d2f21055f803149fee1f663301ea5dfc99a86ebae62939a3b8b0d46031cf6295

Sharing

Copy URL Twitter E-mail

General

Target

d2f21055f803149fee1f663301ea5dfc99a86ebae62939a3b8b0d46031cf6295
Size

2.4MB
MD5

81aa294db77b0d846fb187e6b3623384
SHA1

66eda4ac623eb1a7b9fc283336eb07094d6066a2
SHA256

d2f21055f803149fee1f663301ea5dfc99a86ebae62939a3b8b0d46031cf6295
SHA512

3e89d03ef8b4b731488c17fd654a59bc73035c73bb1215e6f8ec141a838d16d206951218c63ad4d37c30556529762a6aac6e60072b7779f82af2262957021da9
SSDEEP

49152:hJME8vrnAAlgYNrqIwsmglrjZjX2wGi9m3ZmI7VQ7YvynOdVhcNDDtckl3ylRVjb:TMEUoj9GnNOV28N5T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2f21055f803149fee1f663301ea5dfc99a86ebae62939a3b8b0d46031cf6295

Files

d2f21055f803149fee1f663301ea5dfc99a86ebae62939a3b8b0d46031cf6295
.exe windows:5 windows x86 arch:x86

1329ee2f4cb25dbf563eba83bebddfd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\686432\out\Release\DesktopPlus.pdb

Imports

kernel32

CreateToolhelp32Snapshot
lstrcmpA
OpenThread
Thread32Next
Thread32First
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
GetTempPathW
SetThreadLocale
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
VirtualFree
VirtualAlloc
VirtualQuery
HeapReAlloc
VirtualProtect
InterlockedExchange
HeapCreate
HeapDestroy
GetLocalTime
GetTempFileNameW
OutputDebugStringW
GetDateFormatW
GetDiskFreeSpaceW
LocalFileTimeToFileTime
GlobalSize
FlushFileBuffers
GetTimeFormatW
LCMapStringW
CompareStringW
UnlockFileEx
UnlockFile
QueryPerformanceCounter
LockFileEx
LockFile
HeapValidate
HeapSize
GetVersionExA
GetSystemTimeAsFileTime
GetSystemTime
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageA
DeleteFileA
CreateFileMappingA
CreateFileA
AreFileApisANSI
lstrcmpiA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
IsValidCodePage
GetOEMCP
CompareStringA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetCPInfo
LCMapStringA
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
GetLocaleInfoA
IsProcessorFeaturePresent
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
SetFilePointerEx
GetFullPathNameW
CreateSemaphoreW
ReleaseSemaphore
SetErrorMode
MapViewOfFile
InterlockedCompareExchange
lstrlenA
lstrcpyW
GetACP
GetCurrentProcessId
DeviceIoControl
LocalAlloc
WideCharToMultiByte
SetFileTime
WaitForMultipleObjects
CreateIoCompletionPort
GetQueuedCompletionStatus
ReadDirectoryChangesW
PostQueuedCompletionStatus
CancelIo
CopyFileW
GetFileAttributesW
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
GetFileSizeEx
CreateEventW
lstrcmpW
LoadLibraryA
FindFirstFileW
FindNextFileW
FindClose
CreateProcessW
CreateDirectoryW
WriteFile
SetFileAttributesW
WritePrivateProfileStringW
GetLongPathNameW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
FormatMessageW
GetWindowsDirectoryW
LocalFree
DeleteFileW
ExpandEnvironmentStringsW
GlobalFree
RaiseException
GlobalAlloc
GetVersionExW
GetVersion
GlobalLock
GlobalUnlock
GetTickCount
GetPrivateProfileIntW
SetFilePointer
SetCurrentDirectoryW
CreateFileW
GetFileSize
ReadFile
GetPrivateProfileStringW
GetCommandLineW
CreateThread
SetEvent
TerminateProcess
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetCurrentThreadId
FreeLibrary
GetSystemDirectoryW
GetModuleHandleW
MulDiv
GetModuleHandleA
GetProcAddress
GetSystemInfo
LoadLibraryW
GetCurrentProcess
FlushInstructionCache
WaitForSingleObject
Sleep
CloseHandle
CreateMutexW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTempPathA

