vmware-vdiskmanager[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

vmware-vdiskmanager.exe
Size

1.4MB
MD5

53f5f8a3336fe2aba38e3385aea5a23c
SHA1

95f08d878fdb6ab68d6ca85b88d88b894833cea1
SHA256

4f4cc8f15e8e6d34f1b50c33786461f703e46425ad755fd93c999edf3597e896
SHA512

439d0990166abddffbd315cfc08139f3bde7a85756e860c82006fd814f0ff7adac5df59bbd129b3e3e17cb22c24f1a5803b957f8081a2283f7ee1c331c8db87f
SSDEEP

24576:mOHhd0uoL0uA3Eff8ZhG224GQE98CXCYyUq1K2ChEaBPgRr5cfF0hFmMCJWA:jd07wx3Efkq2vCXUUq1PaBoRtQF0hF3a

Score

1^/10

Malware Config

Signatures

Files

vmware-vdiskmanager.exe
.exe windows:6 windows x86 arch:x86

c8da889d26ebcb999c66f98eaf37ffde

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

59:04:09:57:f2:08:43:30:2b:a5:2a:a1:f6:ab:ce:ef
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/11/2016, 00:00

Not After

21/12/2019, 23:59

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:3b:c2:18:ff:16:e1:9a:73:8d:c0:f0:b1:26:de:61
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

24/07/2015, 00:00

Not After

22/08/2018, 23:59

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:c8:82:bc:13:54:e5:2e:5c:86:f4:2c:47:1f:32:7a:74:9b:d1:2c:a3:9d:3f:96:0d:55:44:2b:f9:da:4e:c9
Signer

Actual PE Digest

7f:c8:82:bc:13:54:e5:2e:5c:86:f4:2c:47:1f:32:7a:74:9b:d1:2c:a3:9d:3f:96:0d:55:44:2b:f9:da:4e:c9

Digest Algorithm

sha256

PE Digest Matches

true

e7:54:94:26:73:0d:40:cb:b6:60:d4:7f:aa:51:24:d5:c7:bd:78:27
Signer

Actual PE Digest

e7:54:94:26:73:0d:40:cb:b6:60:d4:7f:aa:51:24:d5:c7:bd:78:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\ob\bora-7528167\bora\build\build\vdiskmanager\release\win32\vmware-vdiskmanager.pdb

Imports

msvcr120

fread
rewind
feof
getc
_except1
ftell
fsetpos
fgetpos
scanf
fgetc
_fstat64i32
fwrite
fseek
wcsstr
_wtoi
_snwprintf
wcsncpy
bsearch
isxdigit
strpbrk
_aligned_malloc
_aligned_free
strspn
_time64
sprintf
getenv
isalnum
_fcvt_s
_ecvt_s
_strupr
islower
strncat
frexp
_wgetenv
localeconv
wcrtomb
abort
wcsspn
wcscspn
wcschr
towupper
_snprintf
_ftime64
_fdopen
wcsrchr
_wcsdup
isdigit
_getpid
strcspn
tolower
_wrename
_close
_wunlink
_wfopen
strtoul
strtol
strtod
_strtoui64
_strdup
memchr
strncpy
_vacopy
_strlwr
_open_osfhandle
_setmode
_fileno
realloc
_wfullpath
_wgetdcwd
wcsncmp
_strnicmp
memmove
qsort
sscanf
strtok_s
isspace
strstr
memcpy
malloc
calloc
atoi
_errno
strncmp
strchr
memset
vfprintf
printf
fputs
fprintf
fgets
fflush
fclose
__iob_func
free
strrchr
_stricmp
signal
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
_controlfp_s
_invoke_watson
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_commode
_fmode
__winitenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
TerminateProcess
SetFilePointer
VirtualFree
VirtualAlloc
GetFileSizeEx
GetSystemFirmwareTable
CreateFileA
InitializeCriticalSection
GetACP
VirtualQuery
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
OutputDebugStringW
GetFileAttributesA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetExitCodeThread
OpenThread
QueryPerformanceFrequency
lstrcmpiA
GetModuleHandleA
GetVersionExA
GetSystemInfo
GetExitCodeProcess
GetVersionExW
GetComputerNameExW
WaitNamedPipeW
GetCompressedFileSizeW
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetShortPathNameW
GetDiskFreeSpaceW
MultiByteToWideChar
RaiseException
IsBadReadPtr
LoadLibraryW
CreateEventA
WaitForSingleObject
CancelIo
GetLastError
FreeLibrary
GetProcAddress
SetLastError
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetVolumeInformationW
RemoveDirectoryW
CloseHandle
DeviceIoControl
GetCurrentProcess
GetCurrentThread
LocalFree
MoveFileExW
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileInformationByHandle
GetVolumePathNameW
OpenProcess
GetModuleHandleW
FlushFileBuffers
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetTickCount
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
OutputDebugStringA
GetModuleFileNameW
LoadLibraryExW
FormatMessageW
CreateSemaphoreW
GetDriveTypeA
WideCharToMultiByte
Sleep
GetSystemTime
LoadLibraryA
GetOverlappedResult
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileAttributesW

