Install_Hack_x32_x64_win (7878)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Install_Hack_x32_x64_win (7878).rar
Size

68.0MB
MD5

4276885ff19f1294d45471ec4327eff5
SHA1

b7eb014acd2545985297b1fd858297fd8dc58d85
SHA256

8f311d0a76bf17f1e42b4e9f414f47aeff7d22099624deaceb5a06399176d3d8
SHA512

869df71a475068a0db9a1572e51d64e68286db37548a6341200f27dca59324c29943b768213f22a4c8883c642f6aa058a40f3303f95fd6ceef4d160ce8b68c69
SSDEEP

1572864:UT9PgA3Z5zhjyoQDvxikYiyqY5p01m0J0HRPuYZRo7Q:U5/3f1j1+xpYPjB0J0xPuQos

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Data/burger_client/8866F8A9-70C9-43A2-BFBE-EE00AA2DC417/aboba.dll
unpack001/aboba.dll

Files

Install_Hack_x32_x64_win (7878).rar
.rar
Data/burger_client/8866F8A9-70C9-43A2-BFBE-EE00AA2DC417/44ED97C8-2D40-4A50-913D-673F6858B9AF
Data/burger_client/8866F8A9-70C9-43A2-BFBE-EE00AA2DC417/aboba.dll
.dll windows:4 windows x86 arch:x86

Password: 7878

c03f799a1deba8703e16bcee46983d74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFlags
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
CompareFileTime
EnumDateFormatsW
EnumResourceLanguagesA
GetExpandedNameA
GetWriteWatch
GlobalMemoryStatus
QueryProcessCycleTime
Wow64DisableWow64FsRedirection
Wow64SetThreadContext

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

clusapi

CloseClusterGroup
ClusterGroupCloseEnum
CreateClusterResourceType
GetClusterQuorumResource
GetClusterResourceNetworkName
OnlineClusterGroup

crypt32

CertEnumCRLsInStore
CertGetIntendedKeyUsage
CertGetValidUsages
CertRemoveEnhancedKeyUsageIdentifier
CertVerifyRevocation
CryptExportPublicKeyInfoFromBCryptKeyHandle
CryptHashCertificate2
CryptUnregisterOIDInfo

msdrm

DRMCloseSession
DRMDeleteLicense
DRMDuplicatePubHandle
DRMGetBoundLicenseAttributeCount
DRMGetUsagePolicy
DRMGetUserRights
DRMSetIntervalTime
DRMSetNameAndDescription
DRMSetUsagePolicy

powrprof

DevicePowerEnumDevices
DevicePowerSetDeviceState
GetCurrentPowerPolicies
PowerCreatePossibleSetting
PowerReadACValue
PowerWriteSettingAttributes
ReadGlobalPwrPolicy

qwave

QOSAddSocketToFlow
QOSCancel
QOSCloseHandle
QOSCreateHandle
QOSNotifyFlow
QOSRemoveSocketFromFlow
QOSStartTrackingClient
QOSStopTrackingClient

rasapi32

RasConnectionNotificationW
RasGetAutodialParamW
RasGetCountryInfoA
RasGetErrorStringW
RasGetSubEntryPropertiesA
RasSetEntryPropertiesW
RasSetSubEntryPropertiesW

secur32

ChangeAccountPasswordA
DeleteSecurityPackageA
GetUserNameExA
LsaEnumerateLogonSessions
LsaRegisterPolicyChangeNotification
QuerySecurityPackageInfoW
SspiLocalFree
VerifySignature

slc

SLGetApplicationInformation
SLGetLicenseFileId
SLGetPKeyId
SLGetSLIDList
SLGetWindowsInformation
SLInstallLicense
SLRegisterEvent
SLSetGenuineInformation
SLUnregisterEvent

tdh

TdhEnumerateProviderFilters
TdhEnumerateProviders
TdhFormatProperty
TdhGetEventInformation
TdhGetEventMapInformation
TdhGetProperty
TdhGetPropertySize
TdhLoadManifest
TdhUnloadManifest

user32

DdeImpersonateClient
GetClassInfoExA
GetScrollRange
GetSysColor
IsHungAppWindow
MonitorFromRect
SendDlgItemMessageA

userenv

CreateEnvironmentBlock
GetAppliedGPOListA
GetGPOListA
GetProfilesDirectoryW
LeaveCriticalPolicySection
LoadUserProfileA
ProcessGroupPolicyCompleted
RsopSetPolicySettingStatus

Exports

Exports

boODtMeaqOBVgETx

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 184B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aboba.dll
.dll windows:4 windows x86 arch:x86

Password: 7878

c03f799a1deba8703e16bcee46983d74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFlags
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
CompareFileTime
EnumDateFormatsW
EnumResourceLanguagesA
GetExpandedNameA
GetWriteWatch
GlobalMemoryStatus
QueryProcessCycleTime
Wow64DisableWow64FsRedirection
Wow64SetThreadContext

