VSSUIRUN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

VSSUIRUN.exe
Size

55KB
MD5

916aea8befbf8b59e122594c8334de26
SHA1

ecd15e2b471ee54849d4019e07c0d5635d4982bc
SHA256

6a536b4ce7a1a0cf466d22f3b3400ec680517a2e31e0085c53cbc0cd1d6ec583
SHA512

ddccac24992df423882595f753e995fc7c653d20e7dc856d2ff18fd18a692cc2be6c7a3b3496e25a8f87604db4a6ecc3562549151de58230781fc4955dedf133
SSDEEP

768:LbEeVCyMh8qO4yywW9nHGYRBbbFqkfF18nEDNeuwwjbSEln5IyYpamDjobj8Sg:Lq8qgWBHZvbFq7Eohwdln5IUmDjoXc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VSSUIRUN.exe

Files

VSSUIRUN.exe
.exe windows x86

7ea039bf4a2cc4b5faed5cff9f8bbf01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
CloseHandle
LocalFree
UnhandledExceptionFilter
GetCurrentProcess
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryExW
GetCommandLineW
ExpandEnvironmentStringsW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
DeactivateActCtx
ReleaseActCtx
CreateActCtxW
TerminateProcess
ActivateActCtx

user32

LoadStringW
DefWindowProcW
DestroyWindow
LoadCursorW
RegisterClassW
CreateWindowExW

msvcrt

_XcptFilter
_exit
_cexit
exit
malloc
_callnewh
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
__CxxFrameHandler3
wcschr
memset
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_unlock
__dllonexit
_vsnprintf
_vsnwprintf
memmove_s
??0exception@@QAE@ABQBD@Z
memcpy_s
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
__wgetmainargs
_lock

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize

vsstrace

ord9
ord10
ord11
ord8
ord7
ord3
ord1
ord2
ord6
ord5

advapi32

ConvertSidToStringSidW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
OpenThreadToken
DeregisterEventSource
ReportEventW
RegisterEventSourceW

oleaut32

GetErrorInfo
SysFreeString

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ea039bf4a2cc4b5faed5cff9f8bbf01

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

ole32

vsstrace

advapi32

oleaut32

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 3KB - Virtual size: 2KB