zlib1

inflate
inflateEnd
deflate
zlibVersion
deflateInit_
inflateInit_
zError
deflateEnd

user32

MessageBoxW
LoadStringW

advapi32

GetNamedSecurityInfoW
GetFileSecurityW
ImpersonateSelf
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
MapGenericMask
RevertToSelf
GetUserNameW
CryptAcquireContextA
CryptReleaseContext
OpenProcessToken
OpenThreadToken
AccessCheck
RegQueryValueExW
RegOpenKeyExW
CryptGenRandom
GetExplicitEntriesFromAclW
RegCreateKeyExW
RegCloseKey
LookupAccountNameW
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorControl
GetLengthSid
FreeSid
EqualSid
CheckTokenMembership
AllocateAndInitializeSid
AddAccessAllowedAce
DuplicateToken

wsock32

inet_ntoa
send
WSASetLastError
ntohl
ioctlsocket
__WSAFDIsSet
closesocket
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
setsockopt
ntohs
listen
htons
getsockname
recv
connect
bind
accept
select

ws2_32

WSAAddressToStringA
WSASocketW
FreeAddrInfoW
GetAddrInfoW
inet_pton
WSAEventSelect
WSAIoctl

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoQueryProxyBlanket

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

crypt32

CryptAcquireCertificatePrivateKey
CryptExportPKCS8
CertCreateCertificateContext
CertAddEncodedCertificateToStore
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore

shell32

SHGetFolderPathW

Sections

.text
Size: 863KB - Virtual size: 862KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8da889d26ebcb999c66f98eaf37ffde

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

59:04:09:57:f2:08:43:30:2b:a5:2a:a1:f6:ab:ce:efCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

65:3b:c2:18:ff:16:e1:9a:73:8d:c0:f0:b1:26:de:61Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

7f:c8:82:bc:13:54:e5:2e:5c:86:f4:2c:47:1f:32:7a:74:9b:d1:2c:a3:9d:3f:96:0d:55:44:2b:f9:da:4e:c9Signer

e7:54:94:26:73:0d:40:cb:b6:60:d4:7f:aa:51:24:d5:c7:bd:78:27Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr120

kernel32

zlib1

user32

advapi32

wsock32

ws2_32

ole32

oleaut32

crypt32

shell32

Sections

.text Size: 863KB - Virtual size: 862KB

.rdata Size: 366KB - Virtual size: 366KB

.data Size: 92KB - Virtual size: 245KB

.tls Size: 512B - Virtual size: 37B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 59KB - Virtual size: 58KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

59:04:09:57:f2:08:43:30:2b:a5:2a:a1:f6:ab:ce:ef
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

65:3b:c2:18:ff:16:e1:9a:73:8d:c0:f0:b1:26:de:61
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

7f:c8:82:bc:13:54:e5:2e:5c:86:f4:2c:47:1f:32:7a:74:9b:d1:2c:a3:9d:3f:96:0d:55:44:2b:f9:da:4e:c9
Signer

e7:54:94:26:73:0d:40:cb:b6:60:d4:7f:aa:51:24:d5:c7:bd:78:27
Signer

.text
Size: 863KB - Virtual size: 862KB

.rdata
Size: 366KB - Virtual size: 366KB

.data
Size: 92KB - Virtual size: 245KB

.tls
Size: 512B - Virtual size: 37B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 59KB - Virtual size: 58KB