Cryptic Installer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Cryptic Installer.exe
Size

12.1MB
MD5

26115ce9c0aa825be82c500004825308
SHA1

0883c65e4c063b61647865d58cd3a3d46324365b
SHA256

909fdfeef66f20a0ce6275b334f8eec552f50222c0acb9f759f01a2c8c418d4b
SHA512

1368efd81bd46c02703e39008b19635ebd3c9ea98b32d7ac3b90f11b09c286d9b45511dd1aee3e9f6998ee7ecb7f81c9f2cdb9ccea142cf09cdc6ebbaa5882d4
SSDEEP

98304:b1FLZ04/tavoCAifjWKqgpvlYFDU2f8u06rA7BxMooQlititz12d:XT/taACAiCWvlYr8u0JrgQli6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Cryptic Installer.exe

Files

Cryptic Installer.exe
.exe windows:6 windows x64 arch:x64

0209e0c4cf97dd745fd681fbc88dfda8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cryptic_installer.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

ReleaseSRWLockExclusive
DeleteCriticalSection
LCIDToLocaleName
RaiseException
LoadLibraryA
lstrlenW
GetUserDefaultUILanguage
SleepConditionVariableSRW
GetSystemTimeAsFileTime
RtlPcToFileHeader
InitializeSListHead
LoadLibraryW
IsDebuggerPresent
GetProcAddress
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
EncodePointer
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
CreateThread
WideCharToMultiByte
WriteConsoleW
MultiByteToWideChar
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetModuleHandleW
GetFullPathNameW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
AcquireSRWLockExclusive
TlsAlloc
ExitProcess
SetEnvironmentVariableW
CancelIo
GetFinalPathNameByHandleW
DeviceIoControl
DeleteFileW
GetFileAttributesW
CreateFileW
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameW
GetLastError
GetProcessHeap
HeapFree
TlsGetValue
TlsSetValue
CloseHandle
GetCurrentThreadId
LoadLibraryExW
FreeLibrary
GetEnvironmentVariableW
FindFirstFileExW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
QueryPerformanceFrequency
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
DuplicateHandle
GetSystemDirectoryW
GetCurrentProcess
WakeAllConditionVariable
SetFileInformationByHandle
GetCommandLineW
TlsFree
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
SetHandleInformation
RtlCaptureContext
GetSystemInfo
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
PostQueuedCompletionStatus
GetModuleHandleA
Sleep
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetConsoleMode
ReadFile
GetOverlappedResult
SetFileCompletionNotificationModes
GetFileInformationByHandle
FormatMessageW
LoadLibraryExA
CreateEventW
WaitForSingleObject
RtlUnwindEx
HeapAlloc

ole32

CoUninitialize
CoTaskMemAlloc
RegisterDragDrop
CoInitializeEx
RevokeDragDrop
OleInitialize
CoTaskMemFree
CoInitialize
CoCreateInstance

shell32

DragFinish
SHOpenFolderAndSelectItems
SHAppBarMessage
ILFree
ShellExecuteExW
DragQueryFileW
SHGetKnownFolderPath
ILCreateFromPathW

