vagent_windows_x86_64-4[.]8[.]13-beta[.]25[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vagent_windows_x86_64-4.8.13-beta.25.exe
Size

10.5MB
MD5

481c4754ce85776d2d5c5b2b3c244ba7
SHA1

a8f01a30c8acd3576e8cdb87e0cdced3bb2c034b
SHA256

018f1326435a41956fe86506fc060716b90a7e9649c4f27c475703990ba3af79
SHA512

86bb112c610a5eeea454cf5032128f89ee08c633d9c17ad6512352f94e8f3557a39d7324fea531cf44cb5d337340663ad564f43a38bdb792fe832f54371e5e0c
SSDEEP

196608:/sbaOkhIQHMb0MYz0xL6Lg8e6gcqoLns9ep0A:kTl5xeLg76LpLs0z

Score

1^/10

Malware Config

Signatures

Files

vagent_windows_x86_64-4.8.13-beta.25.exe
.exe windows x64

52e9c6cf3794787aeef7dd013ebed73f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:a0:d5:a4:20:60:42:18:7f:ba:31:8a:5c:42:81:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/07/2022, 00:00

Not After

06/07/2023, 23:59

Subject

SERIALNUMBER=91310230MA7C0M49XK,CN=塞讯信息技术（上海）有限公司,O=塞讯信息技术（上海）有限公司,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e99d99e5ae89e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:20:ac:0f:e5:4a:35:74:c3:17:1d:57:12:f1:05:8e:ac:fa:9d:89:ef:36:0b:77:ee:56:b8:45:0c:e0:30:68
Signer

Actual PE Digest

85:20:ac:0f:e5:4a:35:74:c3:17:1d:57:12:f1:05:8e:ac:fa:9d:89:ef:36:0b:77:ee:56:b8:45:0c:e0:30:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

NtCancelIoFileEx
RtlGetVersion
NtCreateFile
NtDeviceIoControlFile
NtQueryInformationProcess
NtQuerySystemInformation
RtlNtStatusToDosError

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CopySid
CreateServiceW
DeleteService
GetLengthSid
GetTokenInformation
IsValidSid
LookupAccountSidW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW
SystemFunction036

iphlpapi

FreeMibTable
GetAdaptersAddresses
GetIfEntry2
GetIfTable2
SendARP

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
send
sendto
setsockopt
shutdown
socket

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteFileW
DeviceIoControl
DuplicateHandle
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalDrives
GetLogicalProcessorInformationEx
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessIoCounters
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTimes
GetTickCount64
GetUserDefaultLocaleName
GetVolumeInformationW
GetWindowsDirectoryW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryA
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
OpenProcess
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointerEx
SetHandleInformation
SetLastError
SetSystemTime
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
UnregisterWaitEx
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WriteConsoleW
WriteFileEx
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwindEx
RtlVirtualUnwind
VirtualProtect
VirtualQuery
__C_specific_handler

user32

ExitWindowsEx
GetSystemMetrics

bcrypt

BCryptGenRandom

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhRemoveCounter

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy

secur32

AcceptSecurityContext
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
QueryContextAttributesW

shell32

CommandLineToArgvW

powrprof

CallNtPowerInformation

oleaut32

GetErrorInfo
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear

psapi

GetModuleFileNameExW
GetPerformanceInfo

msvcrt

__initenv
__iob_func
__getmainargs
__set_app_type
_acmdln
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_fpreset
memcmp
memcpy
memmove
memset
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
signal
strlen
strncmp
vfprintf
wcslen

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52e9c6cf3794787aeef7dd013ebed73f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:a0:d5:a4:20:60:42:18:7f:ba:31:8a:5c:42:81:ffCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

85:20:ac:0f:e5:4a:35:74:c3:17:1d:57:12:f1:05:8e:ac:fa:9d:89:ef:36:0b:77:ee:56:b8:45:0c:e0:30:68Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

iphlpapi

ws2_32

netapi32

kernel32

user32

bcrypt

pdh

ole32

crypt32

secur32

shell32

powrprof

oleaut32

psapi

msvcrt

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 5.9MB - Virtual size: 5.9MB

.pdata Size: 76KB - Virtual size: 75KB

.xdata Size: 268KB - Virtual size: 268KB

.bss Size: - Virtual size: 1KB

.idata Size: 12KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 229KB - Virtual size: 228KB

.reloc Size: 19KB - Virtual size: 19KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:a0:d5:a4:20:60:42:18:7f:ba:31:8a:5c:42:81:ff
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

85:20:ac:0f:e5:4a:35:74:c3:17:1d:57:12:f1:05:8e:ac:fa:9d:89:ef:36:0b:77:ee:56:b8:45:0c:e0:30:68
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 5.9MB - Virtual size: 5.9MB

.pdata
Size: 76KB - Virtual size: 75KB

.xdata
Size: 268KB - Virtual size: 268KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 12KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 229KB - Virtual size: 228KB

.reloc
Size: 19KB - Virtual size: 19KB