user32

FindWindowExW
CopyRect
IntersectRect
GetSysColor
UnhookWinEvent
SetParent
PostThreadMessageW
SetWindowLongW
UnregisterClassA
GetClassInfoExW
LoadCursorW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
ReleaseDC
GetDC
CharNextW
CreateWindowExW
RegisterClassExW
FindWindowW
RegisterWindowMessageW
SendMessageTimeoutW
IsWindow
RegisterClipboardFormatW
CloseClipboard
EmptyClipboard
GetTopWindow
SetWinEventHook
GetSystemMetrics
GetMenuItemID
InsertMenuW
InsertMenuItemW
DestroyIcon
CopyIcon
LoadImageW
IsRectEmpty
InflateRect
UpdateWindow
ReleaseCapture
UnionRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsZoomed
ClientToScreen
ScreenToClient
SetCapture
SetFocus
MessageBoxW
BeginPaint
EndPaint
InvalidateRgn
RedrawWindow
IsChild
GetClassNameW
FillRect
DestroyAcceleratorTable
GetFocus
CreateAcceleratorTableW
ClipCursor
SetCursor
TrackPopupMenu
GetDoubleClickTime
GetClipCursor
GetAsyncKeyState
GetIconInfo
PrivateExtractIconsW
GetWindowThreadProcessId
wsprintfW
IsWindowEnabled
GetCursor
DrawIconEx
EnumWindows
CharLowerW
EnumDisplayMonitors
UnregisterHotKey
RegisterHotKey
GetDlgCtrlID
GetKeyNameTextW
MapVirtualKeyW
SetRect
BringWindowToTop
LockWorkStation
SwitchToThisWindow
SetForegroundWindow
IsIconic
SystemParametersInfoW
LoadIconW
GetDlgItem
PostQuitMessage
SetClipboardViewer
ChangeClipboardChain
InvalidateRect
MoveWindow
SendMessageW
GetWindowPlacement
SetClassLongW
OpenClipboard
SetClipboardData
GetClipboardData
IsClipboardFormatAvailable
SetRectEmpty
OffsetRect
GetWindowLongW
SetWindowPos
ShowWindow
IsWindowVisible
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
GetCursorPos
DestroyMenu
DrawTextW
PtInRect
PostMessageW
SetTimer
KillTimer
CallWindowProcW
GetActiveWindow
UpdateLayeredWindow
GetDesktopWindow
SetMenuItemBitmaps
GetMenuItemCount
SetMenuItemInfoW
GetClassLongW
GetMessagePos
AppendMenuW
CreatePopupMenu
DeleteMenu
GetMenuItemInfoW
GetMenuStringW
EnableWindow
DefWindowProcW
EnableMenuItem
GetKeyState
WindowFromPoint
EqualRect

gdi32

GetRgnBox
CreatePolygonRgn
CreateEllipticRgn
CreateRectRgnIndirect
CreateRectRgn
CreateSolidBrush
FillRgn
SetViewportOrgEx
GetViewportOrgEx
SelectClipRgn
SetStretchBltMode
StretchBlt
CreateDIBSection
GetDeviceCaps
CreateFontIndirectW
GetObjectW
CreateDCW
PatBlt
SelectObject
GetObjectA
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetStockObject
ExtTextOutW
SetBkColor
BitBlt
CreateFontW
GetObjectType
EnumFontFamiliesW
GetPixel
GetTextMetricsW
GetClipRgn
CombineRgn
PtInRegion
GetTextExtentPoint32W
DeleteDC
GetDIBits
SetBkMode
GdiAlphaBlend
SetTextColor

