VMWARE~1[.]SC | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VMWARE~1.SC
Size

4.8MB
MD5

35249e073a28fec4aa216d57bf4a626b
SHA1

c508e867ad286aefbc7f8b76dab89cb77cc1024a
SHA256

e10f9e072803ef30cea88e1af3ad28a39598bcc1ca9056f9d5b83058de22163f
SHA512

d36ca0177440cdd32616491d44b8b28d5ab48d433b23e727ae0bf93c8a49c477c94860fe7a682bb7f3deedaee881c6308c46614cb75dcc5fcbcdfa41f11f47b0
SSDEEP

98304:qhRchPS0xpNqWt5EKHOPpCvoQGckG7gfDn5XTC4+wJsv6tWKFdu9CTvHUQxz:qI6RpKHzvoVckrDCnwJsv6tWKFdu9CT5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VMWARE~1.SC

Files

VMWARE~1.SC
.exe windows x86

2722e71420a4b3a701f5c64908fa997b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
GetAdaptersInfo
GetNetworkParams
GetBestRoute
GetBestInterface
ConvertInterfaceIndexToLuid

crypt32

CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertCreateCertificateContext
CertOpenSystemStoreW
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore

ws2_32

socket
WSAStartup
htons
inet_pton
bind
WSAConnect
closesocket
connect
getsockname
htonl
ntohl
ntohs
recv
gethostname
WSACleanup
WSASetLastError
recvfrom
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAHtonl
WSAAsyncSelect
WSAAccept
select
listen
getpeername
__WSAFDIsSet
getsockopt
getnameinfo
freeaddrinfo
getaddrinfo
inet_ntop
WSAPoll
WSAIoctl
WSAGetLastError
shutdown
setsockopt
sendto
send

advapi32

CryptDecrypt
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
OpenProcessToken
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
CryptExportKey
SetSecurityDescriptorOwner
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
DuplicateToken
CopySid
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptCreateHash
CryptDestroyHash
AccessCheck
RegSetValueExW
RegQueryInfoKeyW
GetLengthSid
CryptSignHashW
CryptEnumProvidersW
RegQueryValueExW
SystemFunction036
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetTickCount
TryEnterCriticalSection
RaiseException
DecodePointer
EncodePointer
VirtualFree
Sleep
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThreadId
GetLastError
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
InitializeCriticalSection
WaitForSingleObject
TerminateThread
GetModuleFileNameA
LocalFree
FormatMessageW
CreateFileW
CloseHandle
DisconnectNamedPipe
WaitNamedPipeW
CreateEventW
WaitForMultipleObjects
GetProcAddress
GlobalFree
LoadLibraryW
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
SetEvent
ResetEvent
GetCurrentProcess
SetHandleInformation
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
ChangeTimerQueueTimer
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
FreeLibrary
LoadLibraryA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
OutputDebugStringW
TerminateProcess
IsProcessorFeaturePresent
GetConsoleWindow
GetCommandLineW
GetStartupInfoW
WaitForSingleObjectEx
GetLocalTime
DuplicateHandle
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
ResumeThread
GetSystemInfo
QueryPerformanceFrequency
GetTickCount64
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
UnregisterWaitEx
RegisterWaitForSingleObject
GetSystemDirectoryW
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseSemaphore
CreateSemaphoreW
GetFileAttributesExW
FlushFileBuffers
GetDriveTypeW
GetLogicalDrives
ReadFile
SetEndOfFile
SetFilePointerEx
SetErrorMode
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetFileInformationByHandleEx
GetModuleFileNameW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
FindFirstFileExW
OpenProcess
VirtualAlloc
CreateMutexW
ReleaseMutex
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwind
ExitProcess
ExitThread
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetCommandLineA
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
IsValidLocale
EnumSystemLocalesW
HeapReAlloc
GetFileSizeEx
SetEnvironmentVariableW
IsValidCodePage
GetACP
GetOEMCP
WriteConsoleW
SetUnhandledExceptionFilter
FindClose
HeapSize

shell32

CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
CoTaskMemFree

winmm

timeKillEvent
timeSetEvent

fwpuclnt

FwpmFreeMemory0
FwpmGetAppIdFromFileName0
FwpmFilterAdd0
FwpmSubLayerGetByKey0
FwpmSubLayerAdd0
FwpmEngineClose0
FwpmEngineOpen0

bcrypt

BCryptGenRandom

user32

DestroyWindow
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
CreateWindowExW
CharNextExA
GetWindowThreadProcessId
EnumWindows
PostThreadMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
GetQueueStatus
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
DefWindowProcW
RegisterClassW
UnregisterClassW
GetWindowLongW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2722e71420a4b3a701f5c64908fa997b

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

crypt32

ws2_32

advapi32

netapi32

userenv

version

kernel32

shell32

ole32

winmm

fwpuclnt

bcrypt

user32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 40KB - Virtual size: 68KB

.qtmetad Size: 512B - Virtual size: 106B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 125KB - Virtual size: 125KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 40KB - Virtual size: 68KB

.qtmetad
Size: 512B - Virtual size: 106B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 125KB - Virtual size: 125KB