immersivetpmvscmgrsvr[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

immersivetpmvscmgrsvr.exe
Size

130KB
MD5

875639948bfe79b858c455438ed8983a
SHA1

a0506275f5b57b8b5fc33536dc383f8ad158fbc3
SHA256

1f83f9d9201ed34b18d1452e439d6d2fb51b52a2fa627ccae3b2976d78af83b2
SHA512

cbaef20298b8adf1862d54cb9f77fa3458c7dcd401abd7ce05f057c0804e90370071ec78f6403f480d2493260c2725ffaea8ac750db9108a32bda780fff2d7fc
SSDEEP

3072:zaQ5r27S3uEuOpu818ejgWS3YBDAAnkmX87vPB3MUd:za63u9Opu818wTSMDAAkmX87x3M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
immersivetpmvscmgrsvr.exe

Files

immersivetpmvscmgrsvr.exe
.exe windows:6 windows x64

b12ca1a7f7e01ee36231c18e7e566290

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
ConvertSidToStringSidW
CreateWellKnownSid
TraceMessage

kernel32

DeleteCriticalSection
SetEvent
GetCommandLineW
InitializeCriticalSection
CloseHandle
WaitForSingleObject
Sleep
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
CreateEventW
CreateThread
HeapReAlloc
HeapFree
GetCurrentThreadId
GetModuleHandleW
RaiseFailFastException
LoadLibraryW
GetTickCount64
CreateDirectoryW
GetSystemDirectoryW
GetLastError
HeapAlloc
LocalFree
GetProcessHeap
LockResource
LoadResource
FindResourceExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
RaiseException
FreeLibrary

user32

UnregisterClassA
PostThreadMessageW
CharNextW
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics

msvcrt

__C_specific_handler
memset
wcscat_s
free
wcsncpy_s
_purecall
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
memmove
memcpy_s
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_vsnwprintf
_XcptFilter
??0exception@@QEAA@XZ
_CxxThrowException
_initterm
_wcmdln
_fmode
wcscpy_s
_callnewh
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
malloc
memcpy

ntdll

RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

ole32

CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoSuspendClassObjects
CoCreateGuid
StringFromGUID2

oleaut32

UnRegisterTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocString
SysFreeString

winscard

SCardReleaseStartedEvent
SCardDisconnect
SCardConnectW
SCardGetStatusChangeW
SCardReleaseContext
SCardEstablishContext
SCardGetReaderDeviceInstanceIdW
SCardFreeMemory
SCardListCardsW
SCardGetCardTypeProviderNameW
SCardBeginTransaction
SCardReconnect
SCardListReadersWithDeviceInstanceIdW
SCardEndTransaction
SCardListReadersW
SCardAccessStartedEvent

ext-ms-win-security-credui-l1-1-0

CredUIPromptForWindowsCredentialsW

bcrypt

BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

setupapi

SetupGetInfDriverStoreLocationW
SetupDiCreateDeviceInfoList
SetupDiSetDevicePropertyW
SetupDiOpenDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW

profapi

ord104

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b12ca1a7f7e01ee36231c18e7e566290

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

winscard

ext-ms-win-security-credui-l1-1-0

bcrypt

rpcrt4

setupapi

profapi

api-ms-win-core-path-l1-1-0

Sections

.text Size: 111KB - Virtual size: 110KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 5KB - Virtual size: 5KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 744B

.text
Size: 111KB - Virtual size: 110KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 5KB - Virtual size: 5KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 744B