comdlg32

GetFileTitleW

advapi32

RegCreateKeyExW
RegEnumKeyExA
CreateWellKnownSid
CheckTokenMembership
GetTokenInformation
OpenProcessToken
DuplicateToken
RegNotifyChangeKeyValue
RegEnumValueW
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExA

shell32

ShellExecuteW
ord165
SHGetFolderPathW
ord152
SHGetSpecialFolderPathW
SHGetFolderLocation
ord18
SHBindToParent
SHParseDisplayName
SHGetDesktopFolder
ord2
ShellExecuteExW
ExtractIconExW
ord727
SHGetFileInfoW
SHFreeNameMappings
SHFileOperationW
ord680
ord4
DragQueryFileW
ord155

ole32

StgCreateStorageEx
OleDuplicateData
CoInitializeEx
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
DoDragDrop
OleGetClipboard
ReleaseStgMedium
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoLockObjectExternal

oleaut32

VariantChangeType
VariantTimeToSystemTime
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysStringLen
DispCallFunc
VariantClear
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarUI4FromStr

shlwapi

PathFileExistsW
PathAppendW
PathFindFileNameW
SHGetValueW
StrCmpIW
StrStrIW
SHDeleteValueW
PathGetArgsW
PathRemoveArgsW
StrCpyNW
PathFindExtensionW
ord487
PathUnquoteSpacesW
PathIsRootW
PathIsDirectoryW
PathAddBackslashW
PathIsSameRootW
PathRemoveBackslashW
SHSetValueW
PathCombineW
ord176
PathRenameExtensionW
PathStripPathW
StrRetToBufW
SHGetValueA
SHSetValueA
ord437
PathCompactPathW
ColorHLSToRGB
ColorRGBToHLS
PathRemoveFileSpecW

comctl32

_TrackMouseEvent
ord410
ord412
ord413
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipDeletePrivateFontCollection
GdipPrivateAddMemoryFont
GdipBitmapSetPixel
GdipCreateLineBrushFromRect
GdipSetPenWidth
GdipSetPenDashStyle
GdipSetPenDashOffset
GdipAddPathEllipseI
GdipCreatePathGradientFromPath
GdipGetPixelOffsetMode
GdipDrawLine
GdipDrawRectangleI
GdipDrawEllipseI
GdipFillRectangle
GdipDrawImageRectI
GdipSetClipRectI
GdipResetClip
GdipNewPrivateFontCollection
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipSetPathGradientCenterColor
GdipDrawLineI
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipSetPathGradientSurroundColorsWithCount
GdipCloneFontFamily
GdipGetPathGradientPointCount
GdipCreateFromHWND
GdipSetStringFormatTrimming
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreatePen2
GdipSetLinePresetBlend
GdipFillPath
GdipDrawPath
GdipGetSmoothingMode
GdipResetPath
GdipFillRectangleI
GdipDrawRectangle
GdipSetSmoothingMode
GdipSetPenColor
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectI
GdipDeletePath
GdipCreatePath
GdipCreateFont
GdiplusShutdown
GdiplusStartup
GdipCreateImageAttributes
GdipAddPathRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipSetSolidFillColor
GdipCloneImage
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipCreateSolidFill
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRect
GdipMeasureString
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetImageAttributesColorMatrix
GdipGetImageHeight
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDisposeImageAttributes
GdipGetImageWidth

winmm

timeEndPeriod
timeBeginPeriod
timeSetEvent
PlaySoundW
timeKillEvent

crypt32

CryptStringToBinaryA

msi

ord217
ord173

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 61KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 178KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1329ee2f4cb25dbf563eba83bebddfd3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

winmm

crypt32

msi

version

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 241KB - Virtual size: 240KB

.data Size: 61KB - Virtual size: 88KB

.rsrc Size: 282KB - Virtual size: 281KB

.reloc Size: 178KB - Virtual size: 180KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 241KB - Virtual size: 240KB

.data
Size: 61KB - Virtual size: 88KB

.rsrc
Size: 282KB - Virtual size: 281KB

.reloc
Size: 178KB - Virtual size: 180KB