kirasetup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

kirasetup.exe
Size

3.3MB
MD5

35e41d1dc3e84b3eea60b9809199f3fa
SHA1

b8d2154bb56f0ad94effa5e8c57f4b51e345bf73
SHA256

dd3ee854f6f62c1c964b74dc71fce2da6d29bdf1b8320f5173b1bce54e7c3413
SHA512

a1cd7dc83a0304c46fdf0fe4855880f4d97a18fdef321674a4d00bade7afd8ea64530c55e1a9bd1e1ffce196ee7957f5227d42fdb9f33ecda8b8fae29d11c77a
SSDEEP

49152:gHBVPVP2ym8r2JdVTWRh1/6/R1I9AihZZ7WEqnXrtRI93iS5TChmqrjyBE3Hi8uy:iRAMBChm+jwE3HSOZssBs+H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
kirasetup.exe

Files

kirasetup.exe
.exe windows:5 windows x86 arch:x86

e921ba1f3321b61750d1ebb84a888fb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\x\code\epp3\Out\editplus32.pdb

Imports

user32

GetDlgCtrlID
LoadStringW
CreateAcceleratorTableW
CopyAcceleratorTableW
GetMenuItemInfoW
GetMessagePos
TranslateAcceleratorW
TranslateMDISysAccel
WindowFromPoint
DestroyAcceleratorTable
AdjustWindowRectEx
GetKeyboardLayout
keybd_event
UnpackDDElParam
IsWindowUnicode
ReuseDDElParam
GetWindowLongW
IsChild
SetLayeredWindowAttributes
GetMenuInfo
SetMenuInfo
SetParent
ModifyMenuW
SetMenuItemInfoW
GetMenuState
CreatePopupMenu
GetMenu
EnableMenuItem
CopyRect
InvertRect
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
OpenClipboard
LoadImageW
wsprintfW
IsCharUpperW
IsCharLowerW
IsWindowEnabled
GetActiveWindow
SetActiveWindow
GetSysColor
GetSysColorBrush
DrawTextW
FindWindowW
GetFocus
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
IsCharAlphaNumericW
CharUpperW
CheckMenuItem
AppendMenuW
GetTabbedTextExtentW
ClientToScreen
DialogBoxParamW
IsWindow
DestroyMenu
LoadMenuW
TrackPopupMenuEx
GetDlgItem
GetDesktopWindow
SetWindowLongW
SetForegroundWindow
DrawMenuBar
InsertMenuW
GetSubMenu
GetMenuItemID
GetMenuItemCount
LoadAcceleratorsW
MessageBeep
EndDialog
CallWindowProcW
SystemParametersInfoW
SetWindowPos
DdeUninitialize
DdeClientTransaction
DdeDisconnect
DdeCreateStringHandleW
DdeConnect
DdeFreeStringHandle
DdeInitializeW
GetWindow
SendDlgItemMessageA
SetWindowsHookExW
CallNextHookEx
GetClassNameW
SetPropW
GetDC
ReleaseDC
InvalidateRgn
GetCapture
KillTimer
SetTimer
RegisterWindowMessageW
GetKeyState
SetClipboardViewer
ChangeClipboardChain
IsWindowVisible
IsZoomed
IsIconic
IsClipboardFormatAvailable
GetClassLongW
SetClassLongW
CharLowerW
WinHelpW
PtInRect
TrackMouseEvent
ReleaseCapture
OffsetRect
SetRect
InflateRect
FillRect
TabbedTextOutW
GetParent
SetCapture
InvalidateRect
UpdateWindow
ScreenToClient
PostMessageW
EnableWindow
GetClientRect
GetWindowRect
DestroyIcon
SendDlgItemMessageW
LoadIconW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetDlgItemTextW
IsDialogMessageW
MoveWindow
SendMessageW
ShowWindow
ScrollWindowEx
RemoveMenu
LoadCursorW
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
GetForegroundWindow
DefWindowProcW
SetCursor
GetMessageTime
CharNextExA
GetDoubleClickTime
RegisterClipboardFormatW
GetPropW
RemovePropW
SetFocus
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
GetWindowThreadProcessId
DefFrameProcW
DefMDIChildProcW
RedrawWindow
InsertMenuItemW
SetCursorPos
DestroyCursor
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
IsRectEmpty
GetSystemMenu
WaitMessage
DrawIcon
SetWindowRgn
UnregisterClassW
PostThreadMessageW
GetDCEx
LockWindowUpdate
CharNextW
MapDialogRect
SetWindowContextHelpId
CreateMenu
GetTabbedTextExtentA
GetNextDlgGroupItem
BringWindowToTop
EndDeferWindowPos
BeginDeferWindowPos
PostQuitMessage
SetRectEmpty
DrawFocusRect
GetKeyNameTextW
MapVirtualKeyW
GetCursorPos
GetMenuStringW
DeleteMenu

