安装包-uninsta-3[.]5[.]4[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

安装包-uninsta-3.5.4.exe
Size

8.8MB
MD5

5800bf3bd0c35e1fa886bb1a72861a14
SHA1

2de9678b1d5bc62a8ac4174d60aac929a6349ae5
SHA256

05c45c7e01ba265b8efbffefe3833088455cd01e47e325f722024aa8c87d8feb
SHA512

836c1adcd075fba4d0996f47a5665199ad379a382252a88eaaa7b874cb47597160b95e84dc1d4ad8ccc2b9c1e186ab3db15a5c1d9a5f5b3839430d668ef7d906
SSDEEP

98304:H+D1bpLwtG/ma5IJyX4TOxIlr4FDb0tjefFMg6y:HobpLd5OJyoTOxIx4Fv0tK9C

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
安装包-uninsta-3.5.4.exe

Files

安装包-uninsta-3.5.4.exe
.exe windows:6 windows x64 arch:x64

219e97a42d145725cbe8b4b0a8646ab3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
GetTickCount64
GetModuleHandleW
SetFileCompletionNotificationModes
EnterCriticalSection
InitializeCriticalSection
SetConsoleTextAttribute
GetLastError
RaiseException
GetHandleInformation
SetThreadAffinityMask
GetProcessAffinityMask
SetThreadPriority
RtlUnwind
CreateMutexA
GetConsoleScreenBufferInfo
CreatePipe
OpenProcess
GetCurrentProcessId
GetExitCodeProcess
GetProcessTimes
DuplicateHandle
SetDllDirectoryW
GetFileSize
TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObject
IsDebuggerPresent
SetHandleInformation
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
Sleep
SetEvent
GetConsoleWindow
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
VirtualProtectEx
GetCurrentProcess
CreateEventA
GetProcessHeap
HeapFree
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
WriteConsoleW
HeapSize
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
DeleteCriticalSection
CreateProcessW
LeaveCriticalSection
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
ReleaseSemaphore
GetSystemInfo
OpenEventA
ResetEvent
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetLogicalDriveStringsW
GetLongPathNameW
GetTempPathW
GetSystemDirectoryW
GetModuleFileNameW
CreateDirectoryW
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
CopyFileW
MoveFileExW
CreateHardLinkW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExW
GetComputerNameW
FindClose
FindFirstFileW
FindNextFileW
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
GetSystemDirectoryA
CreateSemaphoreA
GetACP
GetStdHandle
GetFileType
WriteFile
RtlVirtualUnwind
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
ExitProcess
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
SetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FindFirstFileExW
IsValidCodePage
EnumSystemFirmwareTables

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
ShowWindow

advapi32

RegSetValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW

mswsock

TransmitFile

ws2_32

gethostname
WSASendTo
WSASend
WSARecvFrom
WSARecv
socket
shutdown
getservbyname
sendto
recvfrom
inet_ntoa
inet_addr
freeaddrinfo
getaddrinfo
ntohl
WSAIoctl
select
getpeername
getnameinfo
WSASocketA
WSACleanup
WSAStartup
setsockopt
send
recv
listen
htons
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError
WSAPoll
WSASetLastError
gethostbyaddr
getservbyport
gethostbyname
ntohs

iphlpapi

if_indextoname
GetAdaptersAddresses

crypt32

CertOpenSystemStoreW
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

219e97a42d145725cbe8b4b0a8646ab3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

mswsock

ws2_32

iphlpapi

crypt32

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 87KB - Virtual size: 111KB

.pdata Size: 342KB - Virtual size: 341KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 60KB - Virtual size: 59KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 87KB - Virtual size: 111KB

.pdata
Size: 342KB - Virtual size: 341KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 1KB - Virtual size: 1KB