eb1165044b56617885de63be508a5aed25d60d232839dd4a0dc18d6295babead

Sharing

Copy URL

Twitter E-mail

General

Target

eb1165044b56617885de63be508a5aed25d60d232839dd4a0dc18d6295babead
Size

4.8MB
MD5

6f1ac777e44c947b3af7ddc7760725ce
SHA1

1329aa1fb844a319c9d1552d72e300add8c33036
SHA256

eb1165044b56617885de63be508a5aed25d60d232839dd4a0dc18d6295babead
SHA512

9a7305aed91ec64257f4534c8dbc8a426ae6aeb2e5c7dfeddbc0943b00448c81aa1c6a3dabf3bf2bcc29a48c7cc504fb60d398fcf7bad25065c1fa63f3638cde
SSDEEP

98304:nAejIUQM1NzhJ2wJwPGhMeUu5Ve0xxiZUqokmZ7:OrwdrieXq0xMTo9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
eb1165044b56617885de63be508a5aed25d60d232839dd4a0dc18d6295babead

Files

eb1165044b56617885de63be508a5aed25d60d232839dd4a0dc18d6295babead
.exe windows:5 windows x86 arch:x86

0ba4907eb9f7e2007801b1f456669026

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\525134\out\Release\Install.pdb

Imports

kernel32

SetFileTime
FindCloseChangeNotification
CompareFileTime
GetFileInformationByHandle
InterlockedExchange
InterlockedCompareExchange
lstrcpyW
GetDiskFreeSpaceExW
GetDriveTypeW
WriteProcessMemory
ReadProcessMemory
OpenProcess
VirtualFreeEx
VirtualAllocEx
GetVersionExW
GetTickCount
GetCurrentProcess
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OutputDebugStringW
OutputDebugStringA
GetCommandLineW
GetStartupInfoW
CreateProcessW
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
GetSystemTime
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DecodePointer
CreateFileW
CloseHandle
ReadFile
GetFileSize
UnlockFile
LockFile
DeleteFileW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
Sleep
GetShortPathNameW
WritePrivateProfileStringW
LocalFree
InitializeCriticalSection
FindResourceExW
FindResourceW
GetWindowsDirectoryW
GetModuleFileNameW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetEndOfFile
WriteConsoleW
WaitForSingleObjectEx
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
CreateProcessA
GetCurrentDirectoryW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetFileType
SetStdHandle
InterlockedFlushSList
RtlUnwind
CreateFileA
lstrcmpiA
lstrcmpA
DeviceIoControl
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
EnterCriticalSection
SetLastError
GetLastError
LCMapStringW
CompareStringW
GetStringTypeW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetEnvironmentVariableW
ResetEvent
CreateDirectoryW
FormatMessageW
GetSystemDirectoryW
GetLogicalDriveStringsW
GetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
DeleteFileA
GetSystemWindowsDirectoryW
OpenMutexW
GetCurrentThread
CreateEventW
SetEvent
GetLocalTime
GetFileSizeEx
GetExitCodeThread
TerminateThread
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
lstrlenW
lstrcpynW
lstrcmpW
ReleaseMutex
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetSystemDefaultLangID
GetSystemInfo
WaitForMultipleObjects
TerminateProcess
LocalAlloc
GetConsoleWindow
AllocConsole
MoveFileExW
RaiseException
MoveFileW
CopyFileW
FindNextFileW
FindFirstFileW
GetFileAttributesExW
SearchPathW
EnumSystemLocalesW
SetFileAttributesW
GetTempFileNameW
GetTempPathW
GetPrivateProfileStringW
GetCurrentThreadId
FindFirstChangeNotificationW
GetFileTime
FindClose
FlushFileBuffers
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetLongPathNameW
GetCurrentProcessId
CreateMutexW
LoadLibraryW
MulDiv
GetExitCodeProcess
WaitForSingleObject
GetStdHandle
WriteFile

