e0b38587e45a8d04166f79693099ef8b33efc7c8f047e10f56973eeb463a5ada

Sharing

Copy URL

Twitter E-mail

General

Target

e0b38587e45a8d04166f79693099ef8b33efc7c8f047e10f56973eeb463a5ada
Size

14.2MB
MD5

d3f21493a226b5dc449384e9511b6473
SHA1

97f2576a57677f3215cbe1df629c6054cda573d5
SHA256

e0b38587e45a8d04166f79693099ef8b33efc7c8f047e10f56973eeb463a5ada
SHA512

5fd31d00b8dfa3191f9720ab35e3ba325e5db1ad9202788dd3562005f08cfc46d5b6c796ed0dcf83dc1f570bc393c4996b0a1aa26ddfb3d75532e21b7de98fc5
SSDEEP

393216:pgKtpMJNz9p20jv1PBMudOmRNYl7EUus9:poDwM9Piud5jYlX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0b38587e45a8d04166f79693099ef8b33efc7c8f047e10f56973eeb463a5ada

Files

e0b38587e45a8d04166f79693099ef8b33efc7c8f047e10f56973eeb463a5ada
.exe windows:5 windows x86 arch:x86

609b0a46f7e1c0b69a85d4494b86b9ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\snapchat_install_uninst\install_uninstall_code\Release\Install.pdb

Imports

kernel32

InterlockedDecrement
ExitThread
lstrcmpiW
LoadLibraryExW
GetCommandLineW
WritePrivateProfileStringW
SetEvent
CreateEventW
GetDriveTypeW
GetTempFileNameW
RtlCaptureStackBackTrace
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
lstrlenA
FormatMessageW
LocalAlloc
GetSystemInfo
ResetEvent
GetFileSizeEx
OutputDebugStringW
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
CreateThread
RaiseException
DecodePointer
LoadLibraryA
lstrcpynW
GetLocalTime
Sleep
DeleteCriticalSection
LocalFree
LoadLibraryW
GetCurrentProcess
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetModuleHandleW
GetTickCount
GetProcAddress
CreateFileW
ReadFile
GetFileSize
UnlockFile
LockFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetEndOfFile
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
WriteFile
OpenProcess
GetLongPathNameW
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
InterlockedIncrement
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
FindResourceExW
FindResourceW
GetCurrentThreadId
lstrlenW
FindClose
SizeofResource
LoadResource
SetLastError
GetLastError
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DeleteFileA
CreateFileA
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
RtlUnwind
CopyFileW
QueryDosDeviceW
GetLogicalDriveStringsW
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
GetTempFileNameA
GetTempPathA
CloseHandle
CreateTimerQueue
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TryEnterCriticalSection
QueryPerformanceFrequency
GetFullPathNameW
WaitForSingleObject
QueryPerformanceCounter
GetFileAttributesExW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetShortPathNameW
GetPrivateProfileStringW
OpenEventW
InterlockedCompareExchange
InterlockedExchange
GetDiskFreeSpaceExW
GetSystemDirectoryW
WaitForMultipleObjects
SetFilePointer
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetEnvironmentVariableW

user32

InvalidateRect
BeginPaint
ReleaseDC
GetDC
DrawTextW
CallWindowProcW
IsWindowEnabled
ReleaseCapture
SetCapture
GetAsyncKeyState
GetFocus
SetWindowPos
UpdateLayeredWindow
ShowWindow
DefWindowProcW
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SendMessageW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
ClientToScreen
ScreenToClient
FillRect
GetWindowLongW
SetWindowTextW
UnregisterClassW
LoadStringW
GetShellWindow
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
EndPaint
SetWindowLongW
IsDialogMessageW
GetActiveWindow
EndDialog
DialogBoxParamW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
CopyRect
MapWindowPoints
RedrawWindow
SetForegroundWindow
GetSystemMetrics
EnableWindow
SetFocus
IsIconic
IsWindowVisible
MoveWindow
wsprintfW
SendMessageTimeoutW
FindWindowW
UnionRect
OffsetRect
EqualRect
PtInRect
SetCursor
DrawFocusRect
UnregisterClassA
PostQuitMessage
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
GetParent

gdi32

BitBlt
CreatePatternBrush
CreateRectRgnIndirect
DeleteDC
DeleteObject
GetStockObject
RestoreDC
CreateFontW
SelectClipRgn
SelectObject
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
SetViewportOrgEx
EnumFontFamiliesW
RectVisible
SaveDC
OffsetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegQueryValueExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
GetExplicitEntriesFromAclW
LookupAccountNameW
LookupAccountSidW
DeleteAce
EqualSid
RegOpenKeyExA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CreateWellKnownSid
GetUserNameW
SetEntriesInAclW

shell32

CommandLineToArgvW
SHGetPathFromIDListW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHChangeNotify
SHCreateDirectoryExW
ShellExecuteW
ord165
SHBrowseForFolderW

ole32

CoCreateGuid
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleRun
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

VarBstrCmp
VariantClear
SysFreeString
SysAllocString
SysStringByteLen
VarUI4FromStr
SysStringLen
VariantInit
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
VariantCopy

shlwapi

PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathFileExistsW
PathFindExtensionW
StrCmpNIW
StrTrimA
StrStrIA
PathFindFileNameW
StrCmpIW
StrToIntExW
SHGetValueW
PathRemoveFileSpecW
StrStrIW
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
PathIsDirectoryW
SHSetValueW
StrToInt64ExW
wvnsprintfW
SHGetValueA
PathIsPrefixW
wnsprintfW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipDeleteGraphics
GdipSetSmoothingMode
GdipFillPath
GdipDrawImagePointRectI
GdipCreateLineBrushI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateFromHDC
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipCloneBrush
GdipAddPathArcI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDeleteBrush

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSetCredentials
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable

setupapi

SetupIterateCabinetW

Exports

Exports

BasicEntry
InstallEntryW
Start
_BasicEntryEx@12

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

609b0a46f7e1c0b69a85d4494b86b9ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

winhttp

setupapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 254KB - Virtual size: 254KB

.data Size: 63KB - Virtual size: 99KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 254KB - Virtual size: 254KB

.data
Size: 63KB - Virtual size: 99KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 59KB - Virtual size: 58KB