c6759fd0070a3756d78183a5107a8e85fa1d796a8c3da41
SHA512

29a02611e0d35f0a95b6a0277f1f3f1595bf21f5dfe34ec13ba1ffb8bbf7a17ec7d28ad63a18a42d8def5366232e9dd708a58bd567346b69edfbda6c863ace74
SSDEEP

196608:hr4Syq+nOPnUiivQAXTw2w5QICvxHf2MNMza1+OC3M/spGpB15F:hspOPAvPT6cd28MkD/spGpb5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
NoRiskClient-Windows-setup(1).exe
unpack001/$PLUGINSDIR/ApplicationID.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsis_tauri_utils.dll
unpack001/NoRiskClient.exe

Files

NoRiskClient-Windows-setup(1).exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ApplicationID.dll
.dll windows:6 windows x86 arch:x86

8c45ff8a205d07c8c17066afebcdfc91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\src\NSIS-ApplicationID\ReleaseUnicode\ApplicationID.pdb

Imports

kernel32

lstrcpynW
GlobalAlloc
GlobalFree
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
HeapSize
CreateFileW

shell32

SHCreateItemFromParsingName
SHGetPropertyStoreFromParsingName

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

SHStrDupW

Exports

Exports

Set
UninstallJumpLists
UninstallPinnedItem

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
FindClose
FindNextFileW
lstrcmpW
GetModuleHandleW
lstrcmpiW
MulDiv
lstrcpynW
GlobalAlloc
lstrcpyW
FindFirstFileW
GlobalFree

user32

GetMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetDlgItem
GetWindowLongW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
SendMessageW
IsDlgButtonChecked
GetWindowTextW
CreateDialogParamW
SetWindowLongW
wsprintfW
ScreenToClient
IsDialogMessageW
CallWindowProcW

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis_tauri_utils.dll
.dll windows:6 windows x86 arch:x86

b392d57756ec58e18fc530625caf424c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SystemFunction036

kernel32

HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
CloseHandle
Sleep
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
lstrcpyW
GlobalFree
GlobalAlloc
lstrcpynW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
GetCurrentThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetStdHandle
GetLastError
GetConsoleMode
WaitForSingleObject
WriteConsoleW
SetLastError
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
CreateFileW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
FindClose
SetHandleInformation
CreateThread
SetThreadStackGuarantee
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId

user32

CreateWindowExW
ShowWindow
SendMessageW
SetWindowPos
GetWindowLongW
SetWindowTextW
FindWindowExW

ws2_32

getpeername
select
listen
bind
connect
recv
send
accept
ioctlsocket
getsockname
WSACleanup
WSASend
WSARecv
WSAStartup
setsockopt
getsockopt
closesocket
WSASocketW
WSAGetLastError
getaddrinfo
freeaddrinfo

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

vcruntime140

memmove
__std_type_info_destroy_list
__CxxFrameHandler3
memcmp
memset
memcpy
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_cexit
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e

Exports

Exports

Download
FindProcess
KillProcess
SemverCompare

Sections

.text
Size: 513KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NoRiskClient.exe
.exe windows:6 windows x64 arch:x64

6a5927128fb7c25cd0d27dd0c4ceb947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\noriskclient-launcher\noriskclient-launcher\src-tauri\target\release\deps\noriskclient.pdb

Imports

ntdll

RtlUnwindEx
RtlPcToFileHeader
NtWriteFile
NtReadFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlGetNtVersionNumbers
RtlVirtualUnwind
NtQueryInformationProcess
RtlGetVersion
NtQuerySystemInformation

