18113621ab15ef497d5569393c79695d185b36f6ce07a4b24a22dbc09c33929f

Sharing

Copy URL Twitter E-mail

General

Target

18113621ab15ef497d5569393c79695d185b36f6ce07a4b24a22dbc09c33929f
Size

1.5MB
MD5

78a608b6f39ba100893a438642a63401
SHA1

e81ec050e84a3226e4174c70ecc6ddcfc0ec254b
SHA256

18113621ab15ef497d5569393c79695d185b36f6ce07a4b24a22dbc09c33929f
SHA512

298a0f05970530684fd38fc1381ea5f01a12a9d432594bfaec2474d0e322c30a3eb5d210e6b5173da8e7832e654d6112f213364898d2f014be420823341c2d4d
SSDEEP

24576:WpotGwFDHLQyxWaNNaMT+LIOuIiyVt/eHWlMgEMVTvXy99ws9189+S9h:vxWaF+LcIzt/e2EKT699ws9189+0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18113621ab15ef497d5569393c79695d185b36f6ce07a4b24a22dbc09c33929f

Files

18113621ab15ef497d5569393c79695d185b36f6ce07a4b24a22dbc09c33929f
.exe windows:5 windows x86 arch:x86

43bdcf079f92a365e843e25ad35f900f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\700103\out\Release\MultiTip.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
OpenProcess
HeapFree
GetFileSize
MapViewOfFileEx
GetVersionExW
GetSystemInfo
GetWindowsDirectoryA
SystemTimeToFileTime
GetModuleHandleA
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ExpandEnvironmentStringsA
GlobalLock
GlobalUnlock
GetModuleFileNameA
CreateFileA
OutputDebugStringA
GetThreadLocale
SetThreadLocale
SetFilePointerEx
TerminateProcess
lstrcmpA
OpenThread
SuspendThread
ResumeThread
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemDirectoryA
MoveFileA
GetFileTime
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetSystemTimes
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcmpiA
LoadLibraryA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesW
FreeResource
BeginUpdateResourceA
UpdateResourceW
EndUpdateResourceW
LoadLibraryExA
FindResourceExA
GetTempPathW
GetNativeSystemInfo
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
PostQueuedCompletionStatus
GetQueuedCompletionStatus
FindNextFileW
GetCurrentThread
QueryPerformanceCounter
GetStartupInfoW
RemoveDirectoryA
DeleteFileA
CreateEventA
OpenEventA
OpenMutexW
ReleaseMutex
DuplicateHandle
SetThreadPriority
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
HeapCreate
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
CompareStringW
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetDateFormatA
GetTimeFormatA
ExitProcess
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
SetFileAttributesW
MoveFileExW
DeleteFileW
FindFirstFileW
GlobalFree
GlobalAlloc
DeviceIoControl
CreateProcessW
RemoveDirectoryW
ResetEvent
FindClose
CreateFileMappingW
SetEndOfFile
GetFileSizeEx
GetFileAttributesExW
GetTickCount
WideCharToMultiByte
GetCurrentProcess
InterlockedCompareExchange
SetEvent
InterlockedExchange
WaitForSingleObject
CreateEventW
LoadLibraryW
MulDiv
CopyFileW
GetCommandLineW
GetCurrentThreadId
SetErrorMode
Sleep
LoadLibraryExW
FlushViewOfFile
ExpandEnvironmentStringsW
GetLongPathNameW
GetTempFileNameW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateThread
FlushInstructionCache
SetLastError
lstrlenA
CreateDirectoryW
SetThreadAffinityMask
GetLocalTime
MultiByteToWideChar
RaiseException
lstrcmpiW
lstrlenW
ReadFile
InterlockedDecrement
InterlockedIncrement
CreateMutexW
GetLastError
GetCurrentProcessId
GetProcAddress
FreeLibrary
GetModuleHandleW
WriteFile
OutputDebugStringW
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
SetFilePointer
CreateFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
UpdateResourceA

