6de97896b7a916fe9cb85e7c1266f44fae3ac8bf164fbd39750ab3a21581c945

Sharing

Copy URL Twitter E-mail

General

Target

6de97896b7a916fe9cb85e7c1266f44fae3ac8bf164fbd39750ab3a21581c945
Size

5.0MB
MD5

924e6ae68e50800831e8c6f2972b6927
SHA1

ea86e4cc82011912d8da6fb5d53f5ae1920dfaa6
SHA256

6de97896b7a916fe9cb85e7c1266f44fae3ac8bf164fbd39750ab3a21581c945
SHA512

63b08847242d1371f9a017ff466f0f1ae6cf074264d2127ffc91220f10a795ef633ccd95e626fafac7518a25a65334ce992c1c6835c6f18fd3b13fe855d88f85
SSDEEP

98304:r7WohqxmDwK2QpwTk1j4zouwZaMoR0C0s2CJHfjoS0:r7mm6QqT6Z0MoRV075

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6de97896b7a916fe9cb85e7c1266f44fae3ac8bf164fbd39750ab3a21581c945

Files

6de97896b7a916fe9cb85e7c1266f44fae3ac8bf164fbd39750ab3a21581c945
.exe windows:5 windows x86 arch:x86

d8f48642b9fd148c66c576ad2938972d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\771324\out\Release\QHSafeMain.pdb

Imports

ws2_32

inet_ntoa
ntohs
htons
htonl
select
ntohl

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetSetOptionW
InternetOpenW
DeleteUrlCacheEntryW
InternetOpenUrlW
FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetQueryOptionW
InternetCrackUrlA
InternetGetConnectedState

kernel32

LocalAlloc
CreateProcessW
GetExitCodeThread
GetModuleHandleA
FlushInstructionCache
MulDiv
InterlockedIncrement
RaiseException
CreateEventA
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTempPathW
GetTempFileNameW
CreateDirectoryW
CompareFileTime
ReleaseSemaphore
CreateSemaphoreW
lstrlenA
lstrcmpiA
MapViewOfFile
lstrcpyW
InitializeCriticalSectionAndSpinCount
GetLocalTime
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
VerSetConditionMask
VerifyVersionInfoW
FlushViewOfFile
OpenFileMappingW
GetFileSizeEx
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLongPathNameW
GetFileAttributesExA
SetFileAttributesA
DeleteFileA
FreeConsole
GlobalFree
GetTimeZoneInformation
GlobalAlloc
GlobalLock
GlobalUnlock
GetCommandLineW
OpenEventW
GetComputerNameExW
CreateFileA
GetStartupInfoW
QueryPerformanceFrequency
QueryPerformanceCounter
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
lstrcmpW
GlobalHandle
TerminateProcess
SetErrorMode
ExitProcess
LocalFileTimeToFileTime
IsBadReadPtr
GetFileTime
InterlockedExchangeAdd
CreateMutexA
GetCurrentThread
SleepEx
ReadProcessMemory
GetModuleFileNameA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
HeapCreate
GetDateFormatA
GetTimeFormatA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
CompareStringW
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenMutexW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
SetEndOfFile
FlushFileBuffers
GetCurrentThreadId
FreeResource
GetFileAttributesExW
lstrcmpiW
GetSystemInfo
GetSystemPowerStatus
GlobalMemoryStatus
GlobalMemoryStatusEx
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
GetCurrentProcess
lstrlenW
SetLastError
ProcessIdToSessionId
LoadLibraryA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LoadLibraryExW
MultiByteToWideChar
ReleaseMutex
CreateMutexW
GetCurrentProcessId
GetLogicalDriveStringsW
DeviceIoControl
MoveFileExW
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetFileSize
GetPrivateProfileIntW
WritePrivateProfileStringW
GetDriveTypeW
GetWindowsDirectoryW
CreateThread
ResetEvent
GetShortPathNameW
OpenProcess
InterlockedDecrement
InterlockedExchange
FindClose
FindNextFileW
FindFirstFileW
ResumeThread
SetEvent
CreateEventW
InterlockedCompareExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
LocalFree
GetLastError
WaitForMultipleObjects
WaitForSingleObject
GetVersionExW
GetModuleHandleW
GetModuleFileNameW
ReadFile
SetFilePointer
GetPrivateProfileStringW
EnterCriticalSection
FreeLibrary
LeaveCriticalSection
GetProcAddress
LoadLibraryW
WriteFile
DeleteFileW
GetVersion
CreateFileW
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetEnvironmentVariableA
SetFilePointerEx
OutputDebugStringW
HeapUnlock
OpenThread
HeapLock
HeapWalk
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
lstrcmpA
SetEnvironmentVariableW

