MiniWndSpy_Setup-AMD64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MiniWndSpy_Setup-AMD64.exe
Size

102KB
MD5

21feb97416bec6015bfffb423aac6168
SHA1

07a27f74fab30de78e0f84b472272d907d14187d
SHA256

301216ae0813ac00225d55881aa343488077f0e53e6fc7a4a4e5fbdfe1f060e4
SHA512

fe2bc0782891d985da8ea5880f39fd05935689271b5df14c30b4969280683f1fbe6baf607027c42d1e6679fcc8667089c6163d7b7968d205cc639aaae5055611
SSDEEP

1536:Vrk5pagSusGeKWHXPeTqOkMa+gsODY/04mKNXP8on+83kf/9j9uxdePHF1FF:aqru9WHfeTSMpf/0cZn+80f/ieH73

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
MiniWndSpy_Setup-AMD64.exe
unpack001/MiniWndSpy.exe
unpack001/MiniWndSpyUninst.exe

Files

MiniWndSpy_Setup-AMD64.exe
.exe windows:4 windows x64 arch:x64

Password: infected

c782d4a14c1861b12fdb680dad99c0bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegDeleteKeyExW
RegEnumKeyW
RegCloseKey
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegCreateKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderLocation
ShellExecuteExW
ord147
SHFileOperationW

ole32

OleUninitialize
CoCreateInstance
CoTaskMemFree
OleInitialize

comctl32

ord17
ImageList_Destroy
ImageList_AddMasked
ImageList_Create

user32

IsWindowEnabled
SetClassLongPtrW
GetSystemMenu
EnableMenuItem
EndDialog
GetSystemMetrics
CreatePopupMenu
AppendMenuW
GetWindowRect
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
ScreenToClient
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongPtrW
GetSysColor
CharNextW
SetWindowPos
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongPtrW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
DialogBoxParamW
GetClassInfoW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
PeekMessageW
ExitWindowsEx
DispatchMessageW
CreateWindowExW

gdi32

GetDeviceCaps
SetBkColor
SelectObject
CreateBrushIndirect
DeleteObject
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

CreateProcessW
CreateFileW
GetTempFileNameW
CreateDirectoryW
GetLastError
GetUserDefaultUILanguage
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceExW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
RemoveDirectoryW
SetEnvironmentVariableW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MiniWndSpy.exe
.exe windows:4 windows x64 arch:x64

Password: infected

5c62e2d5e93d9898430ff39e91009093

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrlenW
GetStartupInfoW
WritePrivateProfileStringW
GetLastError
GetModuleFileNameW
LoadLibraryA
lstrcmpiW
GetCurrentProcessId
WritePrivateProfileStructW
FormatMessageW
GetPrivateProfileStructW
GetPrivateProfileStringW
GetProcAddress
ExitProcess

user32

MapWindowPoints
SendMessageW
SetWindowLongPtrW
IsWindowVisible
GetSystemMetrics
RegisterClassW
MessageBoxW
UnhookWindowsHookEx
AdjustWindowRectEx
EqualRect
SetWindowsHookExW
GetKeyNameTextW
CreateWindowExW
IsWindow
AppendMenuA
SendMessageTimeoutW
CreatePopupMenu
EnumPropsExW
ShowWindow
EnumChildWindows
GetCursorPos
SetWindowPos
GetDesktopWindow
EnableWindow
GetMenuState
MonitorFromWindow
ReleaseDC
GetClassNameW
GetWindowTextW
GetClassLongPtrW
GetAncestor
InvalidateRect
GetWindowPlacement
IsDialogMessageW
GetForegroundWindow
TranslateMessage
GetDC
wsprintfW
PtInRect
SetFocus
GetClientRect
GetWindowLongPtrW
WindowFromPoint
IsWindowEnabled
MessageBeep
GetWindowInfo
CallNextHookEx
IsHungAppWindow
GetFocus
GetKeyState
KillTimer
PostMessageW
LoadImageW
IsChild
ShowWindowAsync
TrackPopupMenu
GetMessageW
GetWindowRect
SetTimer
MapVirtualKeyW
SetWindowPlacement
DestroyMenu
GetMonitorInfoW
DefWindowProcW
GetWindowThreadProcessId
GetWindow
MonitorFromRect
DispatchMessageW
IsWindowUnicode

gdi32

GetDeviceCaps

comctl32

ImageList_LoadImageA
InitCommonControlsEx
ImageList_Destroy

uxtheme

SetWindowTheme

shell32

SHGetFolderPathW

msvcrt

qsort
strcmp
swscanf

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 507B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MiniWndSpyUninst.exe
.exe windows:4 windows x64 arch:x64

Password: infected

c782d4a14c1861b12fdb680dad99c0bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegDeleteKeyExW
RegEnumKeyW
RegCloseKey
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegCreateKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderLocation
ShellExecuteExW
ord147
SHFileOperationW

ole32

OleUninitialize
CoCreateInstance
CoTaskMemFree
OleInitialize

comctl32

ord17
ImageList_Destroy
ImageList_AddMasked
ImageList_Create

user32

IsWindowEnabled
SetClassLongPtrW
GetSystemMenu
EnableMenuItem
EndDialog
GetSystemMetrics
CreatePopupMenu
AppendMenuW
GetWindowRect
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
ScreenToClient
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongPtrW
GetSysColor
CharNextW
SetWindowPos
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongPtrW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
DialogBoxParamW
GetClassInfoW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
PeekMessageW
ExitWindowsEx
DispatchMessageW
CreateWindowExW

gdi32

GetDeviceCaps
SetBkColor
SelectObject
CreateBrushIndirect
DeleteObject
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

CreateProcessW
CreateFileW
GetTempFileNameW
CreateDirectoryW
GetLastError
GetUserDefaultUILanguage
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceExW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
RemoveDirectoryW
SetEnvironmentVariableW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c782d4a14c1861b12fdb680dad99c0bc

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 123KB

.pdata Size: 1024B - Virtual size: 876B

.ndata Size: - Virtual size: 68KB

.rsrc Size: 8KB - Virtual size: 7KB

Password: infected

5c62e2d5e93d9898430ff39e91009093

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

uxtheme

shell32

msvcrt

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 507B

.pdata Size: 512B - Virtual size: 408B

.rsrc Size: 58KB - Virtual size: 58KB

Password: infected

c782d4a14c1861b12fdb680dad99c0bc

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 123KB

.pdata Size: 1024B - Virtual size: 876B

.ndata Size: - Virtual size: 68KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 123KB

.pdata
Size: 1024B - Virtual size: 876B

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 8KB - Virtual size: 7KB

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 507B

.pdata
Size: 512B - Virtual size: 408B

.rsrc
Size: 58KB - Virtual size: 58KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 123KB

.pdata
Size: 1024B - Virtual size: 876B

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 8KB - Virtual size: 7KB