add5b18b4e5bdfd8511106fa270994f04109f8b54d64f54c42400ce3da5ee93c

Sharing

Copy URL

Twitter E-mail

General

Target

add5b18b4e5bdfd8511106fa270994f04109f8b54d64f54c42400ce3da5ee93c
Size

1002KB
MD5

01e6a564f18ef20f875ef2c07cd49585
SHA1

f0cd04c4dc61510c5adebb6bb33e974b2f3b652a
SHA256

add5b18b4e5bdfd8511106fa270994f04109f8b54d64f54c42400ce3da5ee93c
SHA512

d39fa5be06cc29b179c6a15687a1c7739859c8dd14a12768bf46d0dbc4f1a62948f12ddcaa7c40597192a9073a52515a0698bfe2c71227eb032794d55d103326
SSDEEP

12288:nhVbfXXeyXhgPX2zblEOGSEzUvzblE4wEQRUSEcfv44IdmIKcp2l:hVbvrXOv2+OP+ac34zp2l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
add5b18b4e5bdfd8511106fa270994f04109f8b54d64f54c42400ce3da5ee93c

Files

add5b18b4e5bdfd8511106fa270994f04109f8b54d64f54c42400ce3da5ee93c
.exe windows:4 windows x86 arch:x86

bcaffb3910b8faa8d640e5fd61d71400

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ccviews\autobuild1_br-1012-04yj_9.2.0_snapshot\workingdirectory1\chpinstalleriif\1.1.35\installer\chipset\release\Setup.pdb

Imports

setupapi

SetupGetLineTextW
SetupFindNextLine
SetupCloseInfFile
SetupFindFirstLineW
SetupOpenInfFileW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetINFClassW
SetupDiGetDeviceRegistryPropertyW
SetupCopyOEMInfW
SetupGetStringFieldW

shlwapi

PathRelativePathToW
PathAppendW
PathRemoveArgsW
PathStripPathW
PathFindFileNameW

kernel32

SizeofResource
FindResourceW
SetEvent
CreateEventW
CreateThread
VerifyVersionInfoW
VerSetConditionMask
FindNextFileW
FindClose
FindFirstFileW
GetLocalTime
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetVersionExW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesW
WriteFile
CreateFileA
GetModuleFileNameA
GetModuleFileNameW
GetWindowsDirectoryW
MoveFileExW
DeleteFileW
SetFileAttributesW
Sleep
LoadResource
GetCommandLineW
CreateProcessW
GetLocaleInfoW
SetFilePointer
GetExitCodeProcess
ConvertDefaultLocale
GetSystemDefaultLangID
EnumResourceLanguagesW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
HeapSize
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
LockResource
MultiByteToWideChar
CreateFileW
GetFileSize
ReadFile
WaitForSingleObject
CloseHandle
SetLastError
CopyFileW
GetLastError
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
ExitProcess
GetStartupInfoW
GetProcessHeap
GetVersionExA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
RaiseException
LocalAlloc
InterlockedExchange
LoadLibraryA

user32

MapDialogRect
LoadImageW
DialogBoxParamW
LoadIconW
SendDlgItemMessageW
EnableWindow
SetDlgItemTextW
SetWindowTextW
SetFocus
SetWindowPos
GetDlgItem
SendMessageW
ShowWindow
SetTimer
PostMessageW
ReleaseDC
GetDC
ExitWindowsEx
GetWindowThreadProcessId
GetWindowModuleFileNameW
EnumWindows
MessageBoxW
LoadStringW
wsprintfW
EndDialog
KillTimer

gdi32

GetTextExtentPoint32W
SetTextColor
SetBkMode
GetStockObject
GetObjectW
CreateFontIndirectW
DeleteObject
CreateFontW
SelectObject

advapi32

IsTextUnicode
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegQueryValueExW
CreateServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceW
QueryServiceStatus
QueryServiceConfigW
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW

ole32

OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance

psapi

EnumProcessModules
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bcaffb3910b8faa8d640e5fd61d71400

Headers

File Characteristics

PDB Paths

Imports

setupapi

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

psapi

version

Sections

.text Size: 300KB - Virtual size: 298KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 628KB - Virtual size: 628KB

.text
Size: 300KB - Virtual size: 298KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 628KB - Virtual size: 628KB