kernel32

GetTickCount64
GlobalMemoryStatusEx
GetCurrentProcessId
GetLogicalDrives
GetDiskFreeSpaceExW
GetProcessTimes
GetSystemInfo
WaitForSingleObject
WakeConditionVariable
DeleteCriticalSection
GetDriveTypeW
GetExitCodeProcess
SleepConditionVariableSRW
ReleaseSRWLockShared
AcquireSRWLockShared
GetLastError
ReleaseSemaphore
ReadDirectoryChangesW
CreateSemaphoreW
CreateFileW
GetModuleHandleA
GetProcAddress
LoadLibraryExA
FreeLibrary
CancelIo
WaitForSingleObjectEx
CreateEventW
RegisterWaitForSingleObject
FormatMessageW
TryAcquireSRWLockExclusive
lstrlenW
DeviceIoControl
GetUserDefaultLocaleName
SetFileTime
GetProcessHeap
LoadLibraryA
HeapAlloc
Sleep
HeapFree
ReadProcessMemory
GlobalLock
GlobalSize
GlobalUnlock
GetModuleHandleW
VirtualQueryEx
LocalFree
CreateMutexA
GlobalAlloc
GetTempPathW
GetSystemTimeAsFileTime
GlobalFree
MultiByteToWideChar
GetCurrentThread
OpenProcess
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetUserDefaultUILanguage
LCIDToLocaleName
GetSystemDirectoryW
LoadLibraryW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
GetFullPathNameW
ExitProcess
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
QueryPerformanceFrequency
WakeAllConditionVariable
GetProcessId
TerminateProcess
SleepEx
WriteFileEx
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
GetProcessIoCounters
GetSystemTimes
SetLastError
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetCurrentThreadId
GetStdHandle
SetFileCompletionNotificationModes
GetOverlappedResult
ReadFile
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
LoadLibraryExW
IsDebuggerPresent
GetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
RaiseException
CreateIoCompletionPort
SetHandleInformation
GetFileInformationByHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleMode
SetFileAttributesW
MoveFileExW
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
TlsSetValue
UnregisterWaitEx
GetVolumeInformationW
TlsFree

user32

SetWindowTextW
RedrawWindow
MonitorFromPoint
EnumDisplayMonitors
IsProcessDPIAware
GetClientRect
PostMessageW
SystemParametersInfoA
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
GetWindowLongPtrW
SetWindowDisplayAffinity
GetCursorPos
GetMenu
ShowCursor
ClipCursor
GetClipCursor
GetSystemMenu
ShowWindow
SetWindowLongW
SendMessageW
DestroyAcceleratorTable
DestroyIcon
CreateIcon
GetKeyboardLayout
CheckMenuItem
EnableMenuItem
ReleaseCapture
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
GetWindowTextW
EnumChildWindows
SetForegroundWindow
RegisterClipboardFormatW
SendInput
CloseClipboard
SetClipboardData
EmptyClipboard
GetDC
SetMenu
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
UnregisterHotKey
GetWindowTextLengthW
GetActiveWindow
RegisterHotKey
MapVirtualKeyExW
GetKeyState
ToUnicodeEx
GetRawInputData
FlashWindowEx
ClientToScreen
IsIconic
CreateAcceleratorTableW
GetKeyboardState
GetAsyncKeyState
GetForegroundWindow
VkKeyScanW
SetMenuItemInfoW
CreateMenu
PostQuitMessage
AppendMenuW
GetMessageA
DispatchMessageA
SetCursorPos
LoadCursorW
SetCursor
MapVirtualKeyW
GetMessageW
GetAncestor
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyWindow
PostThreadMessageW
DefWindowProcW
ChangeDisplaySettingsExW
PeekMessageW
SetWindowPlacement
GetWindowPlacement
SetWindowPos
InvalidateRgn
CreateWindowExW
IsWindow
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetWindowLongW
RegisterTouchWindow
GetUpdateRect
ValidateRect

