1f6d662e914d4336d84cf6545c7825484bba095b2ed9644991ec66b55c6e50e4

Sharing

Copy URL Twitter E-mail

General

Target

1f6d662e914d4336d84cf6545c7825484bba095b2ed9644991ec66b55c6e50e4
Size

3.8MB
MD5

042dfb8224a041bc07330e9c3b7eebd4
SHA1

29f39932e117f5f98b18830f6850be48598c01b2
SHA256

1f6d662e914d4336d84cf6545c7825484bba095b2ed9644991ec66b55c6e50e4
SHA512

bc291c2aa30bad5e9fd5ce5359584f17b3b39c1430d4ebad3c75496d4f1018f5b245fdeb2f9f25807e08a709fc2a63ba39a2b8d7d9e1d634252d9d6d9add1e8c
SSDEEP

98304:jOlxyx1rYP44YaQqtGeIEAGoZXvFBfyCf:jOS7dqtGeIhGQXNBfRf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f6d662e914d4336d84cf6545c7825484bba095b2ed9644991ec66b55c6e50e4

Files

1f6d662e914d4336d84cf6545c7825484bba095b2ed9644991ec66b55c6e50e4
.exe windows:5 windows x86 arch:x86

a3622807cb86a927bbc2d2a20256f73d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\src\bundle_2010\Client\BundleInstall\SmallStandalone\rkinstaller.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetConnectA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetOpenW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
InternetGetConnectedState
InternetReadFile
InternetSetOptionA
CommitUrlCacheEntryA
HttpOpenRequestA
CreateUrlCacheEntryA

comctl32

ord17

wsock32

WSAStartup
ioctlsocket
select
WSAGetLastError
htons
shutdown
setsockopt
recv
bind
connect
__WSAFDIsSet
WSASetLastError
closesocket
gethostbyname
send
listen
accept
inet_addr
gethostname
inet_ntoa
htonl
recvfrom
sendto
getpeername
getsockopt
ntohs
getsockname
WSACleanup
getservbyport
socket
gethostbyaddr
getservbyname

dnsapi

DnsQuery_A
DnsFree

kernel32

CopyFileA
SetFileAttributesA
LoadLibraryA
WritePrivateProfileStringA
lstrcmpiA
GetModuleHandleA
GetVersionExA
CompareFileTime
GetSystemTimeAsFileTime
ReadFile
HeapAlloc
HeapFree
GetProcessHeap
GetTimeZoneInformation
GetDiskFreeSpaceA
FindNextFileA
GetDiskFreeSpaceExA
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetProcAddress
LocalFree
FormatMessageW
SetLastError
QueryPerformanceFrequency
WaitForSingleObject
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
QueryPerformanceCounter
GetEnvironmentVariableA
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
SystemTimeToFileTime
GetSystemTime
FreeLibrary
GetCurrentProcessId
OpenEventA
FindClose
OutputDebugStringA
CreateProcessA
ConvertThreadToFiberEx
ConvertFiberToThread
GetModuleHandleExW
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualLock
DeleteFiber
CreateFiberEx
SwitchToFiber
InterlockedCompareExchange64
InterlockedExchangeAdd
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
GetExitCodeProcess
FindFirstFileA
CreateDirectoryA
GetSystemDirectoryA
FileTimeToSystemTime
Sleep
GetVolumeInformationA
GetCommandLineA
GetDateFormatA
SetEvent
GetTimeFormatA
SystemTimeToTzSpecificLocalTime
MoveFileExA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
OpenMutexA
GetStartupInfoA
InitializeCriticalSection
GetCurrentProcess
DeleteFileA
GetTempPathA
CloseHandle
GetTempFileNameA
GetLastError
WriteFile
SetConsoleMode
GetEnvironmentVariableW
ReadConsoleW
ReadConsoleA
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
LoadLibraryW
SetConsoleCtrlHandler
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameA
SetEndOfFile
FatalAppExitA
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapDestroy
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteConsoleW
CreateFileW
SetHandleCount
GetTickCount
CreateFileA
GetFileAttributesA
RemoveDirectoryA
VirtualQuery
GetWindowsDirectoryA
SleepEx
SetStdHandle
ExitProcess
GetModuleHandleW
HeapSize
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
FindFirstFileExA
GetDriveTypeA
HeapReAlloc
RaiseException
GetStartupInfoW
HeapSetInformation
CreateThread
GetCurrentThreadId
ExitThread
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileInformationByHandle
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
InterlockedExchange
lstrlenA
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SetCriticalSectionSpinCount
ResetEvent
ReleaseMutex
ReleaseSemaphore
CancelWaitableTimer
SetWaitableTimer
LocalAlloc
CreateEventA
CreateMutexA
CreateSemaphoreA
CreateWaitableTimerA
OpenProcess
FormatMessageA
FindFirstFileW
FindNextFileW
GetShortPathNameA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetVersion
GetComputerNameA
GetModuleFileNameW
LoadLibraryExA
InterlockedCompareExchange
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetFilePointer
Process32First
Process32Next
CreateToolhelp32Snapshot
DeleteFileW
EncodePointer
DecodePointer

