out[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

out.exe
Size

755KB
MD5

67399d3b153c4d336a16eaccadd14de3
SHA1

ea50caa0b3950507d3013cd9fb9c177d9b13a88e
SHA256

5998c1ccd9c1d5721cd9b5fc76219b497b6575a6f953a63985134b49d2b317b4
SHA512

35b6d7626d5f571996c5a7f45f87d2647bc0fd9d7d22503a9e755603e85bdbfb355b723116a577b0df0f690c3d69fe4ab58b7ca4db38bc778aeef47ec2663a8a
SSDEEP

12288:Ev1AxWEu56yW9J+FWY3aGSPO6o9J6qt/2vfo9TqGVfq5Kznl/OUJGIezHpEIO3uv:EZEzyWZ8wqteY9TqGfwKznl/OUJGIk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
out.exe

Files

out.exe
.exe windows:5 windows x86 arch:x86

e54c7aa6dab336b815bc0a479be9b6d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\34494\out\Release\ModuleUpdate.pdb

Imports

kernel32

FindClose
FindNextFileW
FindFirstFileW
CreateMutexW
TerminateProcess
CopyFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetLongPathNameW
WideCharToMultiByte
GetVersionExW
GetLocalTime
GetFileSizeEx
GlobalFree
GlobalAlloc
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
GetFileAttributesExW
UnlockFile
ReadFile
GetFileSize
LockFile
SetFilePointer
WriteFile
GlobalUnlock
GlobalLock
GlobalSize
FlushInstructionCache
DeleteCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetTempPathW
FreeEnvironmentStringsW
GetModuleHandleA
FlushFileBuffers
GetConsoleMode
RaiseException
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
LoadLibraryW
HeapSize
HeapCreate
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
RtlUnwind
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
LocalFree
FormatMessageW
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetTempFileNameW
DeleteFileW
lstrlenA
OutputDebugStringW
DebugBreak
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
InitializeCriticalSection
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
lstrlenW
GetEnvironmentStringsW
InterlockedIncrement
GetCurrentThreadId
SetLastError
GetCommandLineW
Sleep
CloseHandle
CreateProcessW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcessId
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetStdHandle
GetCurrentProcess
CreateFileW
DeviceIoControl
GetConsoleCP

user32

ShowWindow
LoadStringW
SetWindowLongW
CharNextW
RegisterClassW
GetClassInfoW
MessageBoxW
GetActiveWindow
wvsprintfW
IsWindow
DestroyWindow
PostMessageW
MoveWindow
GetClientRect
RedrawWindow
SetDlgItemTextW
GetDlgItem
SetLayeredWindowAttributes
LoadImageW
GetSystemMetrics
PostQuitMessage
BringWindowToTop
PeekMessageW
GetMessageW
IsIconic
InvalidateRect
RegisterWindowMessageW
IsWindowVisible
GetWindowLongW
TranslateMessage
DispatchMessageW
CreateDialogParamW
UnregisterClassA
SendMessageTimeoutW
DefWindowProcW
SetForegroundWindow
ScreenToClient
CharUpperW
SetCursor
GetCursorPos
SetRect
PtInRect
DrawTextW
CallWindowProcW
CopyRect
EndPaint
BeginPaint
GetDC
ReleaseDC
CharLowerW
FindWindowExW
GetWindowThreadProcessId
GetWindowTextW
RegisterClassExW
LoadCursorW
GetClassInfoExW
CreateWindowExW
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsDialogMessageW
SendMessageW
KillTimer
SetTimer
SetWindowPos
SetWindowTextW
TrackMouseEvent

gdi32

LineTo
MoveToEx
StretchBlt
SetStretchBltMode
GetObjectW
SetBkColor
ExtTextOutW
RestoreDC
SaveDC
SetBkMode
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
DeleteDC
BitBlt
DeleteObject
CreateFontW
EnumFontFamiliesW
CreatePen

advapi32

RegOpenKeyExW
RegQueryValueExA
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegQueryValueExW

shell32

ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
GetHGlobalFromStream
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr

shlwapi

SHSetValueW
PathFileExistsW
SHGetValueW
PathRemoveFileSpecW
PathAppendW
PathIsRelativeW
PathFindFileNameW
StrCmpW
PathCombineW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCreateTexture
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipAlloc
GdipFree
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipFillPieI
GdipFillRectangleI
GdipTranslateWorldTransform
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC

psapi

GetModuleFileNameExW

Sections

.text
Size: 408KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e54c7aa6dab336b815bc0a479be9b6d9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

Sections

.text Size: 408KB - Virtual size: 412KB

.rdata Size: 84KB - Virtual size: 88KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 249KB - Virtual size: 248KB

.text
Size: 408KB - Virtual size: 412KB

.rdata
Size: 84KB - Virtual size: 88KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 249KB - Virtual size: 248KB