insister[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

insister.exe
Size

5.8MB
MD5

60e45d43baef3333a067410b371c36e8
SHA1

1d173ab834410bfa277251c6c0a25011c271dc90
SHA256

7400895ed25a255ef7471bf26ac7bda44622de95c9e4f876075fd4ae9c95f67b
SHA512

687b763e95b1a2e9ba9959cfee1c04632adb33e3de65217495d5b4a6c53b17ffa22b77b6eb4385f5c141aaf944af87462b1f0ccfaa8165fba093fa1c1d240f10
SSDEEP

98304:SqkjX6cVC0zAWJSJDS00JdcCLvzyhprSM7Xm2pL1m/pyk8Nuegi:SHTVCmSeFzWJFL1maun

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
insister.exe

Files

insister.exe
.exe windows:6 windows x86 arch:x86

a7b548e2bd51ae78971c68afeee33214

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

comctl32

InitCommonControls

gdi32

DeleteObject
SelectObject
GetTextExtentPoint32A
GetDeviceCaps
SetBkMode
CreateFontA
GetStockObject
GdiFlush
CreateDIBSection
DeleteDC
SetTextColor
TextOutA
PatBlt
SetDIBitsToDevice
CreateCompatibleDC
SetBkColor

hid

HidD_GetHidGuid
HidD_GetAttributes

imm32

ImmGetCompositionStringA
ImmGetOpenStatus
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
ImmAssociateContext

kernel32

Sleep
FreeLibrary
GetProcAddress
lstrlenA
LoadLibraryA
DeleteFileA
QueryPerformanceCounter
MoveFileA
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetCurrentDirectoryA
CreateDirectoryA
GetFullPathNameA
CloseHandle
GetLastError
WaitForSingleObject
GetVersion
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
MultiByteToWideChar
CreateFileA
ReadFile
WriteFile
GetOverlappedResult
CreateEventA
GetTickCount
CreateMutexA
ReleaseMutex
SetThreadPriority
GetThreadPriority
SuspendThread
ResumeThread
GlobalMemoryStatus
GetDriveTypeA
SetErrorMode
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
FindClose
FindFirstFileA
SetEvent
ResetEvent
WaitForMultipleObjects
GetFileSize
SetEndOfFile
SetFilePointer
WideCharToMultiByte
CreateFileW
HeapFree
GetProcessHeap
IsProcessorFeaturePresent
InterlockedIncrement
InterlockedDecrement
lstrcmpW
MulDiv
GetCurrentThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetStdHandle
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
HeapAlloc
DecodePointer
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
HeapSize
WriteConsoleW

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc

shlwapi

PathFileExistsA
PathIsDirectoryA

user32

PostQuitMessage
LoadCursorA
EnumDisplayDevicesA
DefWindowProcA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
DestroyWindow
AnimateWindow
SetWindowPos
SetFocus
GetActiveWindow
LoadMenuA
GetMenu
SetMenu
GetSystemMenu
DestroyMenu
SystemParametersInfoA
UpdateWindow
PeekMessageA
InvalidateRect
SetWindowTextA
GetWindowTextA
GetWindowRect
AdjustWindowRectEx
GetWindowLongA
SetWindowLongA
SetRect
CallWindowProcA
ChangeDisplaySettingsA
PostThreadMessageA
GetQueueStatus
MsgWaitForMultipleObjects
RegisterClipboardFormatA
IntersectRect
DispatchMessageA
PostMessageA
SetActiveWindow
TranslateMessage
IsIconic
GetAsyncKeyState
SendMessageA
GetGuiResources
ScreenToClient
ClientToScreen
GetCursorPos
SetCursorPos
DeleteMenu
GetKeyboardState
wvsprintfA
LoadIconA
ReleaseDC
GetDC
GetSystemMetrics
MessageBoxA
ShowWindow
EndPaint
BeginPaint
GetClientRect
BringWindowToTop

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
timeEndPeriod
timeSetEvent

d3d8

Direct3DCreate8

ole32

CoTaskMemFree
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemAlloc
CoInitialize
CoUninitialize

