8fb7ff706da66d387cbce9c3321f180d6dfcb524f048cd3abf1c6f4dc7627557

Sharing

Copy URL Twitter E-mail

General

Target

8fb7ff706da66d387cbce9c3321f180d6dfcb524f048cd3abf1c6f4dc7627557
Size

2.1MB
MD5

9e71668d3609f400d1deed045688fdbe
SHA1

5544c32496024ed4c9f0396e078d70469ad6f450
SHA256

8fb7ff706da66d387cbce9c3321f180d6dfcb524f048cd3abf1c6f4dc7627557
SHA512

50517849903bbbabb551e8ebbe547d584cfc33e9b946fb3f3ccb423ca70be4e123400d23b25979e856a13c8a6f68369ddb7c0e3e546c134fcdd98e09a880f997
SSDEEP

24576:L52f3WJAtOP1k5FOo71OG4rfHqELkcebAL2BhXoRFXrZ9T:L52/M0cmzELkcwAL2TYRF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fb7ff706da66d387cbce9c3321f180d6dfcb524f048cd3abf1c6f4dc7627557

Files

8fb7ff706da66d387cbce9c3321f180d6dfcb524f048cd3abf1c6f4dc7627557
.exe windows:5 windows x86 arch:x86

f95fcdc2a98b43486238a9b56969784c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\522597\out\QAUSE_Release\LiteUninstall.pdb

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
SwitchToThread
FormatMessageW
SetLastError
GetCurrentThreadId
RaiseException
InterlockedDecrement
InterlockedIncrement
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFindAtomW
CreateMutexW
GlobalDeleteAtom
GetLastError
GetCurrentProcessId
OpenProcess
GetLongPathNameW
FindResourceExW
FindResourceW
GetModuleFileNameW
LoadLibraryW
CreateEventW
SizeofResource
LoadResource
WaitForMultipleObjects
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
FreeLibrary
LockResource
ReadConsoleW
WriteConsoleW
GetFileAttributesExW
GetSystemDirectoryW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetModuleHandleW
GetProcessHeap
HeapSize
SetFilePointerEx
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapReAlloc
GetStringTypeW
GetFileType
GetCurrentThread
GetACP
GetModuleFileNameA
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
CreateFileW
GetPrivateProfileStringW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
LoadLibraryExW
lstrcmpiW
SetFilePointer
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapDestroy
InterlockedFlushSList
GetStdHandle
SetEndOfFile
GetTempPathW
GetVersion
GetCurrentProcess
GetFileSize
ReadFile
FindClose
GetTickCount
lstrlenW
CreateProcessW
GetStartupInfoW
GetTempFileNameW
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
FindNextFileW
MoveFileExW
GetVersionExW
GetFileSizeEx
GetLocalTime
Sleep
WritePrivateProfileStringW
RemoveDirectoryW
WriteFile
GetTempPathA
GetTempFileNameA
CreateFileA
DeleteFileA
GetWindowsDirectoryW
MoveFileW
TerminateProcess
GetExitCodeProcess
InterlockedExchange
InterlockedCompareExchange
DeviceIoControl
LocalAlloc
LocalFree
LocalFileTimeToFileTime
DosDateTimeToFileTime
OutputDebugStringW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeResource
GetSystemWindowsDirectoryW
lstrcmpA
lstrcmpiA
FlushFileBuffers
GetShortPathNameW
SetFileTime
CreateDirectoryW
SearchPathW
GetLogicalDriveStringsW
FindFirstChangeNotificationW
FindCloseChangeNotification
CompareFileTime
GetFileInformationByHandle
ResetEvent

user32

MapWindowPoints
GetWindowRect
GetClientRect
GetSystemMetrics
SetWindowPos
PostMessageW
GetWindowLongW
MonitorFromWindow
CallWindowProcW
PostQuitMessage
LoadCursorW
SetWindowLongW
MessageBoxW
CharNextW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
GetWindow
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
FindWindowExW
SetForegroundWindow
IsIconic
IsWindowVisible
ShowWindow
SendMessageW
UnregisterClassA
FindWindowW
wsprintfW
GetShellWindow
WaitForInputIdle
GetMonitorInfoW
IsDialogMessageW
UnregisterClassW
LoadImageW
CreateDialogParamW
GetParent
IsWindow

advapi32

OpenSCManagerW
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
DuplicateTokenEx
RegEnumValueW
RegQueryValueExW
GetUserNameW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
LockServiceDatabase
CryptSetKeyParam
OpenServiceW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceLockStatusW
QueryServiceStatus
QueryServiceStatusEx
StartServiceW
UnlockServiceDatabase
GetTokenInformation
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptContextAddRef

ole32

CoTaskMemAlloc
CoTaskMemFree
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoTaskMemRealloc

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysStringLen
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
VarUI4FromStr
SysFreeString
CreateErrorInfo
VariantCopy

shlwapi

SHGetValueW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathCombineW
PathFileExistsW
StrStrIA
StrStrIW
StrCmpIW
StrToIntExW
SHGetValueA
StrCmpNIW
PathIsPrefixW
PathFindExtensionW
PathIsRelativeW
PathRenameExtensionA
PathFindFileNameA
SHSetValueW
SHDeleteKeyW
AssocQueryStringW
SHSetValueA
StrTrimA
PathIsRootW

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

secur32

GetUserNameExW

setupapi

SetupIterateCabinetW

cabinet

ord22
ord20
ord23

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
ord165
ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW
SHGetPathFromIDListW
SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 738KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f95fcdc2a98b43486238a9b56969784c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

version

psapi

iphlpapi

wininet

urlmon

secur32

setupapi

cabinet

crypt32

wintrust

shell32

Sections

.text Size: 738KB - Virtual size: 737KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 19KB - Virtual size: 30KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 738KB - Virtual size: 737KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 19KB - Virtual size: 30KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 100KB - Virtual size: 100KB