ie4uinit[.]exe

Resubmissions

22/08/2024, 18:50

240822-xg4h2avdnm 3

22/08/2024, 18:17

240822-wwzyqa1bna 3

Sharing

Copy URL Twitter E-mail

General

Target

ie4uinit.exe
Size

262KB
MD5

a2f0104edd80ca2c24c24356d5eacc4f
SHA1

8269b9fd9231f04ed47419bd565c69dc677fab56
SHA256

5d85c4d62cc26996826b9d96a9153f7e05a2260342bd913b3730610a1809203c
SHA512

e7bb87f9f6c82cb945b95f62695be98b3fa827a24fa8c4187fe836d4e7d3e7ae3b95101edd3c41d65f6cb684910f5954a67307d450072acd8d475212db094390
SSDEEP

6144:mFyckgZT4GkKQ/ns29WrP9iWNGTXlH0gC5lBJ:mFywZT4j/nsNylY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ie4uinit.exe

Files

ie4uinit.exe
.exe windows:10 windows x64 arch:x64

b3cb43127093e9942a2b65d8a4a552ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ie4uinit.pdb

Imports

advapi32

RegQueryValueExW
RegEnumValueW
ConvertSidToStringSidW
EventUnregister
RegOpenKeyExW
FreeSid
RegSetValueExW
EventSetInformation
RegCreateKeyExW
EventRegister
RegCloseKey
RegSetValueW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
OpenThreadToken
GetTokenInformation
CryptSetKeyParam
CryptDeriveKey
CryptGetKeyParam
CryptEncrypt
CryptDestroyKey
CryptVerifySignatureW
CryptSetHashParam
CryptGenRandom
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
RegGetValueW
EventWriteTransfer
EventWriteEx
GetSecurityDescriptorSacl
GetAce
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
ConvertStringSidToSidW
IsValidSid
OpenProcessToken
GetKernelObjectSecurity
AddAccessAllowedAceEx
GetLengthSid

kernel32

OpenFileMappingW
SetErrorMode
GetModuleFileNameW
HeapFree
GetExitCodeProcess
GetTempFileNameW
DuplicateHandle
GetTempPathW
CompareStringOrdinal
ExpandEnvironmentStringsW
GetStdHandle
GetLocalTime
CreateThread
SetEvent
FormatMessageW
CreateEventW
WaitForSingleObject
SetFilePointer
lstrcmpW
DelayLoadFailureHook
ResolveDelayLoadedAPI
CreateFile2
RemoveDirectoryW
GetCurrentThread
QueueUserWorkItem
QueryPerformanceFrequency
FlushViewOfFile
SystemTimeToFileTime
GetTickCount
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemTime
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
SetEndOfFile
LCMapStringW
GetFullPathNameW
OpenMutexW
GetFileSizeEx
SetFileTime
UnmapViewOfFile
MultiByteToWideChar
CreateMutexW
LocaleNameToLCID
DeleteCriticalSection
AcquireSRWLockShared
LoadLibraryW
CreateThreadpoolTimer
GetSystemInfo
ReleaseSRWLockShared
SetThreadpoolTimer
InitOnceComplete
CloseThreadpoolTimer
GetUserPreferredUILanguages
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
GetProductInfo
EnterCriticalSection
InitOnceBeginInitialize
GetFileAttributesW
IsDebuggerPresent
DebugBreak
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ReleaseMutex
GetModuleHandleExW
ReleaseSemaphore
SetLastError
CreateSemaphoreExW
GetModuleFileNameA
WideCharToMultiByte
GetNativeSystemInfo
IsWow64Process
InitOnceExecuteOnce
FindResourceW
LoadResource
CloseHandle
DeleteFileW
LockResource
GetVersionExA
SetFileAttributesW
GetVersionExW
CreateFileW
FindClose
GetShortPathNameW
WriteFile
GetCurrentProcess
FindNextFileW
SetPriorityClass
FindFirstFileExW
FindFirstFileW
SizeofResource
ReadFile
LoadLibraryExW
VerifyVersionInfoW
FreeLibrary
GetModuleHandleW
GetProcessHeap
VerSetConditionMask
LocalFree
GetProcAddress
HeapAlloc
HeapSetInformation
RaiseException
GetLastError
Sleep
GetSystemDirectoryW
GetEnvironmentVariableW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RaiseFailFastException