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass
TaskDialogIndirect

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

ole32

CoTaskMemAlloc
CoSetProxyBlanket
CreateStreamOnHGlobal
OleInitialize
RegisterDragDrop
RevokeDragDrop
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemFree

shell32

ShellExecuteW
CommandLineToArgvW
SHCreateItemFromParsingName
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetKnownFolderPath

ws2_32

WSASocketW
bind
connect
ioctlsocket
getsockopt
WSADuplicateSocketW
shutdown
recv
send
WSASend
getpeername
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
closesocket
WSACleanup
getaddrinfo
freeaddrinfo
getsockname

advapi32

CredFree
EventRegister
GetTokenInformation
OpenProcessToken
EventSetInformation
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
SystemFunction036
RegOpenKeyExW
CredWriteW
CredReadW
EventWriteTransfer
CredDeleteW
RegCloseKey
RegGetValueW
EventUnregister
RegQueryValueExW

pdh

PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery
PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryA

psapi

GetModuleFileNameExW
GetPerformanceInfo

powrprof

CallNtPowerInformation

oleaut32

SetErrorInfo
SysFreeString
VariantClear
GetErrorInfo
SysStringLen
SysAllocString

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2
GetAdaptersAddresses

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
DeleteSecurityContext
ApplyControlToken
DecryptMessage
InitializeSecurityContextW
QueryContextAttributesW
LsaEnumerateLogonSessions
AcquireCredentialsHandleA
AcceptSecurityContext
FreeContextBuffer
EncryptMessage
FreeCredentialsHandle

uxtheme

SetWindowTheme

crypt32

CertDuplicateStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertAddCertificateContextToStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertOpenStore

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

round
__setusermatherr
trunc
floor
pow

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
_wcsicmp
wcslen
strlen

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free
calloc

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
terminate
_crt_atexit
_initterm
abort
_initialize_narrow_environment
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_wassert
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_set_app_type
_exit
exit
_seh_filter_exe
_initterm_e

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13.9MB - Virtual size: 13.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
redist/MicrosoftEdgeWebview2Setup.exe
.exe windows:5 windows x86 arch:x86

7899cb8ba886a0690bdc28d8b481bbd1

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:57:97:41:81:d1:09:95:4f:1c:10:95:8c:65:4e:63
Certificate

Issuer

CN=EdgeBuild,O=EdgeBuild,L=Redmond,ST=Washington,C=US

Not Before

15/06/2020, 23:52

Not After

31/12/2039, 23:59

Subject

CN=EdgeBuild,O=EdgeBuild,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1
Signer

Actual PE Digest

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1

Digest Algorithm

sha256

PE Digest Matches

true

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1
Signer

Actual PE Digest

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
OutputDebugStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
RaiseException
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
VirtualProtect
EncodePointer
LoadLibraryExW
QueryPerformanceCounter
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStringTypeW
CreateDirectoryW
SizeofResource
FindFirstFileW
Wow64DisableWow64FsRedirection
RemoveDirectoryW
GetTempPathW
FormatMessageW
Wow64RevertWow64FsRedirection
GetFileAttributesExW
GetDiskFreeSpaceExW
LockResource
DeleteFileW
FindResourceExW
LoadResource
FindResourceW
HeapDestroy
LocalFree
VerSetConditionMask
CopyFileW
VerifyVersionInfoW
GetTempFileNameW
lstrcmpiW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
CreateThread
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
CreateProcessW
GetExitCodeProcess
ResetEvent
WaitForSingleObjectEx
GetSystemInfo
LoadLibraryExA

advapi32

RegSetValueExA
SetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
RegOpenKeyExW
RegQueryValueExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExW
RegOpenKeyExA
RegDeleteValueA

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx

shell32

SHGetKnownFolderPath
ord680
CommandLineToArgvW
SHGetFolderPathW

user32

CharLowerBuffW
MessageBoxW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 180KB

.rsrc Size: 17KB - Virtual size: 17KB

8c45ff8a205d07c8c17066afebcdfc91

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 3KB - Virtual size: 6KB

.gfids Size: 1024B - Virtual size: 552B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 578B

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 180KB

.rsrc
Size: 17KB - Virtual size: 17KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 3KB - Virtual size: 6KB

.gfids
Size: 1024B - Virtual size: 552B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 578B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 513KB - Virtual size: 512KB

.rdata
Size: 536KB - Virtual size: 536KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: 13.9MB - Virtual size: 13.9MB