immersivetpmvscmgrsvr[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

immersivetpmvscmgrsvr.exe
Size

160KB
MD5

3f58844ac783359a31e6957532734a5c
SHA1

4521f3a2d101fe79b7573adbf6fd902750bad84f
SHA256

d48e921e0952a533c5407f8e9424de1b17e0a489b418a409c5f3e12a58d876c6
SHA512

94468aeb29d8b1a6fea10a9c16f9a91d7ff039b75579c833d05aee1f68f0410024bd09be908ab90d46a5bd3ea42a59cccb5d11894cda2f8e595ee1ce56ddb2ef
SSDEEP

3072:zM+/SmNGLDtgp+Hg7LWLb+qoHWAQ+TWvX:P/SmNGLDtgIHg7LWmFWAQ+T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
immersivetpmvscmgrsvr.exe

Files

immersivetpmvscmgrsvr.exe
.exe windows:10 windows x64 arch:x64

42ead1ebd8100ac63e6b5cfdddc45e07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitializeCriticalSection
GetCommandLineW
SetEvent
DeleteCriticalSection
RaiseException
Sleep
GetModuleFileNameW
LoadLibraryExW
CreateEventW
CreateThread
RaiseFailFastException
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

TranslateMessage
CharNextW
CharUpperW
GetSystemMetrics
PostThreadMessageW
GetMessageW
UnregisterClassA
DispatchMessageW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___p__commode
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
memmove

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SysStringLen
SysAllocString
SysFreeString
LoadTypeLi

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateGuid
CoResumeClassObjects
StringFromGUID2
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoTaskMemFree
CoGetMalloc
CoUninitialize
CoTaskMemAlloc
CoSetProxyBlanket

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
AcquireSRWLockShared
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSectionEx

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FindResourceExW
LockResource
LoadResource

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

CreateDirectoryW

bcrypt

BCryptDestroyKey
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptCloseAlgorithmProvider

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-heap-l1-1-0

HeapReAlloc

profapi

ord104

ntdll

RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError

setupapi

SetupGetInfDriverStoreLocationW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList
SetupDiSetDevicePropertyW

winscard

SCardEndTransaction
SCardReconnect
SCardBeginTransaction
SCardGetCardTypeProviderNameW
SCardListCardsW
SCardGetStatusChangeW
SCardDisconnect
SCardListReadersWithDeviceInstanceIdW
SCardAccessStartedEvent
SCardListReadersW
SCardReleaseStartedEvent
SCardGetReaderDeviceInstanceIdW
SCardEstablishContext
SCardFreeMemory
SCardConnectW
SCardReleaseContext

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42ead1ebd8100ac63e6b5cfdddc45e07

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-path-l1-1-0

rpcrt4

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-file-l1-1-0

bcrypt

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-heap-l1-1-0

profapi

ntdll

setupapi

winscard

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 8KB - Virtual size: 7KB

.didat Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 292B

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 8KB - Virtual size: 7KB

.didat
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 292B