3bdc2fcfb555d4f239a6130629d14ceb4ef9d1e25389324a0735193ebedbbb30

Sharing

Copy URL

Twitter E-mail

General

Target

3bdc2fcfb555d4f239a6130629d14ceb4ef9d1e25389324a0735193ebedbbb30
Size

3.2MB
MD5

ea950f3b862fcb6135f54a889e0b1c53
SHA1

e8480e46b9589c3530d70ea6705896c3af81b10c
SHA256

3bdc2fcfb555d4f239a6130629d14ceb4ef9d1e25389324a0735193ebedbbb30
SHA512

2c50f4c33a4e34ff486481c91563b27486a753d3a2ad6f6710cd306592ee64e6d1d781217ff9cb0a712fa06cd5356312a2d3b2d26a06cb43250a0c67c34479ce
SSDEEP

49152:CJ3WJSz29zOsTTwx8Kytfu+j8pmmEGnZfjsPqBvo1fjsPqBv86RHT4FjXRE:vJSIzOkwh+jMmSZfjsUvkfjsUv8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bdc2fcfb555d4f239a6130629d14ceb4ef9d1e25389324a0735193ebedbbb30

Files

3bdc2fcfb555d4f239a6130629d14ceb4ef9d1e25389324a0735193ebedbbb30
.exe windows:6 windows x86 arch:x86

e2b4c2ba87d2e4b570da6bceb342faba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\gitlab-runner-kk\builds\Np7xVCyL\0\cli\onlineinstaller\Build\bin\Release\Onlineinstaller.pdb

Imports

libcrypto-1_1

ENGINE_by_id
ENGINE_get_next
ENGINE_get_first
UI_set_result
UI_get_input_flags
UI_get_string_type
UI_method_get_closer
UI_method_get_reader
UI_method_get_writer
UI_method_get_opener
UI_method_set_closer
UI_method_set_reader
UI_method_set_writer
UI_method_set_opener
UI_destroy_method
UI_create_method
UI_OpenSSL
UI_get0_user_data
OCSP_basic_verify
OCSP_crl_reason_str
OCSP_cert_status_str
OCSP_response_status_str
OCSP_CERTID_free
d2i_OCSP_RESPONSE
OCSP_RESPONSE_free
OCSP_BASICRESP_free
OCSP_check_validity
OCSP_resp_find_status
OCSP_response_get1_basic
OCSP_response_status
OCSP_cert_to_id
d2i_PKCS12_bio
PKCS12_parse
PKCS12_PBE_add
PKCS12_free
ERR_error_string_n
ERR_clear_error
ERR_peek_last_error
ERR_peek_error
ERR_get_error
X509_check_issued
X509V3_EXT_print
GENERAL_NAMES_free
RAND_status
RAND_bytes
PEM_read_bio_PrivateKey
PEM_read_bio_X509_AUX
PEM_write_bio_X509
PEM_read_bio_X509
PEM_X509_INFO_read_bio
X509_PUBKEY_get0_param
X509_EXTENSION_get_data
X509_EXTENSION_get_object
X509_get_ext_d2i
X509_NAME_ENTRY_get_data
X509_NAME_get_entry
X509_NAME_get_index_by_NID
X509_NAME_print_ex
X509_get_pubkey
X509_get0_extensions
X509_get_X509_PUBKEY
X509_get0_notAfter
X509_get0_notBefore
X509_get_subject_name
X509_get_issuer_name
X509_get_serialNumber
X509_get_version
X509_INFO_free
X509_get0_signature
d2i_X509
X509_free
ENGINE_ctrl_cmd
d2i_PrivateKey_bio
d2i_X509_bio
X509_verify_cert_error_string
X509_STORE_load_locations
X509_load_crl_file
X509_STORE_add_crl
X509_STORE_add_cert
X509_LOOKUP_file
X509_STORE_add_lookup
X509_STORE_set_flags
X509_STORE_up_ref
X509_STORE_free
DSA_get0_key
DSA_get0_pqg
DH_get0_key
DH_get0_pqg
RSA_flags
RSA_free
RSA_get0_key
EVP_PKEY_copy_parameters
EVP_PKEY_free
EVP_PKEY_get0_DH
EVP_PKEY_get0_DSA
EVP_PKEY_get1_RSA
EVP_PKEY_get0_RSA
EVP_PKEY_id
EVP_sha256
EVP_sha1
EVP_DigestInit
EVP_DigestFinal_ex
EVP_DigestUpdate
EVP_MD_CTX_free
EVP_MD_CTX_new
ASN1_STRING_print
ASN1_TIME_print
ASN1_STRING_to_UTF8
i2t_ASN1_OBJECT
i2a_ASN1_OBJECT
ASN1_STRING_get0_data
ASN1_STRING_type
ASN1_STRING_length
BN_print
BN_num_bits
BIO_meth_set_destroy
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_read
BIO_meth_set_write
BIO_meth_free
BIO_meth_new
BIO_printf
BIO_new_mem_buf
BIO_s_mem
BIO_ctrl
BIO_puts
BIO_get_shutdown
BIO_set_shutdown
BIO_set_init
BIO_get_data
BIO_set_data
BIO_free
BIO_new
BIO_s_file
BIO_clear_flags
BIO_set_flags
CRYPTO_free
CRYPTO_malloc
OpenSSL_version_num
OPENSSL_sk_pop
OPENSSL_sk_pop_free
OPENSSL_sk_value
OPENSSL_sk_num
ENGINE_ctrl
ENGINE_free
ENGINE_get_id
ENGINE_init
ENGINE_finish
ENGINE_load_private_key
ENGINE_set_default
DES_ecb_encrypt
DES_set_odd_parity
DES_set_key_unchecked
EVP_DigestInit_ex
MD4_Init
MD4_Update
MD5_Init
i2d_X509_PUBKEY
MD5_Final
MD5_Update
MD4_Final

