9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5

Sharing

Copy URL

Twitter E-mail

General

Target

9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5
Size

1.4MB
MD5

325498b217d0b0ec66422357f0481dfa
SHA1

c85f1a5a0fec0d752525edc810ae2e96b6a5375c
SHA256

9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5
SHA512

41a00b502303d06fad9f86a94c74f8cd84984a6f91e1c100df96866c21d5ad071d1067623b8332a34dd57cb8c8802377b14cbe6013c189bb13f41394f8156e91
SSDEEP

24576:dO2uYj3kfi6KUjjcbnB7lY1SUkhYigJI1f+avnDKfydfqf0U3J:+s6FcbnDb4JI1f+sDKfydif0S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5

Files

9dff5488ebde401913d3fadf77a904719a97e8538990e9653a1f1a012d4ab9a5
.exe windows:5 windows x86 arch:x86

b7666bb02a632faf4b72cfbc4e642b58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\731798\out\Release\InstSoft.pdb

Imports

kernel32

lstrlenA
GlobalAlloc
FreeResource
LoadLibraryW
GetCurrentProcessId
DeviceIoControl
CreateFileW
SetFilePointer
ReadFile
InterlockedCompareExchange
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
FindResourceExW
LockResource
WaitForSingleObject
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
DeleteFileW
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
GetCurrentThread
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
ReleaseMutex
CloseHandle
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InitializeCriticalSection
GetLastError
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
Sleep
GetModuleFileNameW
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetModuleHandleW
VirtualAlloc
WriteFile
FlushFileBuffers
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
ExitProcess
RtlUnwind
CreateThread
GetTempPathW
OpenMutexW
CreateMutexW
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OutputDebugStringW
TlsSetValue
HeapUnlock
GetProcAddress
LCMapStringW
ExitThread
GetVersionExW
lstrcmpiA
lstrcmpA
WideCharToMultiByte
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
RaiseException

user32

ScreenToClient
GetCursorPos
CopyRect
SetWindowTextW
SendMessageW
IsDialogMessageW
MessageBoxW
GetActiveWindow
wsprintfW
BeginPaint
DispatchMessageW
TranslateMessage
EndPaint
SetTimer
PostQuitMessage
GetClientRect
MonitorFromWindow
ReleaseCapture
GetMessageW
SetCapture
GetCapture
IsWindow
PostMessageW
InvalidateRect
PtInRect
SetPropW
GetWindowRect
ReleaseDC
UnregisterClassA
GetDC
SetWindowLongW
GetWindowLongW
RemovePropW
GetPropW
CallWindowProcW
IsWindowVisible
MoveWindow
SetWindowPos
DefWindowProcW
CreateWindowExW
GetClassInfoExW
LoadCursorW
RegisterClassExW
SetCursor
SendMessageTimeoutW
FindWindowW
CreateDialogParamW
PeekMessageW
DestroyWindow
ShowWindow
CharNextW
LoadImageW
GetSystemMetrics
GetMonitorInfoW
KillTimer

gdi32

ExtTextOutW
CreateCompatibleBitmap
SetViewportOrgEx
DeleteDC
GetDeviceCaps
EnumFontsW
CreateDIBSection
CreateCompatibleDC
SelectObject
GetObjectW
DeleteObject
SetBkColor
BitBlt

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteExW
ShellExecuteW
ord165

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
VarUI4FromStr

shlwapi

PathFileExistsW
PathAppendW
SHGetValueW
SHSetValueW
SHDeleteValueW
UrlUnescapeW
PathCombineW
PathIsDirectoryW
StrToIntExW
SHGetValueA
SHSetValueA
StrTrimA
StrStrIW
PathRemoveExtensionW
PathFindFileNameW
StrCmpNIW
StrCmpIW

comctl32

_TrackMouseEvent

gdiplus

GdipSetStringFormatAlign
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDrawImageRect
GdiplusStartup
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAlloc
GdipFree
GdipCreateStringFormat
GdipDeleteStringFormat
GdipGraphicsClear
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDrawString
GdipMeasureString
GdipCreateFont
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipDeleteFont
GdiplusShutdown

wininet

InternetQueryOptionW
InternetConnectW
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetOpenW
InternetCloseHandle

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToCacheFileW

setupapi

SetupIterateCabinetW

netapi32

Netbios

Sections

.text
Size: 475KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

qbqir
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 860KB - Virtual size: 860KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7666bb02a632faf4b72cfbc4e642b58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

imm32

version

urlmon

setupapi

netapi32

Sections

.text Size: 475KB - Virtual size: 474KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 13KB - Virtual size: 24KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 17KB - Virtual size: 17KB

qbqir Size: 4KB - Virtual size: 4KB

Size: 860KB - Virtual size: 860KB

.text
Size: 475KB - Virtual size: 474KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 13KB - Virtual size: 24KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 17KB - Virtual size: 17KB

qbqir
Size: 4KB - Virtual size: 4KB