c7431441c1b73f6be88d9d9a627c3b08e381623afa4b115cff9f3d3dec058132N

Sharing

Copy URL Twitter E-mail

General

Target

c7431441c1b73f6be88d9d9a627c3b08e381623afa4b115cff9f3d3dec058132N
Size

548KB
MD5

dfee4201886f317cd107820514ded300
SHA1

6792e8c92c12c1b6c4b3cf64f2f3662480d3cf96
SHA256

c7431441c1b73f6be88d9d9a627c3b08e381623afa4b115cff9f3d3dec058132
SHA512

0b8ba72826860e3b665e0e229952eb2df28cc64073a2e69cc9d6c7cc3ea01ad0e9a5041ef9e8137c7def2c0e2533ce438a796421961d05cfc8db251604299d4a
SSDEEP

12288:+V5pqWEkE2nzNNWTF7MbHm1LTaFVwNV9Nhth9e/ug36rl+jSB:48KK10AS/v36Yk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7431441c1b73f6be88d9d9a627c3b08e381623afa4b115cff9f3d3dec058132N

Files

c7431441c1b73f6be88d9d9a627c3b08e381623afa4b115cff9f3d3dec058132N
.exe windows:5 windows x86 arch:x86

aaddd6ed84a868ede6d8976d69184553

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\PatchesMaker\code\Source\NSISPlugin\7zPatchTInstaller\output\UpdateInstaller.pdb

Imports

kernel32

LoadLibraryW
CopyFileW
Sleep
MoveFileExW
SetFileAttributesW
OutputDebugStringW
WriteFile
CreateFileW
WideCharToMultiByte
LoadLibraryExW
GetModuleFileNameW
LocalFree
FormatMessageW
GetWindowsDirectoryW
GetSystemDirectoryW
CloseHandle
SetFileTime
MoveFileW
GetShortPathNameW
lstrlenW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempPathW
GetTempFileNameW
FindClose
FindFirstFileW
FindNextFileW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
GetFileInformationByHandle
ReadFile
SetEndOfFile
GetCurrentProcess
CompareFileTime
FileTimeToSystemTime
GetSystemInfo
GlobalMemoryStatus
GetProcAddress
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
FileTimeToLocalFileTime
SetCurrentDirectoryW
GetDriveTypeW
AreFileApisANSI
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
SetFileApisToANSI
SetFileApisToOEM
GetVersionExW
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
FreeLibrary
GetLastError
RemoveDirectoryW
GetFileAttributesW
DeleteFileW
lstrlenA
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineW
MultiByteToWideChar
GetModuleHandleW
CreateDirectoryW
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

user32

CharNextA
wsprintfW
CharPrevExA
CharToOemW
CharUpperW
FindWindowExW
GetDlgItem
IsWindow
FindWindowW
SendMessageW
CharUpperA

advapi32

RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

oleaut32

VariantClear
SysStringByteLen
SysAllocString
VariantCopy

msvcp100

??0_Lockit@std@@QAE@H@Z
?rdstate@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?flags@ios_base@std@@QBEHXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0_Container_base12@std@@QAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z

msvcr100

_crt_debugger_hook
_controlfp_s
_invoke_watson
wcstok
_wcsnicmp
wcslen
wcscpy_s
wcsrchr
_waccess
??_V@YAXPAX@Z
mbstowcs
setlocale
__CxxFrameHandler3
strlen
memset
wcsncpy_s
_wtol
wcschr
_vswprintf
_snwprintf
_findclose
_wfindnext64i32
_wfindfirst64i32
_vswprintf_c_l
fclose
_wfopen
wcscat
wcsftime
_localtime64
_time64
wcscat_s
_CxxThrowException
_lock_file
_unlock_file
fwrite
fputc
ungetc
memcpy_s
fgetc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
memmove
memcpy
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
getc
putc
fread
exit
fprintf
__iob_func
fopen
strcmp
fgetws
malloc
free
srand
rand
feof
fputs
memcmp
_purecall
_beginthreadex
_except_handler3
strchr
sprintf
sscanf
sprintf_s
strpbrk
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common

Exports

Exports

ExtractArchive
_RegesterUserWnd@20

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aaddd6ed84a868ede6d8976d69184553

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

oleaut32

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 387KB - Virtual size: 387KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 77KB - Virtual size: 80KB

.text
Size: 387KB - Virtual size: 387KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 77KB - Virtual size: 80KB