Static task
static1
General
-
Target
set_up_5.2.3-doc-uninsta.v11
-
Size
6.0MB
-
MD5
31eedd8d089ede700293719349f05d19
-
SHA1
2b72b50ae21b59bdc021dae8a0d85a3846b2bc54
-
SHA256
ea81d81fd4319fd4a2ba6f29fa16777c2135a051e786c568d8d9b53c94a2d98b
-
SHA512
b82387858b7e5684fbf40aa24b0a25e901d0aa48845ac3a18fd4d158799b0e9caf5f24c7897a78e5064a19dd3541f1961d91ab50b3608194573eed9e9ddb482d
-
SSDEEP
49152:oLIU6i4GtlqDVwASOkcP7K8V2NbfM4IwHW2S1m/MpxqrMmM+nmhxKKA9sEf2YEar:b+r+1V4JrUWDmmmbV5Zw9htKPURgl
Malware Config
Signatures
-
Embeds OpenSSL 1 IoCs
Embeds OpenSSL, may be used to circumvent TLS interception.
resource yara_rule sample embeds_openssl -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource set_up_5.2.3-doc-uninsta.v11
Files
-
set_up_5.2.3-doc-uninsta.v11.exe windows:6 windows x64 arch:x64
60782fb9ebe830a0385792092eb744df
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
GetTickCount64
GetModuleHandleW
SetFileCompletionNotificationModes
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
GetHandleInformation
CreateMutexA
GetCurrentProcessId
TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObject
IsDebuggerPresent
SetHandleInformation
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
Sleep
SetEvent
CreateEventA
CloseHandle
QueryPerformanceFrequency
QueryPerformanceCounter
LocalFree
WideCharToMultiByte
GetCurrentProcess
VirtualProtectEx
GetConsoleWindow
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
FormatMessageA
WriteConsoleW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
DeleteCriticalSection
LeaveCriticalSection
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
EncodePointer
DecodePointer
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
ReleaseSemaphore
OpenEventA
ResetEvent
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleA
CreateWaitableTimerA
GetCurrentDirectoryW
GetModuleFileNameW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetEndOfFile
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExW
FindClose
FindFirstFileW
FindNextFileW
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
GetSystemDirectoryA
CreateSemaphoreA
GetACP
GetStdHandle
GetFileType
WriteFile
RtlVirtualUnwind
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
ExitProcess
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
GetFullPathNameW
SetStdHandle
FindFirstFileExW
EnumSystemFirmwareTables
user32
GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
ShowWindow
advapi32
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ws2_32
WSASendTo
WSASend
WSARecvFrom
WSARecv
socket
shutdown
getservbyname
sendto
recvfrom
inet_ntoa
inet_addr
freeaddrinfo
getaddrinfo
ntohl
WSAIoctl
select
getpeername
getnameinfo
WSASocketA
WSACleanup
WSAStartup
setsockopt
send
recv
listen
htons
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError
WSAPoll
WSASetLastError
gethostbyaddr
getservbyport
gethostbyname
ntohs
iphlpapi
if_indextoname
GetAdaptersAddresses
crypt32
CertOpenSystemStoreW
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 64KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 188KB - Virtual size: 188KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