KonBootInstaller[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

KonBootInstaller.exe
Size

194KB
MD5

a91d7accce50352f3fb8ecbefef5c935
SHA1

a3d301dd371ef3704c7ecd50ed321fc3d7c4daf7
SHA256

b7a8a43d7bb586a8406c9a4084a5441224cff50079e9d11ad48b0bcb66ad91f1
SHA512

4c1cd4ef331cf6ff129097292f3b724786b387aa86501471d7106b7d386b3b4d05eb50f7c70810e935a89bf6ecda15b6bbddb56e761d13b0b35ebc6acd21b2e1
SSDEEP

3072:uk0wWkRACCIseCvBZ8gtCwlhfQFaBjYe/JpmM:uk0wWkmCCIsvBZ8gBlYSmM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KonBootInstaller.exe

Files

KonBootInstaller.exe
.exe windows:5 windows x86 arch:x86

Password: infected

758482ea5c46eab53f6628777bcc28fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\projekty\KonBootInstaller\Release\KonBootInstaller.pdb

Imports

kernel32

_lclose
_lcreat
GetFileAttributesA
CreateProcessA
GetCurrentDirectoryA
CloseHandle
DeleteFileA
CreateFileA
Sleep
GetExitCodeProcess
CreateDirectoryA
GetStartupInfoA
CopyFileA
DeviceIoControl
WaitForSingleObject
CreateFileW
FlushFileBuffers
LCMapStringW
GetStringTypeW
SetStdHandle
RtlUnwind
HeapAlloc
HeapQueryInformation
_lwrite
ExitProcess
GetLastError
HeapSize
HeapReAlloc
HeapFree
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
WriteConsoleW
OutputDebugStringA
LoadLibraryW
LoadLibraryExW
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
EncodePointer
DecodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleFileNameW
GetModuleHandleExW
InterlockedDecrement
GetProcAddress
MultiByteToWideChar
HeapValidate
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetLastError
InterlockedIncrement
GetCurrentThreadId
GetStdHandle
WriteFile
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
RaiseException

user32

GetMessageA
MessageBoxA
TranslateMessage
IsDialogMessageA
SendMessageA
wsprintfA
DispatchMessageA
ShowWindow
LoadIconA
PostQuitMessage
SetWindowTextA
DestroyWindow
CreateDialogParamA
GetDlgItem

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoInitializeEx

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile
InternetConnectA
HttpQueryInfoA

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

758482ea5c46eab53f6628777bcc28fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

setupapi

wininet

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 4KB - Virtual size: 24KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 24KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 27KB - Virtual size: 27KB