b352b9d63ec57c358401f953e5ad31caa2a2077c48bc401af7d1ce9ef0048ffb

Sharing

Copy URL Twitter E-mail

General

Target

b352b9d63ec57c358401f953e5ad31caa2a2077c48bc401af7d1ce9ef0048ffb
Size

1.9MB
MD5

150fa170041c9c6032e3bd902412bab3
SHA1

13d13693a847304cccd59af00401a725a928762c
SHA256

b352b9d63ec57c358401f953e5ad31caa2a2077c48bc401af7d1ce9ef0048ffb
SHA512

2a1b22f1cc68148ebac383f3a88ef302bfe6409ac3bc03080accbd2f51e75dc289ae42f00e960f8af88deb1b7de21d23336e3534d7d999124410a00f1ffc2c86
SSDEEP

24576:k3TxuuybFsqjnhMgeiCl7G0nehbGZpbD:5ucDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b352b9d63ec57c358401f953e5ad31caa2a2077c48bc401af7d1ce9ef0048ffb

Files

b352b9d63ec57c358401f953e5ad31caa2a2077c48bc401af7d1ce9ef0048ffb
.exe windows:6 windows x64 arch:x64

700ebcf4d99ff1e8ddc0f5ec595b6d83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\chencal\Documents\GitHub\BtBHost-Utils\WizInstaller\Symbols\x64\WizInstaller.pdb

Imports

tapi32

lineGetTranslateCapsW
lineGetCountryW

shlwapi

StrCpyW
StrCmpW
StrCmpIW
StrChrW
StrCmpNIW
StrCSpnW
StrPBrkW
StrRChrW
StrStrIW
StrTrimA
StrTrimW
PathMakeSystemFolderW
StrCpyNW
StrCatW

kernel32

EnumSystemLocalesEx
IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
GetLocaleInfoEx
VerSetConditionMask
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetLongPathNameW
WriteFile
CloseHandle
GetLastError
WaitForSingleObject
Sleep
GetCurrentProcess
CreateProcessW
SetPriorityClass
GetLocalTime
GetTickCount
GetVersionExW
GetProductInfo
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
GlobalAlloc
GlobalFree
GlobalMemoryStatus
LocalAlloc
LocalFree
FormatMessageW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
CopyFileW
VerifyVersionInfoW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
GetLocaleInfoW
GetGeoInfoW
GetUserGeoID
GetUserDefaultUILanguage
GetUserDefaultLangID
EnumUILanguagesW
CompareStringEx
GetDateFormatEx
GetTimeFormatEx
HeapReAlloc
GetStringTypeW
FlsFree
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetEndOfFile
ReadFile
ReadConsoleW
SetEnvironmentVariableA
FlsGetValue
FlsSetValue
GetProcAddress
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetConsoleCtrlHandler
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
TerminateProcess
GetTickCount64
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
InitOnceExecuteOnce
GetFileType
lstrlenA
WideCharToMultiByte
lstrlenW
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
GetCurrentThread
GetCurrentThreadId
GetStdHandle
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FatalAppExitA

user32

GetSystemMetrics
wsprintfW

advapi32

LookupPrivilegeValueW
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegLoadKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW
SHChangeNotify
SHGetFolderPathW
SHSetLocalizedName

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
StringFromCLSID
CLSIDFromProgID
CoCreateGuid
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString
SetErrorInfo
GetErrorInfo
CreateErrorInfo

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

700ebcf4d99ff1e8ddc0f5ec595b6d83

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

tapi32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 270KB - Virtual size: 270KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 7KB - Virtual size: 27KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 270KB - Virtual size: 270KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 7KB - Virtual size: 27KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB