680b0ac4d34584e27339a9d6a1287417200fa7b1eac40e46efe0cac7588f0e1bN

Sharing

Copy URL Twitter E-mail

General

Target

680b0ac4d34584e27339a9d6a1287417200fa7b1eac40e46efe0cac7588f0e1bN
Size

57KB
MD5

a0a6420973df447e4ea455043172fb20
SHA1

788b3b338cc9baf79426cc5947b277bef4b8acca
SHA256

680b0ac4d34584e27339a9d6a1287417200fa7b1eac40e46efe0cac7588f0e1b
SHA512

3f4bae3fadc86eb7aeb9bbf98bec42c761317b255fc644f8ddbe90d0eb373e2bd7ed8871fce162f84b8d6e64f2716d384db9ff6e6c272649934d7fe28ff64178
SSDEEP

1536:cezeRNHtaFFZtABlSqdUPoWv6jXSc7LbwI7Gtc:yHQPQ8qdUP969nEIitc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/osuninst.dll

Files

680b0ac4d34584e27339a9d6a1287417200fa7b1eac40e46efe0cac7588f0e1bN
.cab
osuninst.dll
.dll regsvr32 windows:5 windows x86 arch:x86

e4a6396a61f68c2a54127f6164762bde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
FlushFileBuffers
CreateMutexA
lstrcpyA
lstrlenA
ReleaseMutex
WaitForMultipleObjects
RaiseException
InterlockedIncrement
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
GetThreadLocale
SetThreadLocale
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetCurrentDirectoryW
QueryPerformanceCounter
SystemTimeToFileTime
RemoveDirectoryW
GetLogicalDrives
FindFirstFileW
SetErrorMode
FindClose
GetDriveTypeW
GetFileSize
ReadFile
DeleteFileW
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
GetModuleHandleA
GetProcAddress
FreeLibrary
VerSetConditionMask
VerifyVersionInfoW
GetFileAttributesExW
FindNextFileW
GetSystemTime
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetLastError
LocalAlloc
LocalFree
GetFileAttributesW
SetFileAttributesW
CopyFileW
CreateThread
MulDiv
SetCurrentDirectoryW
SetFilePointer
lstrcpyW
lstrlenW
CreateFileW
WriteFile
CloseHandle
GetSystemDirectoryW
FormatMessageW
FormatMessageA
OutputDebugStringW
GetCurrentProcess
HeapFree
SetLastError
EnterCriticalSection
DeleteCriticalSection
GetProcessHeap
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryW
OutputDebugStringA
CreateFileA
lstrcpynA
LoadLibraryW
GetCommandLineA
GetVersionExA
HeapAlloc
ExitProcess
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
InterlockedExchange
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
GetLocaleInfoW
CreateEventA
SetEvent
SetStdHandle

ntdll

RtlUnwind

setupapi

SetupCloseInfFile

user32

DialogBoxParamW
EndDialog
SetDlgItemTextW
LoadCursorW
SetCursor
PostThreadMessageW
LoadStringW
GetWindowRect
CreateWindowExW
GetClientRect
SendMessageW
ShowWindow
MessageBoxA
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
wsprintfW
CharLowerW
UpdateWindow
ExitWindowsEx
GetDesktopWindow

gdi32

GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
DeleteDC
DeleteObject
CreateDCW

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges

shlwapi

SHDeleteValueW
SHDeleteKeyW

cabinet

ord20
ord22
ord23
ord21

ole32

CoInitialize
CoCreateInstance

psapi

GetModuleFileNameExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExecuteUninstall
GetUninstallImageSize
IsUninstallImageValid
ProvideUiAlerts
RemoveUninstallImage

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4a6396a61f68c2a54127f6164762bde

Headers

File Characteristics

Imports

kernel32

ntdll

setupapi

user32

gdi32

advapi32

shlwapi

cabinet

ole32

psapi

Exports

Exports

Sections

.text Size: 95KB - Virtual size: 94KB

.data Size: 5KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 95KB - Virtual size: 94KB

.data
Size: 5KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB