dd521cf5d2ea0a7802f23b72fa8656ff679e5045f622a0842a43f5a4beffb2b2

Sharing

Copy URL Twitter E-mail

General

Target

dd521cf5d2ea0a7802f23b72fa8656ff679e5045f622a0842a43f5a4beffb2b2
Size

1.3MB
MD5

572d159de51f0bdf0d08298e7debc1b1
SHA1

6370befd8fdfaae5551053abc6a5c337afe86e6b
SHA256

dd521cf5d2ea0a7802f23b72fa8656ff679e5045f622a0842a43f5a4beffb2b2
SHA512

5c1d0eb162fad9d672378601adc7963f5606d566352fdb6c85ad685cfd4370282a2f18d3aa2b0a2e1b64c003fdc0e7a36f6e6cd57f87f029e38300b0b5946bc6
SSDEEP

24576:qGtlqfe0gOBq9LPM/BeMKzT5g4RKTETbbUn27KMRjNyjJTAH3VGx9A:qGtlqfeEBq0K5g4cTETbb02NyjJTS7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd521cf5d2ea0a7802f23b72fa8656ff679e5045f622a0842a43f5a4beffb2b2

Files

dd521cf5d2ea0a7802f23b72fa8656ff679e5045f622a0842a43f5a4beffb2b2
.dll windows:5 windows x64 arch:x64

d13c657a4dbd412a927d1687846959dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\672000\out\Release\360Base64.pdb

Imports

kernel32

GetUserDefaultLCID
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
GetCurrentProcessId
GetSystemWindowsDirectoryW
GetVersionExW
LockResource
FreeResource
SetFilePointerEx
GetFileSizeEx
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
HeapDestroy
HeapSize
GetProcessHeap
FindResourceExW
lstrcmpA
LocalFree
GetFileSize
WriteFile
SetFilePointer
GetLocalTime
GetCurrentThreadId
FlushFileBuffers
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
MoveFileExW
QueryPerformanceCounter
LockFileEx
UnlockFileEx
MapViewOfFile
GetFileType
lstrlenW
ReleaseMutex
GetACP
lstrlenA
LocalFileTimeToFileTime
lstrcmpiA
GetCurrentProcess
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
Sleep
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
OpenThread
HeapWalk
HeapUnlock
HeapLock
CreateFileA
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
lstrcatW
GlobalMemoryStatus
RtlVirtualUnwind
GetStdHandle
GetCPInfo
GetStringTypeW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
GetFileAttributesW
CreateFileW

user32

CharNextW
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
CryptReleaseContext
CryptGenRandom
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocString
VarUI4FromStr

shlwapi

SHGetValueA
PathFileExistsW
StrTrimA
StrRChrW
PathAppendW
PathCombineW
StrCmpNIW
StrStrIW
StrCmpIW
StrStrIA
SHSetValueA
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptMsgControl
CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptDecodeObjectEx
CertFreeCertificateChain
CryptDecodeObject
CertAddStoreToCollection
CertOpenStore
CertCloseStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CertOpenSystemStoreW
CryptMsgGetParam
CertGetCertificateChain

iphlpapi

GetAdaptersInfo

Exports

Exports

CreateObject
InitLibs

Sections

.text
Size: 851KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d13c657a4dbd412a927d1687846959dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

crypt32

iphlpapi

Exports

Exports

Sections

.text Size: 851KB - Virtual size: 850KB

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 68KB - Virtual size: 84KB

.pdata Size: 34KB - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 851KB - Virtual size: 850KB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 68KB - Virtual size: 84KB

.pdata
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB