vnetlib64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

vnetlib64.exe
Size

1.2MB
MD5

820f44ca4caada02537551fbe576df60
SHA1

f34d37293bad85ec04dca823893ceca2611191a1
SHA256

b9d805b56dc51858cb929da38dbac7e399244869516ad2a4ee606818853a510b
SHA512

a0354eb67ffdff825ad1de3d91f693ba64c4aa527aabcf3392051097307478bab120e9cea04f48dd43968ebe2452ab829a50343f8ec64d165e793d652a3c1c17
SSDEEP

24576:zbGNrsDHg9XZDgvB2RwJgZUBaRisgapmVwwauSDhbj4:fUrNZDi2RwJpMitaoVYXq

Score

1^/10

Malware Config

Signatures

Files

vnetlib64.exe
.exe windows:6 windows x64 arch:x64

d2caa1afdaf5d9aca916c206b5ccab84

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03-12-2019 00:00

Not After

07-12-2022 12:00

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US,1.2.840.113549.1.9.1=#0c126e6f7265706c7940766d776172652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-08-2018 00:00

Not After

11-09-2021 23:59

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:e9:6f:0a:ad:63:ad:61:61:d7:f6:e9:9f:99:91:b0:c8:6d:68:d2:ca:26:3a:86:27:62:29:e3:6c:b2:9b:fc
Signer

Actual PE Digest

fe:e9:6f:0a:ad:63:ad:61:61:d7:f6:e9:9f:99:91:b0:c8:6d:68:d2:ca:26:3a:86:27:62:29:e3:6c:b2:9b:fc

Digest Algorithm

sha256

PE Digest Matches

true

29:65:9e:33:36:5a:40:1d:55:d8:32:39:82:2c:55:91:e5:d5:3e:4d
Signer

Actual PE Digest

29:65:9e:33:36:5a:40:1d:55:d8:32:39:82:2c:55:91:e5:d5:3e:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\build\ob\bora-17966106\bora\build\build\vnetlibexe\release\win64\vnetlib64.pdb

Imports

kernel32

RtlUnwindEx
WriteConsoleW
CloseHandle
CreateFileW
ReadConsoleW
ReadFile
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
GetFileType
SetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
SetLastError
GetLastError
GetProcAddress
GetModuleHandleExW
FreeLibrary
EncodePointer
ExitProcess
GetCurrentProcess
GetModuleFileNameW
WriteFile
GetStdHandle
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RaiseException
LoadLibraryW
GetVersionExA
GetTempPathW
GetTempFileNameW
GetFileSizeEx
FileTimeToSystemTime
FileTimeToLocalFileTime
FindResourceA
SizeofResource
GetModuleHandleA
CreateThread
CreateEventA
SetEvent
MoveFileExW
Sleep
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
CopyFileW
FormatMessageW
GetSystemDirectoryW
DeviceIoControl
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
LocalFree
LocalAlloc
DeleteFileW
ExpandEnvironmentStringsW
GetSystemInfo
VerSetConditionMask
DosDateTimeToFileTime
RtlPcToFileHeader
SetEndOfFile
GetTimeZoneInformation
LoadLibraryExA
ResetEvent
WaitForSingleObjectEx
CreateEventW
DecodePointer
VirtualQuery
TerminateProcess
VirtualProtect
CreateFileA
InitializeCriticalSection
CreateFileMappingA
GetFileAttributesExW
GetVersionExW
VerifyVersionInfoW
GetEnvironmentVariableW
MapViewOfFile
UnmapViewOfFile
lstrcmpA

ws2_32

inet_addr
inet_ntoa
ntohl
htonl
recvfrom
select
sendto
socket
closesocket
WSAStartup
WSAGetLastError

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
LookupAccountSidW
OpenServiceA
OpenSCManagerA
EnumDependentServicesA
UnlockServiceDatabase
StartServiceA
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
EnumDependentServicesW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
FreeInheritedFromArray
GetInheritanceSourceW
SetSecurityInfo
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
LookupPrivilegeDisplayNameA
LookupPrivilegeNameA
IsValidSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorControl
GetAclInformation
GetAce
EqualSid
AddAce
SetEntriesInAclW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueA
SetSecurityDescriptorDacl
IsValidAcl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken

setupapi

SetupDiGetDriverInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupGetLineTextW
SetupOpenInfFileW
SetupQueryInfOriginalFileInformationW
SetupGetInfInformationW
SetupGetNonInteractiveMode
SetupGetLineTextA
SetupCloseInfFile
SetupOpenInfFileA
SetupGetInfFileListA
CM_Get_DevNode_Status
SetupDiClassGuidsFromNameW
SetupDiClassNameFromGuidW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDescriptionW
SetupDiBuildClassInfoList
SetupDiGetClassDevsW
CMP_WaitNoPendingInstallEvents
SetupCopyOEMInfW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiDeleteDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupSetNonInteractiveMode
SetupDiBuildDriverInfoList

iphlpapi

GetIpAddrTable

user32

SendMessageA
DestroyWindow
GetDlgItem
IsWindow
EnumChildWindows
GetWindowThreadProcessId
LoadStringA
LoadStringW
CreateWindowExW

ole32

StringFromGUID2
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoQueryProxyBlanket
CoTaskMemFree

oleaut32

SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantInit
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SysStringLen
SysFreeString
VariantClear
SysAllocString

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetKnownFolderPath
SHGetFolderPathW

rpcrt4

UuidCreate

crypt32

CryptQueryObject
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertGetNameStringW
CryptMsgOpenToDecode

wintrust

WinVerifyTrust

Sections

.text
Size: 687KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2caa1afdaf5d9aca916c206b5ccab84

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3dCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

fe:e9:6f:0a:ad:63:ad:61:61:d7:f6:e9:9f:99:91:b0:c8:6d:68:d2:ca:26:3a:86:27:62:29:e3:6c:b2:9b:fcSigner

29:65:9e:33:36:5a:40:1d:55:d8:32:39:82:2c:55:91:e5:d5:3e:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

setupapi

iphlpapi

user32

ole32

oleaut32

newdev

shell32

rpcrt4

crypt32

wintrust

Sections

.text Size: 687KB - Virtual size: 687KB

.rdata Size: 412KB - Virtual size: 412KB

.data Size: 81KB - Virtual size: 93KB

.pdata Size: 30KB - Virtual size: 30KB

.didat Size: 512B - Virtual size: 40B

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 10KB - Virtual size: 9KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3d
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

fe:e9:6f:0a:ad:63:ad:61:61:d7:f6:e9:9f:99:91:b0:c8:6d:68:d2:ca:26:3a:86:27:62:29:e3:6c:b2:9b:fc
Signer

29:65:9e:33:36:5a:40:1d:55:d8:32:39:82:2c:55:91:e5:d5:3e:4d
Signer

.text
Size: 687KB - Virtual size: 687KB

.rdata
Size: 412KB - Virtual size: 412KB

.data
Size: 81KB - Virtual size: 93KB

.pdata
Size: 30KB - Virtual size: 30KB

.didat
Size: 512B - Virtual size: 40B

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 10KB - Virtual size: 9KB