fa6f749ec64dcfde743445bf387a1a92cdbc7836cbe8de78334aeb60115cc954

Sharing

Copy URL Twitter E-mail

General

Target

fa6f749ec64dcfde743445bf387a1a92cdbc7836cbe8de78334aeb60115cc954
Size

395KB
MD5

736afaac65f186839979f6b5d7c50888
SHA1

3d85267a2c15e1a239dfd1e1caef772dcd05b4e7
SHA256

fa6f749ec64dcfde743445bf387a1a92cdbc7836cbe8de78334aeb60115cc954
SHA512

02443275704e66169f50c26cd0a9be02b3fa54c6c37287297485b5ee987b907db2a9b11c4a0f5d2922b8fbba1580ecacbf148591cde644dbbf967a485f74a336
SSDEEP

6144:cx2SVwmNousVNVfVr48EPzLu06g6bABwGYjYs+Be2eAKfde6MpENC9n:jSVwXV7fVr48ErK06gib7jEeBxdeoA9n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa6f749ec64dcfde743445bf387a1a92cdbc7836cbe8de78334aeb60115cc954

Files

fa6f749ec64dcfde743445bf387a1a92cdbc7836cbe8de78334aeb60115cc954
.exe windows:5 windows x86 arch:x86

1e215e2f2796926cc9003349832cfb81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\697520\out\Release\NetmSkin.pdb

Imports

kernel32

MultiByteToWideChar
CloseHandle
WaitForSingleObject
OpenEventW
GetVersionExW
CreateMutexW
SystemTimeToFileTime
GetLocalTime
WritePrivateProfileStringW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetCurrentProcessId
GetTickCount
CreateEventW
SetEvent
CreateThread
GetModuleHandleW
GetSystemWindowsDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
Sleep
InterlockedCompareExchange
GetSystemDirectoryW
DeviceIoControl
CreateFileW
lstrcmpiW
GetFileSizeEx
GetCommandLineW
InitializeCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
SetLastError
GetStringTypeA
LCMapStringA
SetFilePointer
QueryPerformanceCounter
GetStartupInfoA
WideCharToMultiByte
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
LCMapStringW
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitThread
ExitProcess
RtlUnwind
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
ReadFile
WriteFile
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
RemoveDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
DeleteFileW
FreeLibrary
GetProcAddress
LoadLibraryW
SetCurrentDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringW
DebugBreak
lstrlenA
RaiseException
InterlockedIncrement
lstrlenW
InterlockedDecrement
LeaveCriticalSection
GetProcessHeap
HeapFree
MulDiv
lstrcmpW
GetFileType
GetLastError
EnterCriticalSection
GetStringTypeW

user32

IsWindowVisible
SetWindowPos
MoveWindow
KillTimer
SetFocus
GetParent
IsWindow
SetWindowLongW
LoadStringW
GetFocus
SetActiveWindow
GetActiveWindow
EnumChildWindows
CharNextW
ShowWindow
ReleaseDC
GetDC
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
DestroyWindow
GetSysColor
CreateDialogParamW
GetClientRect
ClientToScreen
ScreenToClient
InvalidateRect
InvalidateRgn
PostMessageW
SendMessageW
UnregisterClassA
GetWindowLongW
SetTimer
SendMessageTimeoutW
LoadImageW
DisableProcessWindowsGhosting
SystemParametersInfoW
GetClassInfoW
RegisterClassW
UpdateWindow
PostQuitMessage
wsprintfW
GetSystemMetrics
IsIconic
BringWindowToTop
SetForegroundWindow
FindWindowW
CharLowerW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
MessageBoxW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow

gdi32

CreateSolidBrush
GetStockObject
GetObjectW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC

advapi32

RegQueryInfoKeyW
RegCloseKey
OpenProcessToken
GetTokenInformation
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA

shell32

ShellExecuteExW
ShellExecuteW

ole32

OleLockRunning
StringFromGUID2
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoSetProxyBlanket
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance

oleaut32

SafeArrayCreate
VariantChangeType
DispCallFunc
SafeArrayAccessData
SafeArrayUnaccessData
VarUI4FromStr
SafeArrayGetLBound
SysFreeString
SysAllocString
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayGetUBound

shlwapi

StrStrIW
PathRemoveExtensionW
PathFileExistsW
PathCombineW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW
PathFindFileNameW

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

imm32

ImmDisableIME

gdiplus

GdiplusStartup
GdiplusShutdown

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e215e2f2796926cc9003349832cfb81

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

imm32

gdiplus

wintrust

crypt32

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 15KB - Virtual size: 29KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 92KB - Virtual size: 96KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 15KB - Virtual size: 29KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 92KB - Virtual size: 96KB