1ec4c7e5e84e04097a1e8b502276db25d03c8ca7c6ac74516a6259adec3b221b

Sharing

Copy URL Twitter E-mail

General

Target

1ec4c7e5e84e04097a1e8b502276db25d03c8ca7c6ac74516a6259adec3b221b
Size

972KB
MD5

df3950d31cf726aa4082ca84908148df
SHA1

8cb7cc1aa75d1a2071eb4fe3cb388e2685698f44
SHA256

1ec4c7e5e84e04097a1e8b502276db25d03c8ca7c6ac74516a6259adec3b221b
SHA512

c6f8aea5d65008cc0a9111488a3825dd271d701bbda4b88030a8d930595855f0310e493386fc0633ea3204b73c9e4545aa1297069ce9c999cafced9aa3765129
SSDEEP

12288:Dkfjw5xGTB9JtBHPgKT0wJLcindgcNOTWPEzKsZ7LN7f4:DkE5xKPgKPnndgcsKgXNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ec4c7e5e84e04097a1e8b502276db25d03c8ca7c6ac74516a6259adec3b221b

Files

1ec4c7e5e84e04097a1e8b502276db25d03c8ca7c6ac74516a6259adec3b221b
.exe windows:5 windows x86 arch:x86

0122ef82ab6bab2669c51d8ee88262ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hzq\chromium-49.0.2623.112\src\out\release\setup.exe.pdb

Imports

advapi32

RegLoadKeyW
RegUnLoadKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
RegEnumValueW
RegEnumValueA
GetTokenInformation
GetUserNameW
RegQueryValueExW
RegSetValueExW
GetFileSecurityW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegQueryInfoKeyW
CreateProcessAsUserW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertSidToStringSidW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
SystemFunction036

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

ntohl

winmm

timeGetTime

shlwapi

UrlCanonicalizeW

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetACP
GetLastError
SetLastError
WaitForSingleObject
OpenProcess
ExpandEnvironmentStringsW
CloseHandle
QueueUserAPC
GetCurrentProcess
TerminateProcess
ResumeThread
CreateProcessW
SetPriorityClass
GetPriorityClass
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryW
ReleaseMutex
CreateMutexW
SetFileAttributesW
GetExitCodeProcess
CreateFileW
GetFileAttributesW
GetFileAttributesExW
GetShortPathNameW
MoveFileExW
CompareStringW
DuplicateHandle
GetCurrentThreadId
GetFileInformationByHandle
GetDateFormatW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
ReadFile
SetFilePointer
SetFileTime
WriteFile
RemoveDirectoryW
GetSystemTimeAsFileTime
LocalFree
WTSGetActiveConsoleSessionId
LoadLibraryExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
DeleteFileW
GetCurrentProcessId
FormatMessageA
GetTickCount
Sleep
CreateThread
IsDebuggerPresent
GetCommandLineW
GetUserDefaultLangID
CreateDirectoryW
GetLongPathNameW
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
CopyFileW
GetTempFileNameW
GetStdHandle
AssignProcessToJobObject
HeapSetInformation
GetModuleHandleA
CreateEventW
GetVersionExW
GetNativeSystemInfo
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
SetEnvironmentVariableW
GetEnvironmentVariableW
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
RtlCaptureStackBackTrace
GetUserDefaultUILanguage
GetLocaleInfoW
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
GetProcessId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemDirectoryW
GetWindowsDirectoryW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
SetUnhandledExceptionFilter
WaitForMultipleObjects
SetEvent
ResetEvent
GetSystemInfo
VirtualQueryEx
CreateRemoteThread
VirtualProtect
VirtualFreeEx
FormatMessageW
RtlCaptureContext
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
HeapReAlloc
HeapFree
HeapAlloc
PeekNamedPipe
GetDriveTypeW
ExitProcess
GetFileType
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
LCMapStringW
EncodePointer
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
VirtualQuery
HeapSize

ole32

CoUninitialize
PropVariantClear
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoAllowSetForegroundWindow

oleaut32

SysAllocString
SysFreeString
VariantInit
SysStringLen
VariantClear

user32

wsprintfW
CharUpperW
SetWindowsHookExW
SetWindowLongW
GetWindowLongW
SendMessageW
GetWindowThreadProcessId
FindWindowW
IsWindow
SendMessageTimeoutW
MessageBoxW
GetMonitorInfoW
MonitorFromWindow
SetForegroundWindow
MoveWindow
DestroyWindow
CreateWindowExW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx

urlmon

CreateURLMonikerEx

wtsapi32

WTSQueryUserToken

userenv

GetProfileType
DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
CrashForException
DumpProcess
DumpProcessWithoutCrash
GetHandleVerifier
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
SetCrashKeyValueImpl
TerminateProcessWithoutDump

Sections

.text
Size: 577KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0122ef82ab6bab2669c51d8ee88262ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

version

ws2_32

winmm

shlwapi

kernel32

ole32

oleaut32

user32

urlmon

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 577KB - Virtual size: 576KB

.rdata Size: 176KB - Virtual size: 176KB

.data Size: 4KB - Virtual size: 21KB

.gfids Size: 1024B - Virtual size: 820B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 190KB - Virtual size: 189KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 577KB - Virtual size: 576KB

.rdata
Size: 176KB - Virtual size: 176KB

.data
Size: 4KB - Virtual size: 21KB

.gfids
Size: 1024B - Virtual size: 820B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 190KB - Virtual size: 189KB

.reloc
Size: 22KB - Virtual size: 22KB