VLDwzUQxINqRaXnv
Static task
static1
Behavioral task
behavioral1
Sample
InsstallingFileX64.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
InsstallingFileX64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
hgr86x.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
hgr86x.dll
Resource
win10v2004-20241007-en
General
-
Target
edb06363f2f9c31efa5019478e0b90246293ea89480123398fe914b180edf4a8.zip
-
Size
450KB
-
MD5
e5f2ec0907c102aa4e2c2b5473708294
-
SHA1
50215094e82901e07cc89a42d405aa8f06996043
-
SHA256
edb06363f2f9c31efa5019478e0b90246293ea89480123398fe914b180edf4a8
-
SHA512
75b97973d8e1798d32347186cee66b6a874e189334a5cbf3792c0de5c058d3a77f984903b08721127181baaca00e8fbfba11667e025cc895ecf2d7586d0fac27
-
SSDEEP
6144:3M3nR/2hbXQVi0sVFjKML27pPVkljk10plqxoiMVQsHsxjldgMZSJx89:3MXd2hbXQViNgptoTTnMxJJw6
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/InsstallingFileX64.exe unpack001/hgr86x.dll
Files
-
edb06363f2f9c31efa5019478e0b90246293ea89480123398fe914b180edf4a8.zip.zip
-
InsstallingFileX64.exe.exe windows:4 windows x86 arch:x86
935b3ce0fd0a139e10de41569bc3e70c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalAlloc
GlobalFlags
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
CopyFileTransactedA
EnumResourceLanguagesExA
GetCPInfoExA
GetDateFormatA
GetProfileIntW
IsSystemResumeAutomatic
SetHandleInformation
SetNamedPipeHandleState
msvcrt
__getmainargs
__initenv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_initterm
_iob
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf
activeds
ADsBuildEnumerator
ADsGetObject
AllocADsMem
AllocADsStr
FreeADsMem
FreeADsStr
SecurityDescriptorToBinarySD
evr
MFConvertColorInfoFromDXVA
MFConvertToFP16Array
MFCreateVideoMediaType
MFCreateVideoMediaTypeFromSubtype
MFCreateVideoMediaTypeFromVideoInfoHeader2
MFGetStrideForBitmapInfoHeader
magnification
MagGetImageScalingCallback
MagGetWindowFilterList
MagGetWindowSource
MagSetWindowSource
MagSetWindowTransform
MagUninitialize
mpr
WNetAddConnectionA
WNetCancelConnection2W
WNetCloseEnum
WNetDisconnectDialog
WNetGetProviderNameA
WNetGetResourceInformationW
WNetGetUniversalNameW
ncrypt
BCryptHashData
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptQueryContextFunctionConfiguration
BCryptSetProperty
NCryptFinalizeKey
NCryptVerifySignature
ntdsapi
DsFreeNameResultA
DsMakePasswordCredentialsA
DsRemoveDsDomainA
DsReplicaAddW
DsReplicaDelA
DsReplicaSyncAllW
ole32
CoFileTimeToDosDateTime
CoGetApartmentType
NdrProxyForwardingFunction21
OleCreateMenuDescriptor
OleLoadFromStream
StgConvertPropertyToVariant
StringFromIID
WriteClassStg
qwave
QOSCreateHandle
QOSNotifyFlow
QOSRemoveSocketFromFlow
QOSSetFlow
QOSStartTrackingClient
QOSStopTrackingClient
secur32
GetUserNameExA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
SspiPrepareForCredRead
SspiValidateAuthIdentity
TranslateNameA
setupapi
CM_Request_Device_EjectW
SetupDiChangeState
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiOpenDeviceInterfaceRegKey
SetupDiSetDriverInstallParamsA
SetupDuplicateDiskSpaceListA
SetupGetStringFieldW
snmpapi
SnmpUtilAsnAnyCpy
SnmpUtilIdsToA
SnmpUtilMemReAlloc
SnmpUtilOidAppend
SnmpUtilOidFree
SnmpUtilPrintAsnAny
SnmpUtilVarBindCpy
hgr86x
VLDwzUQxINqRaXnv
Sections
.text Size: 214KB - Virtual size: 213KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.eh_fram Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 188B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 50.0MB - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
hgr86x.dll.dll windows:4 windows x86 arch:x86
af2769bdc7382b34b3f097224a8a9204
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFlags
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
CopyFileTransactedA
EnumResourceLanguagesExA
GetCPInfoExA
GetDateFormatA
GetProfileIntW
IsSystemResumeAutomatic
SetHandleInformation
SetNamedPipeHandleState
msvcrt
_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf
activeds
ADsBuildEnumerator
ADsGetObject
AllocADsMem
AllocADsStr
FreeADsMem
FreeADsStr
SecurityDescriptorToBinarySD
evr
MFConvertColorInfoFromDXVA
MFConvertToFP16Array
MFCreateVideoMediaType
MFCreateVideoMediaTypeFromSubtype
MFCreateVideoMediaTypeFromVideoInfoHeader2
MFGetStrideForBitmapInfoHeader
magnification
MagGetImageScalingCallback
MagGetWindowFilterList
MagGetWindowSource
MagSetWindowSource
MagSetWindowTransform
MagUninitialize
mpr
WNetAddConnectionA
WNetCancelConnection2W
WNetCloseEnum
WNetDisconnectDialog
WNetGetProviderNameA
WNetGetResourceInformationW
WNetGetUniversalNameW
ncrypt
BCryptHashData
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptQueryContextFunctionConfiguration
BCryptSetProperty
NCryptFinalizeKey
NCryptVerifySignature
ntdsapi
DsFreeNameResultA
DsMakePasswordCredentialsA
DsRemoveDsDomainA
DsReplicaAddW
DsReplicaDelA
DsReplicaSyncAllW
ole32
CoFileTimeToDosDateTime
CoGetApartmentType
NdrProxyForwardingFunction21
OleCreateMenuDescriptor
OleLoadFromStream
StgConvertPropertyToVariant
StringFromIID
WriteClassStg
qwave
QOSCreateHandle
QOSNotifyFlow
QOSRemoveSocketFromFlow
QOSSetFlow
QOSStartTrackingClient
QOSStopTrackingClient
secur32
GetUserNameExA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
SspiPrepareForCredRead
SspiValidateAuthIdentity
TranslateNameA
setupapi
CM_Request_Device_EjectW
SetupDiChangeState
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiOpenDeviceInterfaceRegKey
SetupDiSetDriverInstallParamsA
SetupDuplicateDiskSpaceListA
SetupGetStringFieldW
snmpapi
SnmpUtilAsnAnyCpy
SnmpUtilIdsToA
SnmpUtilMemReAlloc
SnmpUtilOidAppend
SnmpUtilOidFree
SnmpUtilPrintAsnAny
SnmpUtilVarBindCpy
Exports
Exports
Sections
.text Size: 217KB - Virtual size: 216KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 822KB - Virtual size: 822KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.eh_fram Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 172B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 82B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 35.0MB - Virtual size: 552B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