mt5setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mt5setup.exe
Size

4.8MB
MD5

b8f647c8abc57dc4372acb5510ea7e4f
SHA1

be3bc092fecfaef76e35a654b128623273714ea9
SHA256

3764bf3ef60e3d1de6872b70a7d379cf0caa6e1568b186d8cc8b9ecca19859cb
SHA512

aaa7d96fc1a84851ef0d0b864371fa5501a2fd8f795df47fb4ee3f847e2780fb7fd630efff9584aad7087bcd6fee9d5c63d08ad6b4353ae1979cc86fb682fe76
SSDEEP

98304:shRUJRVOlEYJykc36VeOzRz9zLFECKnrhS3tO8/5w8+cdibkrXlI9Q:eUR6EYRcKVJBtAVS9OU5Gcdi2Xi9Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mt5setup.exe

Files

mt5setup.exe
.exe windows:6 windows x64 arch:x64

d2d0d8639f92384364d6a5bede00fa1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\workspace\MetaTrader5\Build\Installers\Distributive Core\Release64\core.pdb

Imports

ws2_32

select
ioctlsocket
WSAGetLastError
shutdown
bind
htons
WSAStartup
WSACleanup
InetPtonW
setsockopt
recv
send
closesocket

CertGetNameStringW
FindFirstFileW
FindNextFileW
FileTimeToDosDateTime
GetModuleHandleW
SizeofResource
FindResourceW
InitializeCriticalSectionEx
OpenThread
CreateToolhelp32Snapshot
GetCurrentThread
FindResourceExW
GetEnvironmentVariableW
AddVectoredExceptionHandler
LocalFree
HeapSize
lstrlenW
VerifyVersionInfoW
GlobalFree
GlobalAlloc
FreeResource
EnumResourceNamesW
CreateProcessW
MoveFileExW
EnterCriticalSection
Process32FirstW
K32GetProcessImageFileNameW
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
IsDebuggerPresent
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
FlsSetValue
FlsFree
VirtualProtect
DosDateTimeToFileTime
HeapFree
LoadLibraryExW
GetProcAddress
GetVolumeInformationW
GetSystemInfo
GetCPInfo
GetStringTypeW
GetOEMCP
GetConsoleMode
GetVersionExW
GetUserDefaultUILanguage
GetModuleFileNameW
InitializeCriticalSection
MultiByteToWideChar
GetTickCount64
AcquireSRWLockExclusive
HeapDestroy
GetFileAttributesW
CreateDirectoryW
SetEndOfFile
SystemTimeToFileTime
GetCurrentThreadId
CreateFileW
LeaveCriticalSection
lstrcmpW
GetCommandLineA
GetEnvironmentStringsW
WriteConsoleW
SleepConditionVariableSRW
RtlLookupFunctionEntry
GetDiskFreeSpaceExW
SetTextColor
ExtTextOutW
SetBkColor
GetStockObject
GdiGradientFill
GetTextExtentPointW
SaveDC
PathCanonicalizeW
StackWalk64
SymLoadModule64
SymGetOptions
SymSetOptions
SymGetModuleBase64
SymInitialize
GetModuleHandleA
TerminateProcess
GetCurrentProcess
Thread32First
GetCurrentThreadId
OpenThread
CloseHandle
WriteProcessMemory
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
FileTimeToSystemTime
HeapAlloc
GetProcAddress
EnterCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
GetThreadLocale
GetSystemDefaultLCID
EnumResourceLanguagesW
EnumResourceTypesA
LoadLibraryW
GetLastError
FlushFileBuffers
GetACP
EncodePointer
DecodePointer
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlUnwindEx
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetStringTypeA
GetLocaleInfoA
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

ShowWindow
MessageBoxW
MoveWindow
PostQuitMessage
SetWindowTextW
MonitorFromWindow
EnableWindow
LoadIconW
DialogBoxParamW
LoadStringW
RegisterClassExW
GetClassInfoExW
IsWindowVisible
SetWindowLongW
CreateWindowExW
BeginPaint
DrawFocusRect
SetCursor
TrackMouseEvent
GetCursorPos
GetDC
GetWindowLongW
OffsetRect
InvalidateRect
CallWindowProcW
GetWindowLongPtrW
GetSysColor
PtInRect
SetCapture
GetDlgCtrlID
GetClientRect
PostMessageA
KillTimer

advapi32

OpenProcessToken
GetAclInformation
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
FreeSid
RegEnumKeyW
OpenSCManagerW
EnumServicesStatusW
QueryServiceConfigW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
VariantClear
VarUI4FromStr

fcomctl32

DestroyPropertySheetPage
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Destroy

1gdiplus

GdipDisposeImage
GdipCreateBitmapFromStream

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 61.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cod0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cod1
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cod2
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 155KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2d0d8639f92384364d6a5bede00fa1d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

user32

advapi32

shell32

ole32

oleaut32

fcomctl32

1gdiplus

Sections

.text Size: - Virtual size: 1.4MB

.rdata Size: - Virtual size: 723KB

.data Size: - Virtual size: 61.6MB

.pdata Size: - Virtual size: 58KB

_RDATA Size: - Virtual size: 500B

.fptable Size: - Virtual size: 256B

.cod0 Size: - Virtual size: 1.9MB

.cod1 Size: 5KB - Virtual size: 4KB

.cod2 Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 512B - Virtual size: 80B

.rsrc Size: 155KB - Virtual size: 1.6MB

.text
Size: - Virtual size: 1.4MB

.rdata
Size: - Virtual size: 723KB

.data
Size: - Virtual size: 61.6MB

.pdata
Size: - Virtual size: 58KB

_RDATA
Size: - Virtual size: 500B

.fptable
Size: - Virtual size: 256B

.cod0
Size: - Virtual size: 1.9MB

.cod1
Size: 5KB - Virtual size: 4KB

.cod2
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 512B - Virtual size: 80B

.rsrc
Size: 155KB - Virtual size: 1.6MB