SecuriteInfo[.]com[.]Heuristic[.]HEUR[.]AGEN[.]1319832[.]32667[.]20795[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Heuristic.HEUR.AGEN.1319832.32667.20795.exe
Size

807KB
MD5

29cb0ce70d9d29c295e15e45a02ee917
SHA1

921c0e48aca42c7a8ad343c0254b36f546d57fcb
SHA256

ac571d65fba6e565be46469bc332b6a68b4443524d1647ed7f09d9f38eb70016
SHA512

e58264e4d5a17603888fa1600705f442a46188f6fb8e7e4de9fcec390e84a409bef71fff7846eb35b94667394229f47fe42f29a62d7365bb9e16053ccb446431
SSDEEP

12288:YLH5JxkkV+nmMgXASf3V5AQeBWp4wtxutKt+prPUEzhs/xg0nq1FADTdSEFgXl9/:YLH5JHbbVo0LtxutKeNuxgFCDj0B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Heuristic.HEUR.AGEN.1319832.32667.20795.exe

Files

SecuriteInfo.com.Heuristic.HEUR.AGEN.1319832.32667.20795.exe
.exe windows:6 windows x86 arch:x86

83e23ccde901fdd85cb2f7427f9dc4b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\danijel\Desktop\Development\Projects\Onova.Publisher\bin\Onova.Installer\Release\Win32\Onova.Installer.pdb

Imports

kernel32

SetEndOfFile
SetStdHandle
IsValidCodePage
GetExitCodeProcess
WaitForSingleObject
HeapReAlloc
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
HeapSize
WriteConsoleW
WideCharToMultiByte
LocalFree
CloseHandle
FormatMessageW
MultiByteToWideChar
CreateFileW
CreateProcessW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetLastError
GetEnvironmentVariableA
SetLastError
Sleep
MoveFileExA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
WaitForSingleObjectEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
DeviceIoControl
GetModuleHandleW
CopyFileW
GetFileInformationByHandleEx
CreateSymbolicLinkW
FormatMessageA
GetLocaleInfoEx
GetStringTypeW
RaiseException
TryAcquireSRWLockExclusive
GetCurrentThreadId
WakeAllConditionVariable
SleepConditionVariableSRW
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
ExitProcess
GetModuleFileNameW
GetCommandLineA
WriteFile

advapi32

CryptEncrypt
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptImportKey
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
CryptDestroyHash
CryptDestroyKey

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize

ws2_32

select
__WSAFDIsSet
freeaddrinfo
getaddrinfo
sendto
recvfrom
listen
accept
WSACleanup
WSAStartup
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htonl
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
ioctlsocket
gethostname
htons

crypt32

CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83e23ccde901fdd85cb2f7427f9dc4b7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

ws2_32

crypt32

Sections

.text Size: 644KB - Virtual size: 643KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 6KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 644KB - Virtual size: 643KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 6KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 26KB - Virtual size: 26KB