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

clusapi

CloseClusterGroup
ClusterGroupCloseEnum
CreateClusterResourceType
GetClusterQuorumResource
GetClusterResourceNetworkName
OnlineClusterGroup

crypt32

CertEnumCRLsInStore
CertGetIntendedKeyUsage
CertGetValidUsages
CertRemoveEnhancedKeyUsageIdentifier
CertVerifyRevocation
CryptExportPublicKeyInfoFromBCryptKeyHandle
CryptHashCertificate2
CryptUnregisterOIDInfo

msdrm

DRMCloseSession
DRMDeleteLicense
DRMDuplicatePubHandle
DRMGetBoundLicenseAttributeCount
DRMGetUsagePolicy
DRMGetUserRights
DRMSetIntervalTime
DRMSetNameAndDescription
DRMSetUsagePolicy

powrprof

DevicePowerEnumDevices
DevicePowerSetDeviceState
GetCurrentPowerPolicies
PowerCreatePossibleSetting
PowerReadACValue
PowerWriteSettingAttributes
ReadGlobalPwrPolicy

qwave

QOSAddSocketToFlow
QOSCancel
QOSCloseHandle
QOSCreateHandle
QOSNotifyFlow
QOSRemoveSocketFromFlow
QOSStartTrackingClient
QOSStopTrackingClient

rasapi32

RasConnectionNotificationW
RasGetAutodialParamW
RasGetCountryInfoA
RasGetErrorStringW
RasGetSubEntryPropertiesA
RasSetEntryPropertiesW
RasSetSubEntryPropertiesW

secur32

ChangeAccountPasswordA
DeleteSecurityPackageA
GetUserNameExA
LsaEnumerateLogonSessions
LsaRegisterPolicyChangeNotification
QuerySecurityPackageInfoW
SspiLocalFree
VerifySignature

slc

SLGetApplicationInformation
SLGetLicenseFileId
SLGetPKeyId
SLGetSLIDList
SLGetWindowsInformation
SLInstallLicense
SLRegisterEvent
SLSetGenuineInformation
SLUnregisterEvent

tdh

TdhEnumerateProviderFilters
TdhEnumerateProviders
TdhFormatProperty
TdhGetEventInformation
TdhGetEventMapInformation
TdhGetProperty
TdhGetPropertySize
TdhLoadManifest
TdhUnloadManifest

user32

DdeImpersonateClient
GetClassInfoExA
GetScrollRange
GetSysColor
IsHungAppWindow
MonitorFromRect
SendDlgItemMessageA

userenv

CreateEnvironmentBlock
GetAppliedGPOListA
GetGPOListA
GetProfilesDirectoryW
LeaveCriticalPolicySection
LoadUserProfileA
ProcessGroupPolicyCompleted
RsopSetPolicySettingStatus

Exports

Exports

boODtMeaqOBVgETx

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 184B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64/CIEXYZ.pf
amd64/GRAY.pf
amd64/LINEAR_RGB.pf
amd64/PYCC.pf
amd64/accessibility.properties
amd64/calendars.properties
amd64/charsets.jar
.jar
amd64/classlist
amd64/cmm/CIEXYZ.pf
amd64/cmm/GRAY.pf
amd64/cmm/LINEAR_RGB.pf
amd64/cmm/PYCC.pf
amd64/cmm/accessibility.properties
amd64/cmm/calendars.properties
amd64/cmm/charsets.jar
.jar
amd64/cmm/classlist
amd64/cmm/content-types.properties
amd64/cmm/currency.data
amd64/cmm/deploy.jar
.jar
amd64/cmm/flavormap.properties
amd64/cmm/javaws.jar
.jar
amd64/cmm/jsse.jar
.jar
amd64/cmm/plugin.jar
.jar
amd64/cmm/sRGB.pf
amd64/content-types.properties
amd64/currency.data
amd64/deploy.jar
.jar
amd64/flavormap.properties
amd64/javaws.jar
.jar
amd64/jsse.jar
.jar
amd64/jvm.cfg
amd64/plugin.jar
.jar
amd64/sRGB.pf

Sharing

General

Malware Config

Signatures

Files

Password: 7878

c03f799a1deba8703e16bcee46983d74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

clusapi

crypt32

msdrm

powrprof

qwave

rasapi32

secur32

slc

tdh

user32

userenv

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 611KB - Virtual size: 611KB

.rdata Size: 1KB - Virtual size: 1KB

.eh_fram Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 184B

.edata Size: 512B - Virtual size: 82B

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1024B - Virtual size: 576B

Password: 7878

c03f799a1deba8703e16bcee46983d74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

clusapi

crypt32

msdrm

powrprof

qwave

rasapi32

secur32

slc

tdh

user32

userenv

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 611KB - Virtual size: 611KB

.rdata Size: 1KB - Virtual size: 1KB

.eh_fram Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 184B

.edata Size: 512B - Virtual size: 82B

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1024B - Virtual size: 576B

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 611KB - Virtual size: 611KB

.rdata
Size: 1KB - Virtual size: 1KB

.eh_fram
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 184B

.edata
Size: 512B - Virtual size: 82B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 576B

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 611KB - Virtual size: 611KB

.rdata
Size: 1KB - Virtual size: 1KB

.eh_fram
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 184B

.edata
Size: 512B - Virtual size: 82B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 576B