user32

WaitForInputIdle
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
UnregisterClassA
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetDC
ReleaseDC
KillTimer
DestroyWindow
SendMessageW
SetTimer
RegisterClassExW
SetWindowPlacement
SetLayeredWindowAttributes
EnumChildWindows
SetScrollInfo
GetScrollInfo
SetScrollPos
GetDlgCtrlID
HideCaret
UpdateLayeredWindow
PostQuitMessage
PeekMessageW
MapDialogRect
SetWindowContextHelpId
CreateDialogIndirectParamW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
CreateAcceleratorTableW
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
DestroyAcceleratorTable
GetKeyState
SetClassLongW
GetClassLongW
SetCursor
MoveWindow
GetCursorPos
SwitchToThisWindow
BringWindowToTop
IsIconic
EqualRect
InflateRect
CloseClipboard
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetRectEmpty
SetClipboardData
EmptyClipboard
OpenClipboard
SystemParametersInfoW
GetWindowDC
IsRectEmpty
CopyRect
OffsetRect
FindWindowW
IsWindow
PostMessageW
LoadStringW
SendMessageTimeoutW
GetWindowPlacement
ShowWindow
GetSystemMetrics
SetRect
ScreenToClient
GetMessagePos
DrawTextW
SetWindowTextW
GetDlgItem
GetWindow
MonitorFromWindow
MapWindowPoints
IsDialogMessageW
DrawIconEx
EnableWindow
GetActiveWindow
MessageBoxW
UpdateWindow
InvalidateRect
SetWindowRgn
MonitorFromRect
LoadIconW
GetDesktopWindow
keybd_event
GetKeyboardState
SetActiveWindow
AttachThreadInput
GetParent
SetWindowPos
SetFocus
IsWindowEnabled
GetForegroundWindow
AllowSetForegroundWindow
GetMonitorInfoW
GetClientRect
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
FindWindowExW
LoadImageW
DestroyIcon
IntersectRect
PtInRect
GetWindowRect
SetForegroundWindow
ClientToScreen
RegisterWindowMessageW

gdi32

GetObjectA
SetBkColor
ExtTextOutW
GdiAlphaBlend
StretchBlt
SetViewportOrgEx
CombineRgn
CreateRectRgn
CreateDIBSection
GetStockObject
CreateSolidBrush
CreateRectRgnIndirect
SetStretchBltMode
GetPixel
SetTextColor
CreateBitmap
CreateFontW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
DeleteObject
GetTextMetricsW
SelectObject
GetObjectW
GetDeviceCaps
DeleteDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
CryptGenRandom
RevertToSelf
RegEnumKeyExA
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ImpersonateLoggedOnUser
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
RegDeleteKeyW
RegCreateKeyA
GetSidSubAuthority
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
DuplicateTokenEx
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
RegCreateKeyW
ConvertStringSidToSidW
LookupAccountSidW
FreeSid
GetTokenInformation
AllocateAndInitializeSid
EqualSid
ConvertSidToStringSidW
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
ShellExecuteW
ord680
CommandLineToArgvW
ExtractIconExW
ord165
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetFileInfoW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
CoLoadLibrary
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
OleInitialize
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnlock
SafeArrayLock
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
DispCallFunc
SysAllocString
SysFreeString
VariantClear
VariantInit
VariantTimeToSystemTime
SafeArrayPutElement
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SystemTimeToVariantTime
VarDateFromStr
VarUI4FromStr
VariantChangeType
VarBstrCmp

shlwapi

PathCompactPathW
ColorRGBToHLS
ColorHLSToRGB
UrlGetPartW
StrStrA
PathIsRelativeW
StrStrW
StrCmpNIA
PathFindExtensionA
PathRemoveFileSpecA
PathStripPathW
PathAppendW
PathRemoveFileSpecW
PathCombineW
PathFileExistsW
SHGetValueW
ord437
PathStripToRootW
PathCombineA
PathFileExistsA
StrCmpW
PathRemoveBackslashW
SHSetValueA
SHDeleteValueA
ord12
SHGetValueA
SHDeleteKeyW
StrCmpNIW
StrStrIA
SHDeleteValueW
SHSetValueW
PathAddBackslashW
wnsprintfW
PathIsDirectoryW
StrChrW
StrCmpNW
StrStrIW
StrCmpIW
PathFindExtensionW
PathFindFileNameW

comctl32

_TrackMouseEvent
InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory
WTSQuerySessionInformationW

userenv

GetUserProfileDirectoryW
CreateEnvironmentBlock
DestroyEnvironmentBlock

dnsapi

DnsFree
DnsQuery_A

rpcrt4

RpcStringBindingComposeW
NdrAsyncClientCall
RpcBindingFree
RpcStringFreeW
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW

imm32

ImmDisableIME

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 673KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8f48642b9fd148c66c576ad2938972d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

psapi

wtsapi32

userenv

dnsapi

rpcrt4

imm32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 673KB - Virtual size: 672KB

.data Size: 84KB - Virtual size: 119KB

.tls Size: 512B - Virtual size: 25B

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 249KB - Virtual size: 248KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 673KB - Virtual size: 672KB

.data
Size: 84KB - Virtual size: 119KB

.tls
Size: 512B - Virtual size: 25B

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 249KB - Virtual size: 248KB