user32

ReleaseDC
GetDC
LoadMenuA
LoadImageA
EnumWindows
EnumChildWindows
ExitWindowsEx
GetClassNameA
GetWindowThreadProcessId
DefWindowProcA
GetProcessWindowStation
CreateWindowExA
TranslateMessage
LoadIconA
SetForegroundWindow
PostQuitMessage
RegisterClassExA
GetWindowRect
MessageBoxW
DestroyWindow
SetWindowTextA
PostMessageA
SetWindowPos
GetClientRect
KillTimer
GetSystemMetrics
GetDesktopWindow
ShowWindow
LoadStringA
GetUserObjectInformationW
DispatchMessageA
UpdateWindow
LoadCursorA
MoveWindow
TranslateAcceleratorA
GetMessageA

advapi32

SetSecurityDescriptorDacl
RegSaveKeyA
RegFlushKey
CreateProcessAsUserA
OpenProcessToken
CryptDestroyKey
CryptGetUserKey
CryptGetProvParam
CryptEnumProvidersW
CryptDecrypt
CryptSetHashParam
CryptSignHashW
CryptExportKey
CryptAcquireContextW
RegisterEventSourceW
ReportEventW
DuplicateTokenEx
OpenServiceA
DeregisterEventSource
ConvertSidToStringSidA
CheckTokenMembership
SetFileSecurityA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeValueA
AdjustTokenPrivileges
SetTokenInformation
SetSecurityInfo
RegEnumKeyExA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegCreateKeyExA
RegDeleteKeyA
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
CloseServiceHandle
QueryServiceStatus
RegQueryInfoKeyA
OpenSCManagerA
RegEnumValueA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegSetKeySecurity

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

OleRun
OleInitialize
CoCreateInstance
StringFromGUID2
CoTaskMemFree

oleaut32

GetErrorInfo
VariantInit
VariantClear
LoadTypeLi
SysAllocString
SysFreeString
VariantChangeType
SetErrorInfo
CreateErrorInfo
DispGetIDsOfNames

shlwapi

SHCopyKeyA

crypt32

CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore

ws2_32

getaddrinfo
freeaddrinfo
WSAIoctl
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACreateEvent
WSASetEvent

wldap32

ord217
ord211
ord22
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord60
ord46
ord41
ord143

gdi32

GetDeviceCaps

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3622807cb86a927bbc2d2a20256f73d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wininet

comctl32

wsock32

dnsapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

ws2_32

wldap32

gdi32

bcrypt

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 649KB - Virtual size: 648KB

.data Size: 26KB - Virtual size: 57KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 649KB - Virtual size: 648KB

.data
Size: 26KB - Virtual size: 57KB

.rsrc
Size: 5KB - Virtual size: 4KB