comctl32

ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Draw

wsock32

accept
WSAStartup
setsockopt
WSAGetLastError
socket
htons
recv
select
send
WSACleanup
gethostbyname
bind
getsockname
listen
shutdown
ioctlsocket
getservbyname
closesocket
connect

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetConversionStatus
ImmGetContext
ImmSetCandidateWindow
ImmSetCompositionFontW
ImmEscapeA
ImmEscapeW
ImmGetCompositionStringA
ImmGetCompositionStringW

uxtheme

SetWindowTheme
GetThemeBackgroundContentRect
CloseThemeData
OpenThemeData
IsAppThemed
DrawThemeBackground
EnableThemeDialogTexture

mpr

WNetOpenEnumW
WNetAddConnection2W
WNetGetConnectionW
WNetCloseEnum
WNetEnumResourceW

usp10

ScriptStringOut
ScriptStringAnalyse
ScriptStringCPtoX
ScriptString_pSize
ScriptStringFree
ScriptString_pLogAttr

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCloneImage

crypt32

CertStrToNameW
CryptFindCertificateKeyProvInfo
CryptBinaryToStringW
CertCreateSelfSignCertificate
CertFreeCertificateContext
CryptStringToBinaryW
CryptBinaryToStringA

secur32

FreeCredentialsHandle
AcquireCredentialsHandleW
FreeContextBuffer
InitializeSecurityContextW
EncryptMessage
QueryContextAttributesW
DecryptMessage
DeleteSecurityContext
ApplyControlToken

dbghelp

MiniDumpWriteDump

kernel32

EnumSystemLocalesA
InterlockedCompareExchange
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringA
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
CreateThread
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetLocaleInfoA
ExitThread
RaiseException
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoW
GetFileSizeEx
LocalFileTimeToFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
MultiByteToWideChar
GetACP
GlobalMemoryStatusEx
GetTickCount
WideCharToMultiByte
FindCloseChangeNotification
WaitForSingleObject
FindNextChangeNotification
FindFirstChangeNotificationW
InterlockedIncrement
InterlockedDecrement
GetTimeFormatW
GetDateFormatW
GetTempPathW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
CloseHandle
GetSystemDefaultLCID
SetThreadLocale
GetSystemDefaultLangID
GetUserDefaultUILanguage
SetThreadUILanguage
GetStringTypeExW
GetThreadLocale
lstrlenW
lstrcmpiW
UnmapViewOfFile
MapViewOfFile
ReadFile
SetFilePointer
GetFileSize
SetCurrentDirectoryW
GetCPInfo
GetLocalTime
GetShortPathNameW
GetModuleFileNameW
CreateFileMappingW
OpenFileMappingW
FindClose
FindNextFileW
GetFullPathNameW
GetTempFileNameW
CopyFileW
FindFirstFileW
DeleteFileW
GetSystemTime
GetCurrentDirectoryW
SetUnhandledExceptionFilter
MulDiv
lstrlenA
CreateFileMappingA
GetCurrentThreadId
SystemTimeToFileTime
GetCurrentThread
SetEndOfFile
GetCurrentProcess
CreateDirectoryW
CreateFileW
GetFileAttributesW
SetFileAttributesW
FreeResource
GetVersionExW
ExpandEnvironmentStringsW
GetFileTime
GetCurrentProcessId
ExitProcess
LocalFree
FormatMessageW
WriteFile
GetLocaleInfoW
GetPrivateProfileStringW
CreateProcessW
GlobalAddAtomW
GlobalGetAtomNameW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GlobalMemoryStatus
GetStdHandle
GetProcessHeap
Sleep
FileTimeToLocalFileTime
lstrcmpW
EnumSystemCodePagesW
FlushFileBuffers
CreatePipe
GetVolumeInformationW
ResumeThread
SuspendThread
GetDriveTypeW
ExpandEnvironmentStringsA
LoadLibraryA
GetVersionExA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalSize
GetModuleHandleA
lstrcmpA
SetThreadPriority
SetEvent
CreateEventW
InterlockedExchange
CompareStringA
EnumResourceLanguagesW
ConvertDefaultLocale
GetPrivateProfileIntW
WritePrivateProfileStringW
SetErrorMode
MoveFileW
LockFile
UnlockFile
DuplicateHandle
SetFileTime
GetDiskFreeSpaceW
GlobalFlags
GetProfileIntW
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetFileAttributesExW

