54ccaaadc99a5481e6aeef3e603f9763955c018485fd117600082d7a7b509e51

Sharing

Copy URL Twitter E-mail

General

Target

54ccaaadc99a5481e6aeef3e603f9763955c018485fd117600082d7a7b509e51
Size

1.9MB
MD5

491e89664971d0b7a9a839c9163e13af
SHA1

57151c357ca37d6c295ede2ddbad2e47d013c4b9
SHA256

54ccaaadc99a5481e6aeef3e603f9763955c018485fd117600082d7a7b509e51
SHA512

8c6f0efff40541e4734c690f0ec657d86d1ff5db199a8137103ee1e7cd1ecce593e806d07e375dd1a9a635685abe2e616928ebb6e23239dec330cf853b12b74b
SSDEEP

49152:y0HjwHX5t1uU7BfxHzcj66PUmWEFsPwHTHT5EFTp:i3kUKFsPwup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54ccaaadc99a5481e6aeef3e603f9763955c018485fd117600082d7a7b509e51

Files

54ccaaadc99a5481e6aeef3e603f9763955c018485fd117600082d7a7b509e51
.exe windows:5 windows x86 arch:x86

f08ad014fe7b25895b306dab4e9587c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\706766\out\Release\360EntDT.pdb

Imports

kernel32

GlobalFree
ProcessIdToSessionId
SetEnvironmentVariableW
lstrlenW
ReleaseSemaphore
GetCurrentThreadId
MulDiv
CopyFileW
WritePrivateProfileStringW
GlobalLock
GlobalUnlock
FlushInstructionCache
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
lstrcmpiW
SetErrorMode
SetEvent
CreateEventW
OutputDebugStringW
LocalFree
GetFileSizeEx
SetEndOfFile
WriteFile
CreateMutexW
OpenMutexW
WritePrivateProfileSectionW
SetFileAttributesW
GetPrivateProfileIntW
GetLocalTime
GetModuleHandleA
GetACP
FormatMessageW
DeleteFileA
CreateFileA
DeviceIoControl
OpenEventW
AreFileApisANSI
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
SetFilePointer
ReadFile
GetCurrentProcess
GetTickCount
GetFullPathNameW
GetModuleHandleExW
ExitProcess
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
GetCurrentThread
InterlockedFlushSList
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GlobalAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OpenThread
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
GetStringTypeW
LCMapStringW
CompareStringW
GetLocaleInfoW
QueryPerformanceFrequency
QueryPerformanceCounter
TryEnterCriticalSection
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
DecodePointer
GetSystemDirectoryW
ExpandEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetCurrentDirectoryW
GetLongPathNameW
OpenProcess
LoadLibraryExW
GetCurrentProcessId
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
GetLastError
MoveFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetStartupInfoW
CloseHandle
LoadLibraryW
GetPrivateProfileStringW
GetVersionExW
GetVersion
GetModuleHandleW
Sleep
InitializeCriticalSection
DeleteCriticalSection
DeleteFileW
CreateDirectoryW
GetModuleFileNameW
EnterCriticalSection
GetProcAddress
FreeLibrary
LeaveCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
EncodePointer
IsDebuggerPresent
SetLastError
MultiByteToWideChar
HeapSize
HeapDestroy
lstrlenA
TerminateProcess
WideCharToMultiByte
QueryDepthSList
PeekNamedPipe

user32

BringWindowToTop
CopyRect
MoveWindow
OffsetRect
ShowWindow
PostMessageW
SetTimer
GetWindow
OpenClipboard
GetClipboardData
CloseClipboard
IsWindowVisible
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
DisableProcessWindowsGhosting
GetWindowRect
GetParent
KillTimer
EnableWindow
LoadImageW
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowTextW
GetSystemMetrics
SendMessageW
PostQuitMessage
UnregisterClassW
DialogBoxParamW
SetWindowLongW
DestroyWindow
DefWindowProcW
CallWindowProcW
GetUserObjectSecurity
SetUserObjectSecurity
CharNextW
FindWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterWindowMessageW
WaitForInputIdle
FindWindowA
IsWindowEnabled
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
IsIconic
SetForegroundWindow
EndDialog
GetClassInfoW
RegisterClassW
InflateRect
ReleaseDC
GetDC
IsCharAlphaNumericW
GetWindowThreadProcessId
MessageBoxW
GetActiveWindow
SendMessageTimeoutW
IsWindow
GetKeyState
FindWindowW

gdi32

DeleteDC
GetDeviceCaps
SelectObject
GetTextExtentPoint32W

advapi32

AddAce
ImpersonateSelf
SystemFunction036
RegQueryValueExA
RegCloseKey
QueryServiceStatus
StartServiceW
CloseServiceHandle
ControlService
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
FreeSid
AllocateAndInitializeSid
EqualSid
LookupAccountNameW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
AddAccessAllowedAce
RevertToSelf
GetAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
GetLengthSid
IsValidSid
GetUserNameW
LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
RegEnumKeyExW
OpenThreadToken
RegOpenKeyExW
RegQueryValueExW

