postinstall[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

postinstall.7z
Size

15KB
MD5

8fb1389dff0c57b1b07a4d68649033b6
SHA1

d9063c6d3179a032465983fdf1ea350e83d92f2b
SHA256

34404f0bad0a2b060af45d8433dee0641f488f632c05e27c5cda01b98a77a890
SHA512

804411046c58cdfb1083cd6f0cc3d495dba12f958e5168c8f680dc6cd2477adabd0073e2d8fb376453f412e102a2bb828d4cd85a4297a34a3c46f1b54ccbc99e
SSDEEP

384:7UWPCFDFAG2sJBIHQYIp/pT8h5wrVDlt9+Cb3j1txn:7HPsz2skHUp/JVDtTbBX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/postinstall.exe

Files

postinstall.7z
.7z
exetobat.bat
.bat .vbs
postinstall.exe
.exe windows:6 windows x64 arch:x64

183b4d24b54db7ed7e2371f93e4ed3a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\010100\source\repos\postinstall\x64\Release\postinstall.pdb

Imports

kernel32

SetConsoleTitleA
Sleep
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext
GetModuleHandleW

msvcp140

?good@ios_base@std@@QEBA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler
memcpy
__std_terminate
__std_exception_destroy
memset
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_c_exit
_cexit
_exit
exit
_initterm_e
_initterm
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_set_app_type
_seh_filter_exe
__p___argc
terminate
_invalid_parameter_noinfo_noreturn
system

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

183b4d24b54db7ed7e2371f93e4ed3a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 612B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 96B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 612B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 96B