kernel32

lstrlenA
ExitProcess
GlobalFree
GlobalAlloc
QueryPerformanceFrequency
AssignProcessToJobObject
CreateJobObjectW
CreateProcessW
TerminateProcess
WaitForSingleObject
CreatePipe
CloseHandle
OutputDebugStringW
OutputDebugStringA
GetTickCount64
GetCurrentProcess
SetLastError
GetLastError
LocalFree
MoveFileExW
VirtualQuery
GetSystemTime
DeviceIoControl
GetVolumeInformationW
SetEvent
QueryPerformanceCounter
SetFileTime
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileSizeEx
ReadFile
CreateThread
FindNextFileW
FindClose
DeleteFileW
CreateDirectoryW
CreateEventW
GetCurrentThreadId
GetCommandLineW
CreateMutexW
SetCurrentDirectoryW
GetLocalTime
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
FreeLibrary
GetDiskFreeSpaceExW
GetTickCount
GetExitCodeProcess
GetSystemInfo
Sleep
SystemTimeToFileTime
GetFileAttributesW
SetFileValidData
SetFilePointerEx
SetEndOfFile
CreateFileW
WriteFile
SetInformationJobObject
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoEx
LCMapStringEx
GetCPInfo
CompareStringEx
EncodePointer
GetStringTypeW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetExitCodeThread
TryEnterCriticalSection
InitializeSRWLock
GetFileInformationByHandleEx
AreFileApisANSI
GetTempPathW
SetFileInformationByHandle
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetCurrentDirectoryW
FormatMessageA
VerifyVersionInfoW
VerSetConditionMask
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
GetSystemTimeAsFileTime
CompareFileTime
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ResetEvent
FindResourceExW
GetModuleHandleW
GetNativeSystemInfo
TerminateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDefaultLCID
GetSystemPowerStatus
GetModuleFileNameW
GetCurrentProcessId

ntunisdkorbit

?getDLInst@INtUniSdkDownloadInterface@NtUniSDKOrbit@@SAPAV12@XZ
??0INtUniSdkDownloadListener@NtUniSDKOrbit@@QAE@XZ

user32

PostMessageW
GetWindowRect
ReleaseDC
GetSysColor
GetSystemMetrics
GetForegroundWindow
GetWindowThreadProcessId
GetDC

advapi32

RegEnumKeyExW
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
CoCreateGuid

shlwapi

SHSetValueW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

winhttp

WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpReadData
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpSendRequest
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryHeaders

bcrypt

BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptImportKey
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDuplicateHash
BCryptDestroyHash
BCryptGenRandom
BCryptOpenAlgorithmProvider

crypt32

CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore

libssl-1_1

SSL_get_ex_data
SSL_set_ex_data
SSL_get_verify_result
SSL_get_shutdown
SSL_get_privatekey
SSL_get_certificate
SSL_set_connect_state
SSL_CTX_add_client_CA
SSL_alert_desc_string_long
SSL_CTX_set_post_handshake_auth
SSL_shutdown
TLS_client_method
SSL_get_version
SSL_get_error
SSL_CTX_ctrl
SSL_ctrl
SSL_write
SSL_read
SSL_connect
SSL_free
SSL_new
SSL_CTX_check_private_key
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_passwd_cb
SSL_CTX_use_certificate
SSL_CTX_use_PrivateKey
SSL_CTX_set_verify
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_set_session
SSL_SESSION_free
SSL_CTX_use_certificate_file
SSL_CTX_use_PrivateKey_file
SSL_CTX_set_ciphersuites
SSL_set_bio
SSL_pending
SSL_CIPHER_get_name
SSL_get_current_cipher
SSL_CTX_set_cert_store
SSL_CTX_get_cert_store
SSL_CTX_free
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_set_keylog_callback
SSL_get0_alpn_selected
SSL_CTX_set_alpn_protos
SSL_CTX_sess_set_new_cb
SSL_CTX_set_msg_callback
SSL_CTX_set_options
OPENSSL_init_ssl
SSL_CTX_use_certificate_chain_file

ws2_32

accept
__WSAFDIsSet
WSAIoctl
setsockopt
WSASetLastError
ntohs
WSAGetLastError
WSAWaitForMultipleEvents
getpeername
sendto
recvfrom
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockopt
inet_ntop
inet_pton
gethostname
gethostbyname
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
socket
listen
send
select
recv
inet_addr
htons
htonl
ioctlsocket
connect
bind
getsockname
closesocket

wldap32

ord41
ord50
ord60
ord211
ord46
ord217
ord143
ord22
ord26
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27

gdi32

ExtTextOutW
SetWinMetaFileBits
SetEnhMetaFileBits
PlayEnhMetaFile
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
DeleteEnhMetaFile
SetBkColor
SelectPalette
SelectObject
RealizePalette
GetDIBits
GetDeviceCaps
DeleteDC
CreatePalette
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2b4c2ba87d2e4b570da6bceb342faba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcrypto-1_1

kernel32

ntunisdkorbit

user32

advapi32

shell32

ole32

shlwapi

version

iphlpapi

winhttp

bcrypt

crypt32

libssl-1_1

ws2_32

wldap32

gdi32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 21KB - Virtual size: 32KB

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 61KB - Virtual size: 61KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 21KB - Virtual size: 32KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 61KB - Virtual size: 61KB