user32

AdjustWindowRectEx
CreatePopupMenu
CreateMenu
AppendMenuW
DestroyMenu
RemoveMenu
GetMenuItemInfoW
DrawMenuBar
SetMenu
SetMenuItemInfoW
CheckMenuItem
ToUnicodeEx
GetKeyboardLayout
GetRawInputData
CreateIcon
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
DrawIconEx
GetKeyboardState
IsWindow
SendInput
DestroyAcceleratorTable
TrackPopupMenu
PostQuitMessage
GetWindowTextLengthW
SetWindowTextW
DestroyIcon
SetWindowDisplayAffinity
SetWindowLongW
EnableMenuItem
GetSystemMenu
MonitorFromPoint
EnumDisplayMonitors
SystemParametersInfoA
SetPropW
IsWindowVisible
ClipCursor
GetClipCursor
ShowCursor
GetMenu
DispatchMessageA
GetMenuBarInfo
CreateAcceleratorTableW
GetSystemMetrics
SystemParametersInfoW
SetForegroundWindow
ReleaseCapture
SetCapture
SetWindowLongPtrW
OffsetRect
RegisterTouchWindow
MsgWaitForMultipleObjectsEx
GetWindowDC
RegisterRawInputDevices
DrawTextW
TranslateMessage
GetMessageA
PostMessageW
InsertMenuW
DestroyWindow
IsProcessDPIAware
SetParent
MapWindowPoints
RegisterWindowMessageA
ShowWindow
ReleaseDC
GetDC
GetWindowLongPtrW
GetParent
SetWindowRgn
FindWindowExW
IsWindowEnabled
EnableWindow
GetForegroundWindow
GetActiveWindow
UpdateWindow
InvalidateRect
SetCursorPos
InvalidateRgn
GetWindowRect
ClientToScreen
IsIconic
EnumChildWindows
SetWindowPos
CreateWindowExW
TranslateAcceleratorW
GetClientRect
RegisterClassExW
RedrawWindow
AdjustWindowRect
SendMessageW
GetUpdateRect
ValidateRect
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
FillRect
CloseTouchInputHandle
GetTouchInputInfo
TrackMouseEvent
GetWindowTextW
MonitorFromRect
GetWindowLongW
ScreenToClient
SetCursor
LoadCursorW
GetWindowPlacement
SetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
PostThreadMessageW
DispatchMessageW
GetMessageW
MapVirtualKeyW

comctl32

TaskDialogIndirect
SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

shlwapi

SHCreateMemStream

gdi32

SetBkMode
CreateSolidBrush
CreateCompatibleDC
CreateRectRgn
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateDIBSection
BitBlt
CombineRgn
SetTextColor

dwmapi

DwmSetWindowAttribute
DwmEnableBlurBehindWindow
DwmGetWindowAttribute

advapi32

SystemFunction036
RegQueryValueExW
RegGetValueW
RegCloseKey
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegOpenKeyExW

secur32

DeleteSecurityContext
FreeContextBuffer
QueryContextAttributesW
AcquireCredentialsHandleA
ApplyControlToken
AcceptSecurityContext
DecryptMessage
FreeCredentialsHandle
InitializeSecurityContextW
EncryptMessage

ws2_32

getaddrinfo
freeaddrinfo
getsockopt
getpeername
getsockname
closesocket
WSASocketW
bind
connect
ioctlsocket
shutdown
recv
send
WSASend
setsockopt
WSAIoctl
WSACleanup
WSAStartup
WSAGetLastError

crypt32

CertDuplicateStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
RtlGetVersion
NtReadFile
NtCreateFile

oleaut32

SysFreeString
GetErrorInfo
SetErrorInfo
SysStringLen

api-ms-win-crt-math-l1-1-0

pow
trunc
floor
__setusermatherr
round

api-ms-win-crt-string-l1-1-0

wcsncmp
strlen
_wcsicmp
strcpy_s
wcslen
wcscmp

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
calloc
free

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_get_initial_narrow_environment
_initterm
_initterm_e
_set_app_type
_exit
__p___argc
__p___argv
_cexit
abort
_seh_filter_exe
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_c_exit
exit
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback

api-ms-win-crt-convert-l1-1-0

wcstol
_wtoi
_ultow_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0209e0c4cf97dd745fd681fbc88dfda8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

ole32

shell32

user32

comctl32

shlwapi

gdi32

dwmapi

advapi32

secur32

ws2_32

crypt32

bcrypt

ntdll

oleaut32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8.2MB - Virtual size: 8.2MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 17KB - Virtual size: 28KB

.pdata Size: 470KB - Virtual size: 470KB

.rsrc Size: 173KB - Virtual size: 172KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 8.2MB - Virtual size: 8.2MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 17KB - Virtual size: 28KB

.pdata
Size: 470KB - Virtual size: 470KB

.rsrc
Size: 173KB - Virtual size: 172KB

.reloc
Size: 33KB - Virtual size: 33KB