gdi32

GetNearestColor
GetCharWidthW
Ellipse
LPtoDP
CreateEllipticRgn
GetMapMode
SetRectRgn
GetViewportOrgEx
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
DPtoLP
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetPolyFillMode
Escape
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CopyMetaFileW
CreateBitmap
GetClipBox
SetTextAlign
CreatePolygonRgn
PatBlt
GetRgnBox
CombineRgn
CreateRectRgn
Polygon
GetBkColor
CreatePatternBrush
CreateDIBitmap
SelectClipRgn
ExtTextOutA
CreateDIBSection
GetDeviceCaps
GetCurrentObject
GetCharABCWidthsW
GetOutlineTextMetricsW
CreateICW
EnumFontFamiliesExW
Rectangle
DeleteDC
GetTextExtentPointW
GetTextMetricsW
SetTextColor
SetBkColor
CreateRectRgnIndirect
GetObjectW
GetStockObject
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateSolidBrush
GetBkMode
SetBkMode
ExtTextOutW
GetTextColor
CreatePen
MoveToEx
LineTo
DeleteObject
GetTextExtentPoint32W
BitBlt
SelectObject
CreateCompatibleDC
CreateDCW
CreateCompatibleBitmap
CreateFontIndirectW
GetTextExtentPoint32A
GetWindowOrgEx
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
GetJobW
ClosePrinter

advapi32

CryptReleaseContext
RegCreateKeyW
GetFileSecurityW
SetFileSecurityW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyW
GetUserNameW
RegOpenKeyW
CryptExportKey
CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptDestroyKey
CryptVerifySignatureW
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptGenKey
CryptGenRandom
CryptCreateHash
CryptImportKey
RegSetValueExW
CryptAcquireContextW
RegEnumValueW
RegSetValueW
RegQueryValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ExtractIconW
ord62
DragFinish
SHBindToParent
ord16
SHGetSettings
SHFileOperationW
ShellExecuteExW
DragQueryFileW
SHGetFileInfoW
DragAcceptFiles
Shell_NotifyIconW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHChangeNotify
ShellExecuteW
ExtractIconExW

shlwapi

PathIsUNCW
PathFindExtensionW
UrlEscapeW
UrlUnescapeW
StrCmpLogicalW
SHAutoComplete
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW
PathFileExistsW
PathStripToRootW

oledlg

OleUIBusyW

ole32

OleDuplicateData
ReleaseStgMedium
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
VariantChangeType
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
SysFreeString
LoadTypeLi
SysStringLen
SafeArrayCreate
SysAllocString
OleCreateFontIndirect
VariantClear
SafeArrayPutElement
VariantInit

urlmon

CoInternetSetFeatureEnabled

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e921ba1f3321b61750d1ebb84a888fb9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

comctl32

wsock32

version

imm32

uxtheme

mpr

usp10

gdiplus

crypt32

secur32

dbghelp

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

urlmon

oleacc

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 280KB - Virtual size: 280KB

.data Size: 33KB - Virtual size: 208KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 280KB - Virtual size: 280KB

.data
Size: 33KB - Virtual size: 208KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB