0f698b8e7bbada0f489a3324e42deab181dd6f4cc484ee19089b1e294c45c636

Sharing

Copy URL

Twitter E-mail

General

Target

0f698b8e7bbada0f489a3324e42deab181dd6f4cc484ee19089b1e294c45c636
Size

4.8MB
MD5

a83c7e551c21ee1761a48b858d480c93
SHA1

ce490bd1b1bb2e4c52b9076ded89ce4ce2646877
SHA256

0f698b8e7bbada0f489a3324e42deab181dd6f4cc484ee19089b1e294c45c636
SHA512

498a233064a48e6160b17c6a6a02c68a3b25ff2e4a5af6c2fa71112c7c39d2c216c8f02e7d491463184766364589a555206b2c88b710fc92a09b0fe3611ac23c
SSDEEP

98304:cVeM4VwHuokyfK8PGcx2HynIiprw0F80XZeGK:6AVw6kx2SnIe84eGK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f698b8e7bbada0f489a3324e42deab181dd6f4cc484ee19089b1e294c45c636

Files

0f698b8e7bbada0f489a3324e42deab181dd6f4cc484ee19089b1e294c45c636
.exe windows:6 windows x86 arch:x86

a52b0d6e68a672369339ad8663ac1b80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\install_project\install_main\install_and_uninstall\Release\Install.pdb

Imports

kernel32

GetStartupInfoW
GetVersion
GetPrivateProfileStringW
GetPrivateProfileIntW
OpenEventW
GlobalAddAtomW
GetFileSizeEx
GetCommandLineW
DecodePointer
LoadLibraryExW
lstrcmpiW
LoadLibraryA
CopyFileW
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
CreateProcessW
OutputDebugStringA
ResetEvent
GetSystemInfo
GetLongPathNameW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForMultipleObjects
CreateDirectoryW
GetShortPathNameW
FormatMessageW
GetEnvironmentVariableW
IsDebuggerPresent
EncodePointer
InitializeSListHead
WriteProcessMemory
GetTempFileNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
WideCharToMultiByte
MoveFileW
lstrlenW
GetWindowsDirectoryW
SetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateEventW
LocalAlloc
GetTickCount
Sleep
GetLastError
WritePrivateProfileStringW
WriteConsoleW
ReadConsoleW
SetStdHandle
WaitForSingleObjectEx
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetACP
GetModuleFileNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSectionEx
RaiseException
MultiByteToWideChar
UnlockFile
LockFile
GetFileSize
MulDiv
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFindAtomW
GlobalDeleteAtom
OpenProcess
GetCurrentProcessId
MoveFileExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetVersionExW
DeviceIoControl
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileAttributesExW
CreateFileW
LoadLibraryW
DosDateTimeToFileTime
GetProcAddress
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
OutputDebugStringW
SetFilePointer
ReadFile
LocalFileTimeToFileTime
GetTempFileNameA
GetTempPathA
CloseHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
CreateMutexW
WaitForSingleObject
LocalFree
SetEvent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
TlsAlloc
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
FileTimeToDosDateTime
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
OpenFileMappingW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
FlushFileBuffers
SetFileTime
SearchPathW
FindFirstChangeNotificationW
FindCloseChangeNotification
CompareFileTime
GetFileInformationByHandle
SetEndOfFile
GetStdHandle
InterlockedCompareExchange
FreeResource
GetSystemWindowsDirectoryW
lstrcmpA
lstrcmpiA
FileTimeToLocalFileTime
WriteFile
DeleteFileA
CreateFileA
SystemTimeToFileTime
GetSystemTime
GetFileTime
ReleaseMutex
FindNextFileA
FindFirstFileA
GetLocalTime

user32

UnhookWinEvent
SetWinEventHook
wsprintfW
SetTimer
KillTimer
DrawTextW
GetWindowTextLengthW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
SendMessageW
ShowWindow
IsWindowVisible
IsIconic
SetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
PostMessageW
IsWindow
SetCursor
SetRect
OffsetRect
LoadCursorW
ScreenToClient
PtInRect
CopyRect
DrawFocusRect
BeginPaint
EndPaint
IsRectEmpty
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
InvalidateRect
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
GetParent
UpdateLayeredWindow
SetWindowPos
SetWindowRgn
SystemParametersInfoW
WaitForInputIdle
GetSystemMetrics
GetShellWindow
MonitorFromWindow
UnregisterClassA
SendNotifyMessageW
SendMessageTimeoutW
RegisterWindowMessageW
MessageBoxW
IsDialogMessageW
EndDialog
DialogBoxParamW
DestroyWindow
EnableWindow
FindWindowW
RedrawWindow
GetMonitorInfoW
LoadImageW
GetWindow
MapWindowPoints
SetWindowTextW
BringWindowToTop
MoveWindow
PostQuitMessage
ExitWindowsEx
SetProcessDPIAware
CharNextW
GetWindowTextW

gdi32

SaveDC
RestoreDC
SetTextColor
SetBkMode
CreateRectRgn
CombineRgn
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SetBkColor
DeleteDC
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
EnumFontFamiliesW
DeleteObject
CreateFontW

advapi32

BuildExplicitAccessWithNameW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumValueW
DuplicateTokenEx
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
UnlockServiceDatabase
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeleteAce
EqualSid
LookupAccountSidW
LookupAccountNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetTokenInformation
GetTrusteeNameW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
RegGetValueW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHFileOperationW
ord165
SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHLoadInProc
ShellExecuteW
ShellExecuteExW
SHChangeNotify
SHGetDesktopFolder

ole32

CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoInitializeEx
OleRun

oleaut32

VariantCopy
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantInit
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
VarUI4FromStr

shlwapi

PathAppendA
PathFindFileNameA
PathRenameExtensionA
PathAppendW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
wnsprintfW
StrCmpW
PathFindFileNameW
SHGetValueW
PathUnquoteSpacesW
SHSetValueW
PathIsPrefixW
PathIsRelativeW
PathIsRootW
SHSetValueA
AssocQueryStringW
StrStrIW
SHDeleteValueW
StrStrIA
StrCmpNIW
StrTrimA
StrCmpIW
StrToIntExW
SHGetValueA
PathIsDirectoryW
SHDeleteKeyW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateSolidFill
GdipGraphicsClear
GdipDrawImagePointRectI
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCloneBrush
GdipDeleteBrush
GdipDrawString
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipFillRectangleI

cabinet

ord23
ord20
ord22

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcesses

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

secur32

GetUserNameExW

crypt32

CryptBinaryToStringW
CryptBinaryToStringA
CertGetNameStringW
CryptStringToBinaryW
CryptStringToBinaryA

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

StartEast
_Start@12

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a52b0d6e68a672369339ad8663ac1b80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

cabinet

version

psapi

setupapi

iphlpapi

wininet

urlmon

secur32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 29KB - Virtual size: 43KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 70KB - Virtual size: 69KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 29KB - Virtual size: 43KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 70KB - Virtual size: 69KB