vsdagent[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vsdagent.exe
Size

52KB
MD5

dedf3f8a9200a3d5ea8961ff9fd83ca5
SHA1

65333ff29bfd9311bf6cea3e5f5dd480287dad0d
SHA256

0580de050594bf8207e105c7423f378d00e0bf01e6b301364fbfcd5ddf43ce3a
SHA512

5e461399945498c18702201b3c85e9abdd142c44e79f511f8ce5860e7fbfbf29b7c13c57c106b3c64032d3a3709115277f119f9927491a7cce66f871829eeeaa
SSDEEP

768:5CtlikqOgCNM0/lDa4x/Ud6XgJdRtFRf3MmoiB+Mh1MI3Op1lVh:QlJqM209J/I6XKbRf3bB+dI+p1l

Score

1^/10

Malware Config

Signatures

Files

vsdagent.exe
.exe windows:4 windows x86 arch:x86

b2d73ceb11993ad9a46cc15e048a718f

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

03/08/2023, 12:00

Subject

CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/08/2020, 00:00

Not After

03/08/2023, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:0f:02:9a:50:ac:b0:58:64:6b:3c:64:67:25:e5:4d:7d:3a:78:16:0b:c7:df:b8:cf:f4:6f:9c:5b:2b:ec:47
Signer

Actual PE Digest

8a:0f:02:9a:50:ac:b0:58:64:6b:3c:64:67:25:e5:4d:7d:3a:78:16:0b:c7:df:b8:cf:f4:6f:9c:5b:2b:ec:47

Digest Algorithm

sha256

PE Digest Matches

true

75:a7:15:66:97:ef:63:15:a6:b0:3a:d4:03:8d:be:9e:df:7a:3f:e9
Signer

Actual PE Digest

75:a7:15:66:97:ef:63:15:a6:b0:3a:d4:03:8d:be:9e:df:7a:3f:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Module32First
LocalFree
TerminateProcess
GetModuleHandleW
VirtualQuery
GetEnvironmentVariableA
HeapFree
HeapAlloc
Module32Next
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
GetSystemWindowsDirectoryA
GetCurrentProcessId
CopyFileW
GetCurrentThread
CreateProcessA
LoadLibraryA
ProcessIdToSessionId
GetExitCodeProcess
FreeLibrary
GetStartupInfoA
Process32FirstW
Process32NextW
OpenProcess
GetLogicalDriveStringsA
QueryDosDeviceA
GetLastError
CreateToolhelp32Snapshot
Sleep
Process32First
lstrcmpiA
Process32Next
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetVersionExA
GetLocalTime
OutputDebugStringA
CreateFileA
SetFilePointer
SetEndOfFile
WriteFile
CloseHandle
CopyFileA
DeleteFileA
GetCommandLineW
GetProcessHeap

user32

GetWindowTextA
GetClassNameA
CloseClipboard
EmptyClipboard
PostMessageA
OpenClipboard
EnumWindows
GetWindowThreadProcessId
ExitWindowsEx
CreateDesktopA
CloseDesktop
SetUserObjectInformationA
GetThreadDesktop
SendMessageTimeoutA
EnumDesktopWindows
OpenDesktopA
SwitchDesktop
GetUserObjectInformationA
OpenInputDesktop

advapi32

RegCloseKey
AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
LookupAccountSidA
ConvertSidToStringSidA
LookupAccountNameA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegEnumKeyExA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegDeleteValueA
LookupPrivilegeValueA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
CommandLineToArgvW
ShellExecuteA
SHGetFileInfoA

ole32

CoCreateInstance
OleUninitialize
OleInitialize

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

iphlpapi

GetTcpTable
SetTcpEntry

shlwapi

StrTrimA

msvcrt

strstr
malloc
free
__CxxFrameHandler
iscntrl
??2@YAPAXI@Z
_snprintf
_vsnprintf
strchr
strrchr
wcscat
wcscpy
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_strnicmp
_except_handler3
_controlfp
_wcsicmp
strncat
strncpy
wcscmp
wcslen
atoi

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2d73ceb11993ad9a46cc15e048a718f

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

8a:0f:02:9a:50:ac:b0:58:64:6b:3c:64:67:25:e5:4d:7d:3a:78:16:0b:c7:df:b8:cf:f4:6f:9c:5b:2b:ec:47Signer

75:a7:15:66:97:ef:63:15:a6:b0:3a:d4:03:8d:be:9e:df:7a:3f:e9Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp60

psapi

iphlpapi

shlwapi

msvcrt

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

8a:0f:02:9a:50:ac:b0:58:64:6b:3c:64:67:25:e5:4d:7d:3a:78:16:0b:c7:df:b8:cf:f4:6f:9c:5b:2b:ec:47
Signer

75:a7:15:66:97:ef:63:15:a6:b0:3a:d4:03:8d:be:9e:df:7a:3f:e9
Signer

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB