alt[.]app[.]installer[.]exe

Resubmissions

05/08/2024, 14:11

240805-rheneaybkp 3

05/08/2024, 13:51

240805-q5s9ms1hkd 3

Sharing

Copy URL Twitter E-mail

General

Target

alt.app.installer.exe
Size

98.6MB
MD5

196134e5075359e914d4ecb7608b6fef
SHA1

76c9a646f0e0640de24d8d1bd8c82d1b54032a12
SHA256

f0ceb800f99d4bed220501325affeeae16c6bcd0cc6cbc674b646c375e5017b2
SHA512

7f909780a96dfba1440666ac0512e9d065523069ee1efa2962a03de8f23e3f5af4856662220541a3d41c60fac84637c169b8a3ba7ce311cadbf123a3b4487675
SSDEEP

1572864:fziv4pbMTlAu3xPgbPJOZqg4zPzHXvMBSY+cb4lnBy1Fx1e5/8Wgp2GNm9d5E0Yw:mv4ehAu3ybQMPrvqXInBCW/8WgK9/Ene

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
alt.app.installer.exe

Files

alt.app.installer.exe
.exe windows:6 windows x86 arch:x86

e67a2cf3d892fef95a63308edc50bda6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\MouriNaruto\NanaZip\Output\Binaries\Release\Win32\NanaZip.Core.Windows.pdb

Imports

comctl32

ord413
ord345
ord410

kernel32

GetModuleFileNameW
FreeLibrary
LoadLibraryExW
FormatMessageW
LocalFree
GlobalAlloc
GlobalFree
GetSystemDirectoryW
GetVersion
CreateDirectoryW
CreateFileW
CreateEventW
CloseHandle
QueryPerformanceCounter
MultiByteToWideChar
GetCurrentThreadId
GetCurrentThread
MulDiv
VirtualProtect
VirtualFree
VirtualAlloc
SuspendThread
ResumeThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
RemoveDirectoryW
SetFileTime
GlobalLock
SetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
GetCurrentProcessId
MoveFileW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetModuleHandleA
GetLogicalDriveStringsW
SetFilePointer
SetEndOfFile
GetFileSize
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatus
FileTimeToSystemTime
FileTimeToLocalFileTime
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
SetEvent
ResetEvent
CreateSemaphoreW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetLastError
GetProcAddress
GetModuleHandleExW
ExitProcess
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetTickCount
Sleep
GetModuleHandleW
GlobalUnlock
GetCommandLineW
GetVersionExW
ReadFile
GetStdHandle
WaitForMultipleObjects
GetCurrentProcess
SetPriorityClass
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CompareFileTime
GetLastError
GetFileInformationByHandle
WriteFile

user32

GetMenuBarInfo
CallNextHookEx
FillRect
EnumChildWindows
GetDpiForWindow
GetMenu
GetMenuItemInfoW
CharUpperW
LoadIconW
GetClientRect
GetSysColorBrush
ReleaseDC
GetWindowTextLengthW
OffsetRect
GetWindowLongW
MonitorFromWindow
GetMonitorInfoA
MapDialogRect
SetWindowLongW
SystemParametersInfoW
DialogBoxParamW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
MapWindowPoints
FrameRect
GetSysColor
GetClassNameW
GetWindowDC
LoadStringW
EnableWindow
InvalidateRect
GetDlgItem
SetFocus
MoveWindow
SetDlgItemTextW
ShowWindow
SetTimer
LoadCursorW
SetCursor
KillTimer
GetParent
SetWindowsHookExW
SetWindowTextW
EndDialog
SendMessageW
GetFocus
PostMessageW
GetKeyState
ScreenToClient
GetWindowRect
CheckDlgButton
IsDlgButtonChecked
GetWindowTextW

gdi32

SetTextColor
GetStockObject
SetBkColor
CreateSolidBrush

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetFileInfoW
SHCreateItemFromParsingName
SHGetIDListFromObject

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
OleInitialize

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
SysAllocString

dwmapi

DwmGetWindowAttribute
DwmExtendFrameIntoClientArea
DwmSetWindowAttribute

uxtheme

SetWindowTheme
DrawThemeBackground
GetWindowTheme
DrawThemeTextEx
DrawThemeText
OpenThemeData
CloseThemeData

msvcrt

abort
_errno
realloc
free
malloc
_callnewh
_initterm
_initterm_e
_set_fmode
__p__commode
_controlfp_s
strcpy_s
__getmainargs
_msize
?terminate@@YAXXZ
_XcptFilter
__set_app_type
_ismbblead
_acmdln
?_set_new_mode@@YAHH@Z
_beginthreadex
_except_handler4_common
memset
_CxxThrowException
wcsstr
__CxxFrameHandler3
memmove
memcpy
_amsg_exit

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

e67a2cf3d892fef95a63308edc50bda6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dwmapi

uxtheme

msvcrt

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 4KB - Virtual size: 27KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 381KB - Virtual size: 380KB

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 4KB - Virtual size: 27KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 381KB - Virtual size: 380KB