987afb1d1f65e4a90e60df62be361e6f742f79fdf39925743019e3d3677b07a9

Sharing

Copy URL

Twitter E-mail

General

Target

987afb1d1f65e4a90e60df62be361e6f742f79fdf39925743019e3d3677b07a9
Size

697KB
MD5

0c8de4ad1c6603103c4dcc397ae9b160
SHA1

3f595d8e4ce2e0477f02b06e7c1ade90e5185662
SHA256

987afb1d1f65e4a90e60df62be361e6f742f79fdf39925743019e3d3677b07a9
SHA512

674916f14a5241b4821575a80f9840a87b3c7ed60934fb58fb537c03d0885c4dd256acedee5ff561b43778d392db886d4aae9c01e974d17ecc9a4428239e93e0
SSDEEP

12288:/bPKHF/OLM7SK0aEajzPPuyvhXbDXF6bQz86OZvWTcu/vuvM9pd:TCHF/B7SK7jzP2gBvIbd6OUTczvwd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
987afb1d1f65e4a90e60df62be361e6f742f79fdf39925743019e3d3677b07a9

Files

987afb1d1f65e4a90e60df62be361e6f742f79fdf39925743019e3d3677b07a9
.exe windows:4 windows x86 arch:x86

4119f30d6abefe68bc65b29270e78e19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\Poker\Installer\PokerInstaller-1.1.2\Project\Installer\release\WebInstaller.pdb

Imports

kernel32

lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
GetModuleHandleA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetFileAttributesW
SetErrorMode
GetStartupInfoW
GetDriveTypeW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetDriveTypeA
FindFirstFileA
DeleteFileA
MoveFileA
RtlUnwind
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
CompareStringA
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
MulDiv
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
FreeLibrary
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetVersionExA
GetThreadLocale
InterlockedIncrement
ReleaseMutex
SetFilePointer
GetCurrentThreadId
GetLocalTime
CopyFileW
GetVolumePathNameW
InitializeCriticalSection
RaiseException
DeleteCriticalSection
CreateFileW
SetFileAttributesA
CreateThread
ResumeThread
SuspendThread
Sleep
FindNextFileW
FindFirstFileW
LocalFree
FormatMessageW
InterlockedCompareExchange
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLongPathNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetDiskFreeSpaceExW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CreateDirectoryA
WriteFile
CreateFileA
lstrcpyA
GetFileAttributesA
GetFullPathNameA
lstrlenA
GetModuleFileNameW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcatW
CreateDirectoryW
GetTempPathW
VerifyVersionInfoW
VerSetConditionMask
HeapFree
GetProcessHeap
HeapAlloc
GetLocaleInfoW
GetTickCount
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CreateMutexW
CloseHandle
MultiByteToWideChar
VirtualProtect
WideCharToMultiByte

user32

LoadCursorW
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
CharUpperW
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
ReleaseCapture
GetDesktopWindow
SetCapture
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
SetRect
IsRectEmpty
CopyAcceleratorTableW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
UnregisterClassW
EqualRect
MessageBeep
GetNextDlgGroupItem
PostThreadMessageW
SetWindowPlacement
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetDlgItem
GetParent
OffsetRect
PtInRect
CopyRect
GetDlgCtrlID
GetWindow
CharNextW
IsWindow
DrawIcon
GetClientRect
GetSystemMetrics
SendMessageW
IsIconic
GetKeyState
LoadIconW
GetWindowLongW
KillTimer
SetTimer
wsprintfW
EnumWindows
PostMessageW
IsWindowEnabled
GetWindowTextW
EnableWindow
GetClassNameW
UnregisterClassA

gdi32

ExtSelectClipRgn
DeleteDC
GetMapMode
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetStockObject
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetRgnBox
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextColor
GetBkColor
GetDeviceCaps
GetObjectW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringLen
SafeArrayDestroy
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantInit
SysAllocString
SysFreeString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersAddresses

ws2_32

inet_ntoa
WSACleanup
WSAStartup
gethostbyname
gethostname

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
InternetCheckConnectionW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetOpenUrlW
InternetSetOptionExW
InternetCrackUrlW

Sections

.text
Size: 496KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4119f30d6abefe68bc65b29270e78e19

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

iphlpapi

ws2_32

wininet

Sections

.text Size: 496KB - Virtual size: 494KB

.rdata Size: 136KB - Virtual size: 134KB

.data Size: 16KB - Virtual size: 48KB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: 496KB - Virtual size: 494KB

.rdata
Size: 136KB - Virtual size: 134KB

.data
Size: 16KB - Virtual size: 48KB

.rsrc
Size: 44KB - Virtual size: 42KB