App_Installer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

App_Installer.exe
Size

68.1MB
MD5

9ce5da2670c3f3105dccfd2a7a8b8ea8
SHA1

7ea79e80b932fb1d5bb90f8aa2177891fffd11e9
SHA256

4bdbf8c72c59d5d804c4f3e128f1326a00c7df5822d341988737f5b74ccfefa2
SHA512

42d6ad0ca02e37629983b1b8da8caa8f4c5e4c930c67148901001f5888bcd9e198b6dd1ef6682e12f640ca286378fce67707f3bbcb4c019b6edb4ff1f284cd4a
SSDEEP

786432:Ysh10dBsh10dZsh10dCsh10dgsh10dTsh10dPsh10d8sh10d+sh10dFsh10dtshp:dkEksk9k/kGkakPkdkgkwkZk/k1k+k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

App_Installer.exe

resource
App_Installer.exe

Files

App_Installer.exe
.exe windows:6 windows x86 arch:x86

7aa92096b259e09d092b7ede5bb0f176

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerifyVersionInfoW
SetSystemPowerState
VerLanguageNameW
HeapSize
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
IsSystemResumeAutomatic
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
VirtualProtect
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
HeapAlloc
HeapFree
RequestWakeupLatency
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
CloseHandle
WriteFile
CreateFileW
SetFilePointerEx
VerSetConditionMask
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
WriteConsoleW

ole32

StringFromGUID2
CLSIDFromProgID
StringFromCLSID
CoInitializeSecurity
CoRevokeClassObject
CoTaskMemAlloc
CoGetClassObject
CoInitializeEx
CoGetCurrentProcess
CoUninitialize
CoGetMalloc
CoTaskMemFree
CoCreateGuid
CoRegisterClassObject

powrprof

GetPwrCapabilities
PowerDeterminePlatformRoleEx
PowerSettingRegisterNotification
PowerSettingUnregisterNotification
IsPwrSuspendAllowed
IsPwrHibernateAllowed
IsPwrShutdownAllowed
SetSuspendState

shlwapi

PathAddBackslashW
StrCmpW
StrTrimW
PathFileExistsW
StrStrW
StrChrW
PathFindExtensionW
PathRemoveFileSpecW
StrToIntW
PathIsDirectoryW

cfgmgr32

CM_Locate_DevNodeW
CM_Is_Version_Available
CM_Get_Sibling
CM_Get_Parent
CM_Get_Device_Interface_List_SizeW
CM_Get_DevNode_Status
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Depth
CM_Get_Child

version

GetFileVersionInfoW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeW
VerInstallFileW
VerFindFileW

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67.8MB - Virtual size: 67.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7aa92096b259e09d092b7ede5bb0f176

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

powrprof

shlwapi

cfgmgr32

version

Sections

.text Size: 258KB - Virtual size: 257KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 5KB - Virtual size: 8KB

_RDATA Size: 1KB - Virtual size: 1KB

.fptable Size: 512B - Virtual size: 128B

.rsrc Size: 67.8MB - Virtual size: 67.8MB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 258KB - Virtual size: 257KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 5KB - Virtual size: 8KB

_RDATA
Size: 1KB - Virtual size: 1KB

.fptable
Size: 512B - Virtual size: 128B

.rsrc
Size: 67.8MB - Virtual size: 67.8MB

.reloc
Size: 12KB - Virtual size: 11KB