vim[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

vim.exe
Size

2.9MB
MD5

b863babddb3fc78dcf107d9a719f1657
SHA1

c22ceaf166d10bdf094d78fd997fc30f02dfc238
SHA256

730f9a47df6a76a197405127cbb9af53bc1955aaabb1a57d67bc5bf435288e3d
SHA512

e4c4374dd8bbb6a6eabf3a55b829f69d6b12cc81e1ed40dfd07e7b1fe5aed85f675d3d2640d379cfc5c9bf5515aee98be73e1daec287a2ce91e5810023d32aa2
SSDEEP

49152:LX85fmOZgz+i/tWzbAxCgn/QufVCJfU01g1yJuMsFQdB0QfyHxEDjWnzW:r89Dk+Tc+Jj1grtQTRfXWn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vim.exe

Files

vim.exe
.exe windows x86

0b951e12048d0a1b7ef13f3edab9c84f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetModuleHandleA
GetSystemInfo
GlobalLock
LocalFree
GetConsoleWindow
FormatMessageA
IsBadReadPtr
GlobalUnlock
MulDiv
SetConsoleTitleW
VirtualQuery
FlushFileBuffers
GetModuleFileNameA
FillConsoleOutputCharacterA
SetConsoleCtrlHandler
Process32First
SetHandleInformation
CreateTimerQueueTimer
VirtualProtect
GetConsoleScreenBufferInfo
CreateNamedPipeA
SetConsoleTextAttribute
GetCommandLineW
GetFullPathNameW
GetCurrentProcess
SetConsoleScreenBufferSize
ScrollConsoleScreenBufferA
WriteConsoleA
WriteFile
SetConsoleMode
GetConsoleCursorInfo
AssignProcessToJobObject
GetNumberOfConsoleMouseButtons
WaitForMultipleObjects
SetConsoleWindowInfo
GetProcessId
SetErrorMode
GetConsoleTitleW
ResumeThread
SetCurrentDirectoryA
SetFileAttributesW
CreateToolhelp32Snapshot
Sleep
GetFileInformationByHandle
GetLargestConsoleWindowSize
AttachConsole
SetConsoleCursorInfo
ReadConsoleInputW
CreateFileW
ReadConsoleOutputW
LoadLibraryA
GetVersionExA
Process32Next
GetConsoleTitleA
GlobalFree
WriteConsoleOutputAttribute
FreeConsole
GetCurrentDirectoryW
FillConsoleOutputAttribute
SetCurrentDirectoryW
PeekConsoleInputW
CreateJobObjectA
GetComputerNameW
GetCurrentProcessId
GetNumberOfConsoleInputEvents
GlobalMemoryStatusEx
CreateProcessW
GetFileType
InterlockedIncrement
TerminateJobObject
DeleteTimerQueueTimer
BackupRead
SetConsoleCursorPosition
BackupSeek
WriteConsoleInputA
GetEnvironmentStringsW
FreeEnvironmentStringsA
WriteConsoleOutputW
MoveFileW
GenerateConsoleCtrlEvent
ReadConsoleOutputAttribute
WriteConsoleOutputCharacterW
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalSize
GlobalAlloc
GetModuleHandleW
ConnectNamedPipe
ReadFile
PeekNamedPipe
DisconnectNamedPipe
GetOverlappedResult
DeviceIoControl
SetConsoleTitleA
GetLocaleInfoA
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetStdHandle
FreeLibrary
GetProcAddress
DecodePointer
HeapSize
GetLastError
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
CreateProcessA
GetStartupInfoA
WaitForSingleObject
CreatePipe
TerminateProcess
GetShortPathNameW
GetLongPathNameW
GetTempFileNameW
DeleteFileW
FindClose
GetTempPathW
MultiByteToWideChar
FindNextFileW
FindFirstFileW
GetTickCount
DebugBreakProcess
CloseHandle
OpenProcess
WideCharToMultiByte
CreateFileA
GetProcessHeap
FindFirstFileExW
GetTimeZoneInformation
SetEndOfFile
FreeEnvironmentStringsW
GetOEMCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetModuleFileNameW
DuplicateHandle
ReadConsoleW
GetFileAttributesExW
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
VirtualAlloc
SetStdHandle
SetFilePointerEx
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

advapi32

GetUserNameW
AdjustTokenPrivileges
GetAclInformation
OpenProcessToken
GetNamedSecurityInfoW
SetNamedSecurityInfoW
LookupPrivilegeValueA
GetAce

shell32

ExtractIconA
CommandLineToArgvW
ShellExecuteW

gdi32

SetTextColor
SetBkMode
CreateFontIndirectA
SetBkColor
GetTextExtentPoint32W
CreateDCA
GetTextMetricsA
CreateFontIndirectW
SetTextAlign
SetAbortProc
StartDocW
EndPage
TextOutW
DeleteDC
GetDeviceCaps
EndDoc
StartPage
SelectObject
GetNearestColor
DeleteObject
EnumFontFamiliesW

comdlg32

CommDlgExtendedError
PrintDlgW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

netapi32

NetApiBufferFree
NetUserEnum

user32

MapVirtualKeyA
EnableWindow
ReleaseDC
SetForegroundWindow
GetParent
SetDlgItemInt
EnableMenuItem
GetDesktopWindow
SystemParametersInfoA
CreateDialogParamA
GetWindowDC
SendMessageA
GetCaretBlinkTime
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetSystemMetrics
MessageBeep
ToUnicode
CharLowerBuffA
GetSystemMenu
LoadImageA
GetWindowRect
DestroyWindow
SendMessageTimeoutA
SetWindowPos
EnumChildWindows
GetClassNameA
MsgWaitForMultipleObjects
wsprintfA
IsWindow
OffsetRect
GetDlgItemTextA
DispatchMessageW
IsDialogMessageW
CopyRect
PeekMessageW
GetWindowTextA
CharUpperBuffA
SetDlgItemTextW
SetWindowTextA
RegisterClassA
EnumWindows
DefWindowProcA
CreateWindowExA
BringWindowToTop
TranslateMessage
SendDlgItemMessageA

winmm

mciSendStringW
mciSendStringA
mciGetDeviceIDA
PlaySoundW

wsock32

closesocket
select
send
__WSAFDIsSet
connect
recv
WSAStartup
WSAGetLastError
inet_ntoa
htons
socket

ws2_32

freeaddrinfo
getaddrinfo

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b951e12048d0a1b7ef13f3edab9c84f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

gdi32

comdlg32

ole32

netapi32

user32

winmm

wsock32

ws2_32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 190KB - Virtual size: 189KB

.data Size: 146KB - Virtual size: 183KB

.gfids Size: 512B - Virtual size: 232B

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 165KB - Virtual size: 164KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 190KB - Virtual size: 189KB

.data
Size: 146KB - Virtual size: 183KB

.gfids
Size: 512B - Virtual size: 232B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 165KB - Virtual size: 164KB