eb53bb54f397a3d471eaf083541749e7da98aa10ee588c153ddc388a1556b8bcN

Sharing

Copy URL Twitter E-mail

General

Target

eb53bb54f397a3d471eaf083541749e7da98aa10ee588c153ddc388a1556b8bcN
Size

1.5MB
MD5

9c74612f4856e2c676c36aa8dd4f7a00
SHA1

f2bb480a30d437c4fffcbf93132f488c91f5ac7b
SHA256

eb53bb54f397a3d471eaf083541749e7da98aa10ee588c153ddc388a1556b8bc
SHA512

fc92e95f3cbd87e61c584c007ff0c7b9e0a18a2964c90961b069415695b649f05a15232a7dc99d1701dbda13a4a061a404dc897d2dd4abb277cb5f54e0e06b23
SSDEEP

24576:SFrXo/djr4ePUu9ZYOorj+x5KUidWMEiIEUEAQyt6FUHFtSl:msdVXYTrSCWMEiIpEAQDqlcl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb53bb54f397a3d471eaf083541749e7da98aa10ee588c153ddc388a1556b8bcN

Files

eb53bb54f397a3d471eaf083541749e7da98aa10ee588c153ddc388a1556b8bcN
.exe windows:5 windows x64 arch:x64

52c111e6f3be7e9f8df03c510f7a72c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\jenkins\workspace\Client\Client\Windows\release\Bin\x64\Release\NewInstaller.pdb

Imports

psapi

EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcessModules

shlwapi

PathAppendW
PathFileExistsA
StrCmpNIW
PathIsRelativeW
PathAddBackslashW
PathCombineW
PathFileExistsW
PathIsNetworkPathW
PathUnquoteSpacesW
PathIsPrefixW
PathRemoveFileSpecW
PathRemoveBackslashW

kernel32

TlsFree
GetModuleFileNameW
IsBadStringPtrW
OpenProcess
IsBadReadPtr
FindFirstFileW
FindNextFileW
ExpandEnvironmentStringsW
DeviceIoControl
RemoveDirectoryW
GetTempPathW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
LoadLibraryW
MoveFileExW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
MoveFileW
LoadLibraryExW
CopyFileW
Sleep
OutputDebugStringW
CreateProcessW
SetDllDirectoryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalFree
CreateMutexW
OpenMutexW
TerminateProcess
QueryFullProcessImageNameW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetFileType
GetFullPathNameW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetTickCount
GetStdHandle
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetFileSizeEx
SetStdHandle
SetEndOfFile
HeapReAlloc
GetDriveTypeW
ExitProcess
GetCPInfo
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
WriteConsoleW
SetCurrentDirectoryW
GetCurrentDirectoryW
HeapSize
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
InitializeSListHead
EncodePointer
LCMapStringEx
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
GetModuleFileNameA
GetTempPathA
GetFileAttributesA
GlobalAlloc
LoadLibraryExA
QueryDosDeviceW
K32GetProcessImageFileNameW
GetWindowsDirectoryW
GetProcessTimes
DosDateTimeToFileTime
TlsGetValue
FreeLibrary
LocalFileTimeToFileTime
SetFileTime
SetLastError
TlsSetValue
GetProcessHeap
HeapAlloc
CreateFileA
SetFilePointer
WriteFile
HeapFree
ReadFile
SetFileAttributesW
CreateDirectoryW
GetSystemDirectoryW
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
CreateFileW
CreateDirectoryA
WideCharToMultiByte
GetWindowsDirectoryA
DeleteFileW
MultiByteToWideChar
TlsAlloc
GetModuleHandleA
GetVersionExW
FindClose
OutputDebugStringA
GetCurrentProcess
FindFirstFileA
lstrlenW
GetCurrentProcessId
GetLocalTime
GetCurrentThreadId
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
DecodePointer
RaiseException
CloseHandle
GetFileAttributesW
WaitForSingleObject
InitializeCriticalSectionEx
GetLastError
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEnvironmentVariableW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleExW
GlobalFree

user32

EndPaint
LoadBitmapW
ShowWindow
LoadCursorW
SetCursor
CopyRect
IntersectRect
GetSysColor
SetRect
ReleaseDC
GetWindowThreadProcessId
GetWindowLongPtrW
EnumWindows
InflateRect
OffsetRect
wvsprintfW
SendMessageW
UnregisterClassW
InvalidateRect
BeginPaint
ReleaseCapture
GetClientRect
SetCapture
GetUpdateRect
GetDC
DrawEdge
DrawTextW
IsRectEmpty
CharNextW
LoadStringW
FillRect
TranslateMessage
DispatchMessageW
GetMessageW
FindWindowW
EnableMenuItem
PostQuitMessage
MessageBoxW
PostMessageW
GetMenuState
GetSystemMenu
GetParent
SystemParametersInfoW
LoadIconW
SetTimer
IsWindow
RegisterClassExW
CreateWindowExW
SetWindowPos
DestroyWindow
GetWindowRect
DefWindowProcW
SendMessageTimeoutW
PtInRect

gdi32

TextOutW
GetStockObject
BitBlt
GetTextExtentPoint32W
LineTo
CreatePen
Rectangle
GetObjectW
MoveToEx
CreateSolidBrush
CreateFontIndirectW
RoundRect
SelectObject
DeleteDC
GetClipBox
CreateRectRgnIndirect
SetTextColor
SetBkMode
ExtSelectClipRgn
CreateCompatibleBitmap
SaveDC
CreateCompatibleDC
RestoreDC
SetBkColor
ExtTextOutW
GetObjectType
GetTextMetricsW
SelectClipRgn
DeleteObject

advapi32

DuplicateTokenEx
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
RegEnumValueW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegDeleteKeyW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
GetUserNameW

shell32

ShellExecuteExW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHChangeNotify
SHFileOperationW
ShellExecuteW
SHGetFolderPathA
SHFileOperationA

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
PropVariantClear
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantChangeType
VariantInit
VariantClear

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

52c111e6f3be7e9f8df03c510f7a72c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 557KB - Virtual size: 557KB

.rdata Size: 182KB - Virtual size: 181KB

.data Size: 8KB - Virtual size: 26KB

.pdata Size: 24KB - Virtual size: 24KB

.didat Size: 512B - Virtual size: 56B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 195KB - Virtual size: 194KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 182KB - Virtual size: 181KB

.data
Size: 8KB - Virtual size: 26KB

.pdata
Size: 24KB - Virtual size: 24KB

.didat
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 195KB - Virtual size: 194KB

.reloc
Size: 572KB - Virtual size: 576KB