d091a892b0e1f757e8ef4d0c8367525ec118a4fdabe837b9006961faca90f7b6

Sharing

Copy URL

Twitter E-mail

General

Target

d091a892b0e1f757e8ef4d0c8367525ec118a4fdabe837b9006961faca90f7b6
Size

738KB
MD5

b7663ed53c0966c13421f71a7132bc50
SHA1

8c95a2fb52deb4a4b0e19029e377469f0b6aa2bc
SHA256

d091a892b0e1f757e8ef4d0c8367525ec118a4fdabe837b9006961faca90f7b6
SHA512

17bc4d589addab68cbec5bec3cf90eb85800ff4bbbb44c4a82170d7dd0093e8b3d179d284f06b5247383470ae49704a9fea65bea455fd466563e8ba828c08aed
SSDEEP

12288:h/Jm0On2dUX/jtKQPdUS1Dyex0wO2bEBWqsn0ak4Vf8N4XfMIiElTFDrhc/fr6Lv:1E2UX/jFOsn0xlilJ3u/cASJSfM7zjPV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d091a892b0e1f757e8ef4d0c8367525ec118a4fdabe837b9006961faca90f7b6

Files

d091a892b0e1f757e8ef4d0c8367525ec118a4fdabe837b9006961faca90f7b6
.exe windows:5 windows x86 arch:x86

f21dcd36ea5b95e57e4bb63a6f8d9690

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\devops\workspace\p-37d34ce895ed4865ac95061b653d796f\Misc\Setup3\build\Release\Uninstall.pdb

Imports

msi

ord70
ord195

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSACleanup
closesocket
gethostbyname
WSAStartup
inet_addr
send
socket
connect
inet_ntoa
recv
htons

kernel32

GetFullPathNameW
GetConsoleMode
GetConsoleCP
GetFileType
SetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
CreateDirectoryW
GetLongPathNameW
GetTempPathW
GetFileAttributesW
DeleteFileW
WaitForSingleObject
GetVersionExW
Sleep
GetLastError
GetProcAddress
GetModuleHandleW
RemoveDirectoryW
MoveFileExW
GetTickCount
MoveFileW
CreateMutexW
LoadLibraryW
WideCharToMultiByte
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
GetCurrentProcessId
CreateProcessW
lstrcmpiW
GetExitCodeProcess
TerminateProcess
MultiByteToWideChar
SizeofResource
FindFirstFileW
WriteFile
FindClose
CreateFileW
LoadResource
FindResourceW
InterlockedExchangeAdd
SetUnhandledExceptionFilter
ReadFile
GetCurrentProcess
GetStdHandle
AssignProcessToJobObject
ResumeThread
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CreateEventW
InterlockedCompareExchange
GetNativeSystemInfo
SetLastError
OutputDebugStringA
GetModuleFileNameW
SetFilePointer
ReleaseMutex
GetACP
FindNextFileW
GetFileAttributesExW
GetCurrentDirectoryW
CopyFileW
GetCommandLineW
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
IsDebuggerPresent
HeapSize
RaiseException
CreateThread
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetSystemDirectoryW
GetWindowsDirectoryW
SetEvent
InterlockedIncrement
ExitProcess
FreeResource
LockResource
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
SwitchToThread
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
HeapFree
GetTimeZoneInformation
WriteConsoleW
GetDriveTypeW
ReadConsoleW
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
GetCurrentThreadId

user32

DefWindowProcW
PostQuitMessage
KillTimer
TranslateMessage
MessageBoxW
PostMessageW
DestroyWindow
CallMsgFilterW
GetQueueStatus
DispatchMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
CreateWindowExW
UnregisterClassW
WaitMessage
RegisterClassExW
SetTimer

advapi32

RegCreateKeyExW
RegEnumValueW
CreateProcessAsUserW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyW
DeleteService
ControlService
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
OpenServiceW

shell32

CommandLineToArgvW
SHChangeNotify
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateInstance
CoInitializeEx
StringFromCLSID
CLSIDFromProgID
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shlwapi

wnsprintfW
SHDeleteKeyW
PathCanonicalizeW
PathStripToRootW

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

Sections

.text
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f21dcd36ea5b95e57e4bb63a6f8d9690

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

psapi

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

userenv

shlwapi

winmm

Sections

.text Size: 469KB - Virtual size: 469KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 94KB - Virtual size: 96KB

.text
Size: 469KB - Virtual size: 469KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 94KB - Virtual size: 96KB