Exports

Exports

�N��9��%�-��;�п�:8τ��C��J��%��U� ��]H��UhXH·n�W��<�o��韲9zA��-?˽@�?Q��%�e��c��z{\l��L?��@)��y ��~x��0��6�ϐ�_��9�9TύvG��c��[{L�y�Hf��̚1��)�C`#��*t�� <A!��˦bO5cW&j�Q&�)豈N#�ݲѧ�� N�$j�i$�NE��ڇA��u5��1�.�(�3��[��',}2�l(��G��$Ge)�Z��c;�`��h9�C��6�-4��V%Tc�s�s�G>ճ]�$h�PTbX�;�0I%�-kK�{|�*!�)�`�(e��f4�L�� q*�$��Ŭ��Ȏ۟�?��m"��6�R�׆ֵ�8�*�]�D�4��d:�˽��QfC7W��NHz1�� :�Zy�Ѣ�E(��'�+�9�c�nb�7s�e�J�*�y*#�w��i�X_�;�:� ,e�+�i�n��-�y,�|��9W��T��4mh+��J��c&��W��,[�$�3��J��6ER�};ԥ�q3��X��_[��[}s��nGS7LY��=��Wyܽ�`��dBs��U=�?]%l�+��g�{ErT9]i�2Q��x� 6��k:[�am&+\Uσ;8)�U(h@��e��E��T�� #�eɉT�=\Ҳ"�YaŒ�2﹩_�a٤]�W�N��§G_�j��<�?2��o�{��&ԫ_Sd㞗;K;|!)5�4��'�F�v�=/��(�&0v�Ű��S�-�;��_1T��"2]a�� J��js��k��B�D ��92��h|�`]~�S�0��6��N�'3�-�z��^��Qw��\��v"��H�*��v�]�#��#\f��W��?U%�!�Х��S2 %�`#&��&4��E}��C.�P��t��Z��Cm�Y7��%��-��K�wq�h=��ը�R��g�)�-ҧX�2�ў3K��E��>a� ��)U5ç�q�o��Z �i��N3� Ӷ�j�x��/G�P��7#]`��(��z�0op��V�ށd��5:k�V I��b8�׾�>:��]�r�P4��K�[?�{ ��2�J^g}.��L��hT��R��)5CO��7:�HZ(�JL��ƳWjw �|{f��O�N��f��.��lM|& 7�]y�n��%��NZVی��p��I]d��oe�"0�M��U�pwf�6a�"|��@��#e��l��v��[ӗ�=�`Y1��t9��aWL��V�$�0Ȅ�k��+�)�;��*d�yS��CD7��k��NBaӯ�xa��hQ\��~(��b{�Iv��U�"�� s��w#̱7'�U��we�6d;�{Gwv��,�#��Z��Ӯh�U#�v��be�v��<��Ux#T�ā� ��р��O�� ~�ū�4��il��a��ǄF��o�ܦ!-�1��{4�( �Ɓ{��g��h ��گw�/S�O/��SĐ�C+�G�2Ba�bG,[�r�c�&v@�$ R��3^�ju��`��O�׼[��8"FӺỷ�'�gy�S�o��,��D� ��Pl�R=X��?�Lo��*��+��6��0y�ز��kU��VB�O��E�j�$�g"1��(C.}�Q.}�=��d��g&��+�@��%�+��Hŭ�Ɠ� _��58��J�V&�� ^��g�pbz��G��ߜ�ȿ��f(��߀D�\��:/A6��ɪ`ZW`�t��l��~��j�,�F"Ѽ��0O�1��'��@�P��N< �7��+��g�9�,�� f*�֥G��X�-X)$��| V��uR��6]�9%��Ćl��}�Q֡z��&KzS�;�*OQ��tEƦ.�Rp|��ک��FMP�7T��ƞ��k�p��Ҟ�y�t��N��\�'m� !��7 8b�'i��-��?��2�ZTA��A�%�� P�8r2$.fu��{C� NʔeXGL,F�i��6u��)�/��^Cj~�ڢ e@=h�D7��÷��[W ֐��I��~D&�T�W�OY��>:�E2��j-1(��94��j�"��3�<䖡��L�㺽O��ЫZ�>4#~K��,=�ֲ��p�u��x�`��3��I?��+��!��ibS��\�VX C�PK��T�n͈;R [�{��i�A��0=�ʱ�8�^.��g�@�"]�ZO��G[� =��њ=��s�,4�e��+��CT�5��Ɓ�Z��҄��L]v�X��0-T�j 1��7��.KU�`J��c�ݼ�zw��%Vq5�a��Q��Ͱ/�� >��0��I��}��l;��gj#t �n��h��L�t�'��ߕ\#��ರ�IN��3�#"f�a��u��O��S�j9��H�Oe �z��P�m4�^HM9�ԑe=�M�yA�~՝ka��89��bw+��'Z�D׫�� E�f�J�f��+� �]*i�ҏ�|��j�Q7��Iy�j_��+øo3��n��~Cv�yςnW,��%��g��0ql�68K��,�X- CDK��Ӑ��@(��*��V�'-ZJoz��E H��a ��SL-K��A��N}�; ��8�P�pƅ�d��?�H�X��h�lyi&I�k�}�9j��j+#zL�f�m�$�aK�`OGf �� H��T�T�se�n��{�# ��g�_J��βxk�T��0+�h� �:'��Dp�"��s6�bF�#�SF7^z��{��8E,��B��6��Uχ��{7giJmX�4=۾5:�2�q�X��;�8�odl@ ;��h��A&��aׁ9��~��s�x��qs��g֦ԟ��E�nP �x�{!#��t�Zhe�`��kqq��|˗��I��`6�FH�=�7A�BT��d��c��xo��fMp� ��.#@>�Z^��".��s�=�� aC�O�!b�%��Weȩ�=�b��q��V��5Ey^^��5i9?�|%��hY�M��\��7�@ϰ#��?�ޓ�~�3JH�_vs��,SߏL�q�|:��%O��`d:�3��}�{�/K��1�^�ZN��Vqɠ��.Ⱦ��eo)�

Sections

Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 443KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 67KB - Virtual size: 9.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.04Ver
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7b548e2bd51ae78971c68afeee33214

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

hid

imm32

kernel32

setupapi

shell32

shlwapi

user32

version

winmm

d3d8

ole32

Exports

Exports

Sections

Size: 2.6MB - Virtual size: 2.6MB

Size: 443KB - Virtual size: 452KB

Size: 67KB - Virtual size: 9.3MB

Size: 2KB - Virtual size: 312KB

Size: 111KB - Virtual size: 112KB

.rsrc Size: 306KB - Virtual size: 7.9MB

.data Size: 2.2MB - Virtual size: 2.2MB

.04Ver Size: 6KB - Virtual size: 8KB

.rsrc
Size: 306KB - Virtual size: 7.9MB

.data
Size: 2.2MB - Virtual size: 2.2MB

.04Ver
Size: 6KB - Virtual size: 8KB