user32

PeekMessageW
PostThreadMessageW
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SendMessageTimeoutW
WaitForInputIdle
FindWindowW
CharNextW
UnregisterClassA
GetWindowTextW
EnumWindows
CreateIconIndirect
LoadStringA
GetCursorInfo
SetCursorPos
ShowCursor
GetAsyncKeyState
mouse_event
TranslateMessage
DispatchMessageW
IsWindow
SendMessageW
MessageBoxW
IsWindowVisible
PostQuitMessage
SetTimer
GetLastInputInfo
GetCursorPos
GetWindowRect
PtInRect
PostMessageW
KillTimer
GetPropW
CallWindowProcW
DestroyIcon
MoveWindow
SetWindowPos
SetWindowLongW
GetWindowLongW
ShowWindow
LoadCursorW
GetWindowTextA
SetWindowTextW
SystemParametersInfoW
MapWindowPoints
GetClientRect
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetPropW
CopyRect
OffsetRect
ClientToScreen
GetWindowThreadProcessId
GetClassNameW
FindWindowExW
GetClassNameA
FindWindowA
IsChild
WindowFromPoint
MessageBoxA
SetForegroundWindow
SetActiveWindow
DestroyMenu
LoadImageW
GetSystemMetrics
UpdateLayeredWindow
MonitorFromPoint
AppendMenuW
ScreenToClient
BeginPaint
EndPaint
RegisterClassExW
GetClassInfoExW
CreateWindowExW
CreatePopupMenu
TrackPopupMenu
keybd_event
RegisterWindowMessageW
GetDlgItem
MsgWaitForMultipleObjects
GetMessageW

gdi32

DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetDeviceCaps
DeleteObject
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
SetBkColor
ExtTextOutW
DPtoLP
CreateBitmap

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

shell32

SHCreateDirectoryExW
ord165
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetSpecialFolderPathA
SHCreateDirectoryExA
SHGetFolderPathW

ole32

PropVariantClear
CoLoadLibrary
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysAllocString
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

shlwapi

SHGetValueA
PathAppendA
StrCmpNIA
StrRStrIA
StrStrIA
PathFindFileNameA
PathRemoveExtensionA
PathIsDirectoryA
StrFormatByteSizeA
PathAddBackslashA
ord12
StrStrA
PathIsRelativeA
ord176
PathFindFileNameW
PathCombineW
PathAppendW
PathFileExistsW
PathAddBackslashW
StrCmpNIW
SHGetValueW
StrStrIW
StrCmpIW
PathRemoveFileSpecW
SHSetValueW
StrCpyNW
PathFileExistsA
PathRemoveFileSpecA
StrRChrW
StrRStrIW
StrToInt64ExA
SHStrDupW
PathFindExtensionW
PathIsRelativeW
PathCanonicalizeW
PathIsRootW
PathIsDirectoryW
PathRemoveBackslashW
PathIsPrefixW
SHSetValueA

gdiplus

GdiplusStartup
GdiplusShutdown
GdipFree
GdipDisposeImage
GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipSaveImageToFile
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImagePointRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBitmapAreaI
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipImageRotateFlip
GdipCloneImage
GdipGetImagePixelFormat

comctl32

InitCommonControlsEx

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CertGetNameStringW
CryptStringToBinaryW

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

mixerGetLineInfoW
mixerGetLineControlsW
mixerGetNumDevs
mixerGetControlDetailsW
mixerSetControlDetails
mixerOpen

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

setupapi

SetupIterateCabinetW

netapi32

Netbios

psapi

GetModuleFileNameExW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43bdcf079f92a365e843e25ad35f900f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

comctl32

crypt32

imm32

version

winmm

wintrust

setupapi

netapi32

psapi

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 229KB - Virtual size: 229KB

.data Size: 28KB - Virtual size: 44KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 136KB - Virtual size: 136KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 229KB - Virtual size: 229KB

.data
Size: 28KB - Virtual size: 44KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 136KB - Virtual size: 136KB