user32

UnregisterClassW
CharNextW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
CreateIconFromResourceEx
CreateIconFromResource
LookupIconIdFromDirectory
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
SetRect
GetParent
SetWindowLongW
GetWindowLongW
GetWindowRect
GetClientRect
InvalidateRect
CallWindowProcW
BeginPaint
MoveWindow
ShowWindow
GetWindowDC
ReleaseDC
PostMessageW
CreateDialogParamW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SystemParametersInfoW
IsRectEmpty
LoadCursorW
PostQuitMessage
DestroyWindow
UpdateLayeredWindow
SetWindowPos
SetTimer
OpenClipboard
EndPaint
DefWindowProcW
OffsetRect
FillRect
SetCursor
DialogBoxParamW
EndDialog
GetActiveWindow
IsDialogMessageW
GetShellWindow
IsWindowVisible
SetWindowRgn
PtInRect
PostThreadMessageW
WaitForInputIdle
LoadStringW
MessageBoxW
SendMessageTimeoutW
UnregisterClassA
CopyRect
IsWindow
GetSystemMetrics
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
RedrawWindow
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
ScreenToClient
SetWindowTextW
GetDC
SendMessageW
ExitWindowsEx
KillTimer

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
SetViewportOrgEx
SetBkColor
ExtTextOutW
CreateSolidBrush
GetPixel
CombineRgn
SaveDC
CreateRectRgn
EnumFontFamiliesW
SetStretchBltMode
StretchBlt
GetPaletteEntries
GdiFlush
SetDIBColorTable
CreateDIBSection
SetPixelV
SetDIBitsToDevice
CreateFontW
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
RestoreDC
GetStockObject
CreateHalftonePalette

advapi32

RegCreateKeyW
RegOpenKeyExA
RegEnumKeyExA
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetEntriesInAclW
LookupAccountNameW
LookupAccountSidW
DeleteAce
GetUserNameW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumValueW
EqualSid
OpenThreadToken
RegOpenCurrentUser
CreateProcessAsUserW
ImpersonateLoggedOnUser
GetTokenInformation
RevertToSelf
CheckTokenMembership
FreeSid
DuplicateTokenEx
RegQueryValueExA
SetTokenInformation
CreateWellKnownSid
GetLengthSid
AllocateAndInitializeSid

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW
ord680
SHGetFolderPathA
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExA
CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
ord165
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

ole32

CoInitializeEx
CoInitializeSecurity
OleRun
CLSIDFromProgID
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoInitialize

oleaut32

GetErrorInfo
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantCopy
VariantClear
VarUI4FromStr
SysFreeString
VariantInit
CreateErrorInfo
SysAllocString
SetErrorInfo

wininet

InternetGetConnectedState
InternetCrackUrlW

shlwapi

StrCmpW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathCombineW
SHSetValueW
PathFindFileNameW
AssocQueryStringW
PathIsRelativeW
PathIsRootW
StrStrW
SHSetValueA
SHGetValueA
StrToIntExW
PathCanonicalizeW
PathIsDirectoryW
PathCompactPathW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
wnsprintfW
PathRelativePathToW
SHDeleteKeyW
SHDeleteValueW
PathRemoveArgsW
PathUnquoteSpacesW
PathIsPrefixW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipAlloc
GdipFree
GdipCloneBrush
GdipCreateStringFormat
GdipMeasureString
GdipSetTextRenderingHint
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImagePointRectI
GdipDrawImageRectRectI
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenStartCap
GdipSetPenEndCap
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLine
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipDrawImageRectRect

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

urlmon

URLDownloadToCacheFileW
URLDownloadToCacheFileA
URLDownloadToFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

winmm

timeGetTime

iphlpapi

GetAdaptersInfo

secur32

GetUserNameExW

setupapi

SetupIterateCabinetW

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ba4907eb9f7e2007801b1f456669026

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

comctl32

gdiplus

psapi

urlmon

version

wtsapi32

userenv

winmm

iphlpapi

secur32

setupapi

crypt32

wintrust

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 267KB - Virtual size: 266KB

.data Size: 21KB - Virtual size: 32KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 62KB - Virtual size: 62KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 267KB - Virtual size: 266KB

.data
Size: 21KB - Virtual size: 32KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 62KB - Virtual size: 62KB