user32

CharNextW
GetMessageW
PostThreadMessageW
PostMessageW
LoadStringW
GetShellWindow
SendMessageTimeoutW

msvcrt

rand_s
isalnum
strnlen
wcsnlen
wcsncpy_s
_vsnwprintf_s
memmove_s
wcscat_s
wcscpy_s
wcsncmp
wcschr
_wtoi
_wcsicmp
_wcsnicmp
wcsrchr
swscanf_s
sprintf_s
_wfopen_s
fclose
fgetws
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
iswalpha
_time64
memcpy_s
_vsnwprintf
_CxxThrowException
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
memcmp
_ultow_s
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
memset

shell32

ord526
CommandLineToArgvW
SHGetKnownFolderPath
SHChangeNotify
SHCreateItemFromParsingName
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetDesktopFolder
ord190
SHSetLocalizedName
SHGetSpecialFolderLocation
ord165
ord155

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtClose
NtQueryLicenseValue

ieadvpack

ExecuteCabW

shlwapi

StrCmpIW
SHRegSetUSValueW
StrCmpNIW
SHRegDeleteUSValueW
SHCopyKeyW
StrStrW
ord388
PathFileExistsW
SHDeleteKeyW
UrlApplySchemeW
UrlCreateFromPathW
UrlCanonicalizeW
PathIsURLW
StrCmpNIA
ord158
PathRemoveBlanksW
PathFindFileNameW
PathRemoveExtensionW
SHGetValueW
SHSetValueW
StrTrimW
SHDeleteValueW
ord2
ord487
SHRegGetUSValueW
StrCmpNA
StrCmpNW
UrlEscapeW
UrlUnescapeW
StrCmpW
ord433
ord219
StrStrIW
SHStrDupW
PathIsNetworkPathW

iertutil

ord134
ord50
ord791
ord33
ord38
ord85
ord79
ord91
ord74
ord81
ord90
ord76
ord682
ord796
ord701
ord37
ord99
ord149
ord57
ord820
ord656
ord675
ord690
ord651
ord655
ord657
ord650
ord678
ord653
ord660
ord677
ord672
ord662
ord652
ord654
ord793
ord78
ord597
ord398
ord594
ord139
ord281
ord282
ord665

oleaut32

VariantInit
SysFreeString
VarBstrCat
SysAllocString
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VariantClear
VarBstrCmp

ole32

CoTaskMemFree
OleInitialize
CoInitializeEx
PropVariantClear
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CoUninitialize
CoCreateGuid
StringFromGUID2

iedkcs32

BrandIEActiveSetup

kernelbase

GetSystemDefaultLocaleName
GetUserDefaultLocaleName
LocalAlloc
OpenGlobalizationUserSettingsKey

crypt32

CertGetCertificateContextProperty
CryptStringToBinaryA
CryptBinaryToStringA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CryptStringToBinaryW
CertGetNameStringW
CertOpenStore
CertCreateCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CryptImportPublicKeyInfo
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertFreeCertificateChain
CryptHashCertificate

urlmon

CreateUri
CreateIUriBuilder
ord410

wininet

InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetOpenW
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
InternetCanonicalizeUrlW
InternetCrackUrlW

netapi32

NetGetJoinInformation
NetApiBufferFree

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

mlang

ord123

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b3cb43127093e9942a2b65d8a4a552ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

shell32

ntdll

ieadvpack

shlwapi

iertutil

oleaut32

ole32

iedkcs32

kernelbase

crypt32

urlmon

wininet

netapi32

version

mlang

Sections

.text Size: 181KB - Virtual size: 180KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 181KB - Virtual size: 180KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB