3d0c4fd623e31de09ddf7ae542a35d0e17819529077a1a2cc4b045b0b1eb3c34N

Sharing

Copy URL Twitter E-mail

General

Target

3d0c4fd623e31de09ddf7ae542a35d0e17819529077a1a2cc4b045b0b1eb3c34N
Size

14KB
MD5

275f229e9594e833cff2a9c2d4042c90
SHA1

2b5cc9e8e22df0b2b601d130cc735870c8624538
SHA256

3d0c4fd623e31de09ddf7ae542a35d0e17819529077a1a2cc4b045b0b1eb3c34
SHA512

a6ae0dd0105fe903e0f72b366e1f02327be45a79a1c943a1d6f81b17fd73e1f76a5f74b4f7828c5e00ebe77264b8c9496c312bd431e803979ef835bff7c908e9
SSDEEP

384:PYtGgW+WNVQep0jiXVOY3opmEx+uYD1OUiG2rR+rJ:PJ++UWoY3op7qA8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msiregmv.exe

Files

3d0c4fd623e31de09ddf7ae542a35d0e17819529077a1a2cc4b045b0b1eb3c34N
.cab
msiregmv.exe
.exe windows:5 windows x86 arch:x86

23c9420c017923e09e99596951fb33a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
GetVersionExA
DeleteFileW
RemoveDirectoryW
GetTickCount
ReadFile
GetCurrentThread
GetCurrentProcess
GetLastError
lstrcpynW
lstrcpyW
lstrcmpW
CompareStringW
HeapAlloc
GetTempPathW
GetTempFileNameW
CloseHandle
CreateFileW
lstrlenW
WriteFile
GetWindowsDirectoryW
lstrcatW
HeapFree
GetProcessHeap
GetStartupInfoA

msvcrt

_controlfp
_except_handler3
_vsnwprintf
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

advapi32

RegCloseKey
RegGetKeySecurity
GetSecurityDescriptorOwner
EqualSid
AllocateAndInitializeSid
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
OpenThreadToken
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
FreeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
AddAccessAllowedAce
InitializeAcl
RegDeleteKeyW
RegSetKeySecurity
OpenProcessToken

user32

CharNextW
CharPrevW
wsprintfW

msi

ord150
ord118
ord119
ord92
ord32
ord159
ord17
ord125
ord121
ord163
ord160
ord116
ord8
ord78

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23c9420c017923e09e99596951fb33a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

msi

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 32KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB