Static task
static1
General
-
Target
XIII_Windows_10_Edition_Setup_04_09_2019.zip
-
Size
25.5MB
-
MD5
91c0f536326ef92777b50febe8d21288
-
SHA1
58a340c98e8245255f03a9ee8db6f2afe73f5a50
-
SHA256
ddc6f2be384acf5dbd19b9b5d838e68a40fc4fae8771fcb68bdaea77317d097f
-
SHA512
b8685f80d0dc181f951ee5d52acf968749415f88f4430f44e086558c51eda0adedc799c070e11772649411e39e09417c7e652d2bc9cbd312ed1a35931df137a0
-
SSDEEP
786432:WAoEuds86CRWVRIgH2bUb/AkrbxZUbXcRUo:WAoE+WVNWQckRZUoyo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/XIII Windows 10 Edition Setup.exe
Files
-
XIII_Windows_10_Edition_Setup_04_09_2019.zip.zip
-
XIII Windows 10 Edition Setup.exe.exe windows:5 windows x86 arch:x86
1138cbeca737294349f65c9e57494919
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
GetTickCount
GetModuleFileNameW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
SetErrorMode
GetCurrentProcess
ExitProcess
GetVersion
GetWindowsDirectoryW
CopyFileW
GetDiskFreeSpaceW
CreateThread
GetModuleHandleW
GlobalLock
lstrcpynW
lstrlenW
CreateDirectoryW
GetTempFileNameW
RemoveDirectoryW
WriteFile
GetLastError
GetPrivateProfileStringW
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
GetProcAddress
lstrcmpiA
lstrcpyA
lstrcatW
MoveFileExW
FreeLibrary
Sleep
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
lstrlenA
lstrcmpiW
lstrcmpW
MulDiv
GlobalFree
GlobalAlloc
WaitForSingleObject
LoadLibraryExW
GlobalUnlock
user32
EndDialog
CheckDlgButton
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
IsWindowEnabled
GetSystemMetrics
GetSystemMenu
CreatePopupMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
GetWindowRect
SetCursor
ScreenToClient
GetSysColor
GetWindowLongW
SetClassLongW
DialogBoxParamW
LoadCursorW
SystemParametersInfoW
wsprintfA
DispatchMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharPrevW
MessageBoxIndirectW
CharNextW
ExitWindowsEx
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
SetWindowLongW
ReleaseDC
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
CallWindowProcW
LoadBitmapW
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
DefWindowProcW
GetMessagePos
InvalidateRect
gdi32
CreateBrushIndirect
DeleteObject
SelectObject
SetBkMode
SetTextColor
GetDeviceCaps
SetBkColor
CreateFontIndirectW
shell32
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderLocation
advapi32
AdjustTokenPrivileges
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
LookupPrivilegeValueW
SetFileSecurityW
RegCreateKeyExW
comctl32
ImageList_AddMasked
ord17
ImageList_Create
ImageList_Destroy
ole32
OleInitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 196KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 199KB - Virtual size: 199KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/modern-wizard.bmp