shell32

SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

SetErrorInfo
VariantChangeType
GetErrorInfo
SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
DispCallFunc
VarUI4FromStr
CreateErrorInfo

shlwapi

SHDeleteKeyW
PathIsDirectoryEmptyW
PathIsDirectoryW
StrStrIA
PathFileExistsA
SHGetValueW
ord158
StrToIntW
StrCmpNIW
SHDeleteValueW
SHSetValueW
PathFindFileNameW
PathCombineW
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW
StrStrNIW
PathFileExistsW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ntdll

NtSetInformationFile
NtCreateFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlDetermineDosPathNameType_U
RtlNtStatusToDosError
RtlCaptureStackBackTrace
RtlAdjustPrivilege
NtClose
RtlDllShutdownInProgress

setupapi

SetupIterateCabinetW

psapi

GetModuleFileNameExW

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

WSAStartup
socket
WSAGetLastError
inet_addr
closesocket
connect
bind
htons

secur32

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

imm32

ImmDisableIME

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW
CryptStringToBinaryA
CryptBinaryToStringA

msvcrt

memmove
_CxxThrowException
__uncaught_exception
_wfsopen
_fsopen
setlocale
isspace
tolower
memchr
realloc
_CIpow
_Getdays
_Getmonths
_Gettnames
_Strftime
strncmp
_atoi64
_mbsstr
rand
clock
_gmtime64
_localtime64
_strdup
_amsg_exit
__getmainargs
__wgetmainargs
_environ
_wenviron
__setusermatherr
_initterm
__p__commode
_CIexp
_CIsqrt
fgetc
__CxxFrameHandler
__DestructExceptionObject
?raw_name@type_info@@QBEPBDXZ
iswctype
_itow
_ltow
_ultow
_i64tow
_ui64tow
_wsplitpath
_wsearchenv
__doserrno
_itoa
_ltoa
_ultoa
_i64toa
_ui64toa
_ecvt
_fcvt
_gcvt
_splitpath
_searchenv
_controlfp
_control87
_wmktemp
_chsize
_mktemp
_wstrtime
_strtime
tmpfile
_cgets
_cgetws
_XcptFilter
_pwctype
__lc_collate_cp
_wgetenv
_wputenv
atof
getenv
_putenv
getwc
_wfreopen
_wtmpnam
__wcserror
_strerror
_wasctime
_wctime64
asctime
_ctime64
_mktime64
_waccess
_wfindfirst64
_wfindnext64
_wsopen
_access
fclose
frexp
_findnext64
_lseeki64
_sopen
clearerr
fopen
freopen
getc
tmpnam
_fstat64
_ftime64
_lock
_unlock
_assert
_iob
_daylight
_dstbias
_timezone
_tzname
_sys_errlist
_sys_nerr
strtol
_wcsupr
_wcslwr
_getdrive
_beginthread
__p___argc
__p___wargv
malloc
_beginthreadex
free
??_U@YAPAXI@Z
_strlwr
_msize
__set_app_type
_ismbblead
_acmdln
_wcmdln
_fmode
mbtowc
wctomb
strrchr
_isatty
_fileno
_isctype
_CIlog10
ceil
_clearfp
?terminate@@YAXXZ
_wctime
ctime
gmtime
localtime
_ftime
wcsncmp
wcsrchr
fread
??2@YAPAXI@Z
wcsncpy
iswspace
_wcsicmp
_wtoi
wcschr
wcsstr
atoi
??_V@YAXPAX@Z
_wcsnicmp
_time64
??3@YAXPAX@Z
memset
memcpy
memcmp
___lc_codepage_func
___lc_handle_func
__crtLCMapStringA
__crtCompareStringA
calloc
_errno
___mb_cur_max_func
islower
isupper
towlower
towupper
__pctype_func
_wfullpath
fputc
fwrite
fputwc
ldexp
localeconv
??0exception@@QAE@XZ
strcspn
strtod
strpbrk
abort
modf
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
ftell
fseek
_wfopen
strchr
fgetpos
fsetpos
setvbuf
_findfirst64
wcspbrk
ungetwc
fflush
wcstol
_umask
ungetc
_wcstoui64
_strtoui64
__RTDynamicCast

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f08ad014fe7b25895b306dab4e9587c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

ntdll

setupapi

psapi

wtsapi32

userenv

ws2_32

secur32

imm32

wintrust

crypt32

msvcrt

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 223KB - Virtual size: 223KB

.data Size: 20KB - Virtual size: 282KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 134KB - Virtual size: 136KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 223KB - Virtual size: 223KB

.data
Size: 20KB - Virtual size: 282KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 134KB - Virtual size: 136KB