35a6f7573789b859bbb519d673ccf903cffbf6e760d97fc80e24016852b2f495N

Sharing

Copy URL

Twitter E-mail

General

Target

35a6f7573789b859bbb519d673ccf903cffbf6e760d97fc80e24016852b2f495N
Size

590KB
MD5

82fb522c3fbdc933448b9ab98c4a4670
SHA1

18dcffe349f3506942f40eb9a6add2f3c3b475ed
SHA256

35a6f7573789b859bbb519d673ccf903cffbf6e760d97fc80e24016852b2f495
SHA512

c511cd37cd53da8fb010b30c8aae65587dba4ea2b9267edbb03c68318f27c60e2197c089f0fa0171ab0f703ce8a6f898c255c78fbfbfaa2b986b85ce7bf6fd35
SSDEEP

6144:FqJiPjw6mM33TzbaH+MHxMrULgDoeicTByYx/UO1l4AkLW1YVcPCNoeuBCZi/2r7:BMHxMDZ108cO1lpksLLLCE2rhx/QHH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35a6f7573789b859bbb519d673ccf903cffbf6e760d97fc80e24016852b2f495N

Files

35a6f7573789b859bbb519d673ccf903cffbf6e760d97fc80e24016852b2f495N
.exe windows:6 windows x64 arch:x64

23c30bb2319e393cc31ba73879298e12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

spinstall.pdb

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegQueryValueExW
RegCloseKey
ConvertSidToStringSidW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegFlushKey
InitiateShutdownW
LookupAccountNameW
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorOwner
SetSecurityDescriptorControl
GetTokenInformation
RegEnumKeyExW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
OpenServiceW
QueryServiceConfigW
EventRegister
EventUnregister
EventWrite

kernel32

WaitForSingleObject
GetExitCodeProcess
IsWow64Process
GetCurrentProcess
GetNativeSystemInfo
ReleaseMutex
GetWindowsDirectoryW
GetFileAttributesW
GetUILanguageInfo
GetVersionExW
GetProductInfo
EnumUILanguagesW
DeviceIoControl
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
CreateProcessW
LocalFree
SetLastError
Sleep
CreateEventW
SetEvent
MultiByteToWideChar
CreateThread
GetFileMUIPath
GetSystemPowerStatus
GetSystemTime
SystemTimeToFileTime
CreateDirectoryW
GetFileSizeEx
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
GetSystemWindowsDirectoryW
GetModuleHandleW
GetFullPathNameW
FormatMessageW
lstrlenW
GetFileSize
ReadFile
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalFree
WideCharToMultiByte
SetFilePointer
SetEndOfFile
WriteFile
OutputDebugStringA
SearchPathW
GetEnvironmentVariableW
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcAddress
CreateFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
RaiseException
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
MoveFileExW
CompareFileTime
SetFileTime
DeleteFileW
CloseHandle
CreateMutexW
FreeLibrary
GetLastError
LoadLibraryW
LocalAlloc
GetFileAttributesExW

user32

MessageBoxW
UnregisterClassA

msvcrt

_amsg_exit
_initterm
__setusermatherr
_fmode
vsprintf_s
_vscprintf
_wtoi
iswdigit
_unlock
_vsnwprintf
__set_app_type
_commode
wcsncmp
??1type_info@@UEAA@XZ
_wtol
isdigit
_wcsnicmp
_purecall
wcschr
_wcslwr_s
towupper
wcscspn
calloc
_resetstkoflw
vswprintf_s
_vscwprintf
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
??2@YAPEAX_K@Z
malloc
_wcsicmp
memset
__C_specific_handler
memmove_s
free
memcpy_s
??3@YAXPEAX@Z
__dllonexit
_lock
_onexit
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
wcsstr
_vsnprintf
__CxxFrameHandler3
_CxxThrowException
?terminate@@YAXXZ
wcstoul
wcsrchr
memcpy

shell32

CommandLineToArgvW
SHCreateItemFromParsingName
SHFileOperationW

ole32

CoSetProxyBlanket
StringFromGUID2
CoGetMalloc
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
VariantClear
VariantChangeType
SysFreeString
SysAllocStringLen

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNumberOfClearBits
RtlInitializeBitMap
RtlSetBits
RtlAreBitsSet
RtlAreBitsClear

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

shlwapi

SHCreateStreamOnFileW
PathIsURLW
PathRemoveFileSpecW
PathCombineW
PathFindFileNameW
PathFileExistsW

xmllite

CreateXmlReader

crypt32

CertFreeCertificateContext
CertAddCertificateContextToStore
CertCreateCertificateContext
CertCloseStore
CertOpenStore

userenv

UnloadUserProfile

sqmapi

SqmSetAppId
SqmSetEnabled
SqmGetSession
SqmIsWindowsOptedIn
SqmEndSession
SqmWaitForUploadComplete
SqmAddToStreamV
SqmSet
SqmReadSharedMachineId
SqmCreateNewId
SqmWriteSharedMachineId
SqmSetMachineId
SqmSetBits
SqmSetString
SqmStartUpload

winbrand

BrandingFormatString

wer

WerpSetCallBack
WerReportSetParameter
WerReportSetUIOption
WerReportSubmit
WerReportCloseHandle
WerReportCreate

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext

Sections

.text
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23c30bb2319e393cc31ba73879298e12

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

oleaut32

version

ntdll

wtsapi32

shlwapi

xmllite

crypt32

userenv

sqmapi

winbrand

wer

wintrust

Sections

.text Size: 562KB - Virtual size: 562KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 2KB

�� Size: 2KB - Virtual size: 1KB

.text
Size: 562KB - Virtual size: 562KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

��
Size: 2KB - Virtual size: 1KB