bb12f4ffde4e55e64dc1c05eb440e6b924603d27f62956f6156f5782c8f91fb8

Sharing

Copy URL

Twitter E-mail

General

Target

bb12f4ffde4e55e64dc1c05eb440e6b924603d27f62956f6156f5782c8f91fb8
Size

1.5MB
MD5

25e09e3e7eee48003d8b0264ca8795dd
SHA1

13282d010b06c23cf550bc79655af5891ebb92d1
SHA256

bb12f4ffde4e55e64dc1c05eb440e6b924603d27f62956f6156f5782c8f91fb8
SHA512

53ec6025f36a34a16691d27fbf83ae71507e1cb524f3be4f28a35c3383a5da001718bf33acc2aba4f21d278978256edb5db87fd9d4c5599351e63328b3a1e26e
SSDEEP

12288:xI63GTduSZpUdxB30GHrVxGnXQSaWt+DNISOgv3isiyWcEw:O63GTduSZpUR0GHrVQ1aW4mSOgv3isi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb12f4ffde4e55e64dc1c05eb440e6b924603d27f62956f6156f5782c8f91fb8

Files

bb12f4ffde4e55e64dc1c05eb440e6b924603d27f62956f6156f5782c8f91fb8
.exe windows:6 windows x86 arch:x86

9d6fe33e66d3c007ab8473651138b3e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\ob\bora-20800274\bora\build\build\vmware-tray\release\win32\vmware-tray.pdb

Imports

kernel32

GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
MultiByteToWideChar
OutputDebugStringW
WaitNamedPipeW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
CreateThread
TerminateThread
LoadLibraryW
LocalFree
FormatMessageW
GetModuleFileNameW
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
GetCurrentThreadId
CreateMutexW
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapFree
LoadLibraryExA
HeapAlloc
GetModuleHandleW
SetLastError
GetLastError
RaiseException
CloseHandle
WideCharToMultiByte
DecodePointer

user32

SetMenuItemInfoW
SetMenuDefaultItem
SetForegroundWindow
GetCursorPos
GetWindowLongW
DrawIconEx
InsertMenuItemW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetMenuItemInfoW
SetWindowLongW
FindWindowW
LoadCursorW
ChangeWindowMessageFilter
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
TrackPopupMenu
AppendMenuW
DeleteMenu
RegisterWindowMessageW
PostMessageW
CharNextW
UnregisterClassW
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
SetTimer
KillTimer
GetSystemMetrics
LoadMenuW
CreatePopupMenu
DestroyMenu
DestroyIcon
GetSubMenu
GetMenuItemCount

gdi32

CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetObjectW
CreateCompatibleDC

comctl32

ord381

vmwarestring

??0string@utf@@QAE@PBD@Z
??1string@utf@@QAE@XZ

msvcp140

?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_errno
exit
_controlfp_s
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_initterm_e
__p___argc
__p___wargv
_invalid_parameter_noinfo_noreturn
terminate
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_exit

api-ms-win-crt-string-l1-1-0

wcsncpy
wcsncpy_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
_callnewh
_recalloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vswprintf
_set_fmode
__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

vcruntime140

memset
__std_exception_copy
memmove
memcpy
_except_handler4_common
__current_exception_context
__CxxFrameHandler3
__current_exception
_CxxThrowException
wcsstr
__std_exception_destroy

advapi32

RegDeleteKeyW
RegQueryValueExW
RegNotifyChangeKeyValue
RegEnumValueW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

shell32

Shell_NotifyIconW

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW

gdiplus

GdiplusShutdown

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d6fe33e66d3c007ab8473651138b3e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comctl32

vmwarestring

msvcp140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

vcruntime140

advapi32

ole32

shell32

oleaut32

shlwapi

gdiplus

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 1.4MB - Virtual size: 2.3MB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 1.4MB - Virtual size: 2.3MB