Static task
static1
Behavioral task
behavioral1
Sample
installer.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
installer.exe
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
installer.exe
Resource
win10v2004-20241007-en
General
-
Target
installer.exe
-
Size
18.7MB
-
MD5
9cd846ea50a04e3d926b8adbfdcb9dff
-
SHA1
1c2d7e2e672e8aa64853f8a2b6b0ff7e97117465
-
SHA256
156cc4ef32137f0f9a8df03c32c1b0b506c72355c08bbf6f8c07279a53a7922b
-
SHA512
1b60385c3df8a331f3824954532262d63c7218459e1d7241b37c652520510e68d300d620b31f74492942a705434c740f336c44482ddebc1c04db60e4b50a933f
-
SSDEEP
98304:eI0CniMX77777773773W/lcCjQI7wnHsv8pMCTzSAhmyhJONL+L8JCE8fh9mdJOW:Nii77777773773WICRPZQ2isH
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource installer.exe
Files
-
installer.exe.exe windows:4 windows x64 arch:x64
d80d616ef5ea296e830c9fee1fc61d50
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
GetUserNameW
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegQueryValueW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegSetValueW
RegUnLoadKeyW
dbghelp
MiniDumpWriteDump
StackWalk64
SymFromAddr
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
SymInitialize
gdi32
DeleteObject
Polygon
kernel32
AddVectoredContinueHandler
AreFileApisANSI
AssignProcessToJobObject
Beep
CloseHandle
CopyFileW
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateFileW
CreateJobObjectW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSymbolicLinkW
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DefineDosDeviceW
DeleteCriticalSection
DeleteFileW
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushConsoleInputBuffer
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GenerateConsoleCtrlEvent
GetACP
GetBinaryTypeW
GetCPInfo
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocalTime
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcAddress
GetProcessId
GetProcessTimes
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadTimes
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetVolumeInformationW
GetWindowsDirectoryW
GlobalMemoryStatusEx
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSetInformation
InitializeCriticalSection
IsDBCSLeadByteEx
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFileTimeToFileTime
LocalFree
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
Process32FirstW
Process32NextW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadFile
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredContinueHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SearchPathW
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleOutputCP
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileApisToANSI
SetFileApisToOEM
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetHandleInformation
SetInformationJobObject
SetLastError
SetLocalTime
SetSystemTime
SetSystemTimeAdjustment
SetUnhandledExceptionFilter
SetVolumeLabelW
Sleep
SystemTimeToFileTime
TerminateJobObject
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler
msvcrt
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_close
_chmod
_creat
_ctime64
_dup
_dup2
_environ
_errno
_fileno
_fmode
_fpreset
_fstat64
_get_osfhandle
_getpid
_initterm
_isatty
_isatty
_localtime64
_lock
_lseeki64
_mkdir
_onexit
_open_osfhandle
_pipe
_read
_read
_setmode
_strdup
_telli64
_time64
_timezone
_tzname
_tzset
_unlock
_umask
_utime64
_vsnwprintf
_wassert
_wcsdup
_wcsdup
_wfdopen
_unlink
_write
_write
_wsplitpath_s
_wstat
_wstat64
abort
acos
acosf
asin
asinf
atan
atanf
atof
atoi
bsearch
calloc
cos
cosf
cosh
coshf
exit
exp
expf
fclose
feof
fflush
fprintf
fputc
fputwc
fread
free
fseek
ftell
fwprintf
fwrite
getc
getenv
islower
isspace
isupper
ldexp
localeconv
log
logf
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
pow
powf
qsort
raise
realloc
setlocale
signal
sin
sinf
sinh
sinhf
sprintf
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
swprintf_s
tan
tanf
tanh
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsncmp
wcsnlen
shell32
CommandLineToArgvW
SHGetFolderPathW
user32
ChildWindowFromPoint
ChildWindowFromPointEx
ClipCursor
ExitWindowsEx
GetClipCursor
GetCursorPos
KillTimer
LoadAcceleratorsW
LoadCursorW
LoadIconW
MenuItemFromPoint
MessageBeep
MessageBoxA
MessageBoxW
SetCursorPos
SetTimer
winmm
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
ws2_32
WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket
Sections
.text Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 411KB - Virtual size: 410KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 380KB - Virtual size: 379KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 6KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
/4 Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/19 Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/31 Size: 125KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/45 Size: 359KB - Virtual size: 358KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/57 Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/70 Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/81 Size: 690KB - Virtual size: 689KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/92 Size: 126KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