de36e0af9cd7e32d781be2ab937a7dca33a9f93dcbecd06ff944641e5196c51f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

de36e0af9cd7e32d781be2ab937a7dca33a9f93dcbecd06ff944641e5196c51f.exe
Size

5.5MB
MD5

461e951ba79964b681e9a8bc9d61a92c
SHA1

c860285cc237d35022fea21eba03c82e86ea3d1e
SHA256

de36e0af9cd7e32d781be2ab937a7dca33a9f93dcbecd06ff944641e5196c51f
SHA512

b85af74593267854a24d9a03a046c3d00cfd25401a9b304061f508d46c559e4773801dda28c0a54c15b2c9334fbfa2f391be9194828334cbe4be50811ed0c19f
SSDEEP

98304:28DaacSl8Gb4CieDNDQfCmzgHCS5nidPDjJ4zfm4xrXEkuJTQS383:28eacSl8Gb4CieDNDcCoynQPDyZxcTr3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de36e0af9cd7e32d781be2ab937a7dca33a9f93dcbecd06ff944641e5196c51f.exe

Files

de36e0af9cd7e32d781be2ab937a7dca33a9f93dcbecd06ff944641e5196c51f.exe
.exe windows:5 windows x86 arch:x86

729115e660d22df63904ee7c0dbd38ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\463802\out\Release\FeedBack.pdb

Imports

kernel32

GetSystemWindowsDirectoryW
FreeResource
GetUserDefaultUILanguage
SetCurrentDirectoryW
GetCurrentDirectoryW
CopyFileW
GetSystemDirectoryW
GetSystemTimeAsFileTime
CompareFileTime
GetFileAttributesW
lstrcpynW
lstrlenA
GetCurrentProcessId
CreateFileW
DeviceIoControl
CreateProcessW
GetTickCount
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
CreateEventW
ResetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MulDiv
lstrcmpW
lstrlenW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
GetTempFileNameW
DeleteFileW
ProcessIdToSessionId
SetVolumeLabelW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
lstrcmpiA
lstrcmpA
HeapWalk
HeapLock
OpenThread
HeapUnlock
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
InterlockedIncrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetFileAttributesExW
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
FileTimeToLocalFileTime
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
MoveFileW
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
SetFileTime
GetShortPathNameW
GetDiskFreeSpaceExW
MoveFileExW
SetFileAttributesW
RemoveDirectoryW
TerminateProcess
ReleaseMutex
OpenMutexW
GlobalMemoryStatus
GlobalMemoryStatusEx
GetDriveTypeW
GetSystemPowerStatus
LocalAlloc
ReadFile
SystemTimeToFileTime
GetModuleHandleA
GetTimeZoneInformation
LocalFree
GetPrivateProfileStringW
GlobalFree
CreateMutexW
GetWindowsDirectoryW
CreateRemoteThread
GetVersionExW
GetSystemInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FreeConsole
WideCharToMultiByte
OpenProcess
CreateDirectoryW
GetFileSize
SetFilePointer
GetConsoleOutputCP
FileTimeToSystemTime
WriteFile
InterlockedDecrement
GetModuleFileNameW
SetEvent
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
RaiseException
GetCurrentThreadId
SetLastError
SetErrorMode
LoadLibraryW
GetProcAddress
GetCommandLineW
GetModuleHandleW
FreeLibrary
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetVersion
WaitForMultipleObjects
InterlockedExchange
InterlockedCompareExchange
SetHandleCount
Sleep
CloseHandle
LocalFileTimeToFileTime
GetLastError

user32

GetForegroundWindow
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
SetWindowLongW
ShowWindow
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
GetWindowLongW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
DestroyAcceleratorTable
GetSysColor
GetWindow
GetFocus
SetFocus
IsChild
EndPaint
FillRect
BeginPaint
GetClientRect
IsWindow
RedrawWindow
SetWindowPos
EnumDisplayMonitors
LoadStringW
UnregisterClassA
GetClassNameW
GetParent
CharNextW
GetDesktopWindow
ReleaseDC
GetDC
CreateAcceleratorTableW
MoveWindow
ClientToScreen
ScreenToClient
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SendMessageW
GetDlgItem
CallWindowProcW
GetWindowRect
DefWindowProcW
CreateWindowExW
PostQuitMessage
PostMessageW
LoadImageW
GetSystemMetrics
SetRectEmpty
EnumChildWindows
SwitchToThisWindow
SetForegroundWindow
BringWindowToTop
IsWindowVisible
CopyRect
CreateDialogParamW
SetTimer
KillTimer
IsDialogMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
IsMenu
GetSubMenu
GetMenuStringW
GetMenuItemCount
GetMenuItemID
DestroyMenu
ModifyMenuW
IsRectEmpty
GetWindowThreadProcessId
SendMessageTimeoutW
FindWindowW
GetWindowPlacement
EnumDisplaySettingsW
MonitorFromPoint
SetActiveWindow
AttachThreadInput
AllowSetForegroundWindow
keybd_event
GetKeyboardState
WindowFromPoint
LoadIconW
GetCursorPos
SetCaretPos
ShowCaret
CreateCaret
HideCaret
SetDlgItemTextW
LoadMenuW
IsIconic
EnableMenuItem
GetKeyState
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
DrawTextW
PtInRect
GetClassLongW
SetClassLongW
GetMessagePos
EnableWindow
GetWindowDC
SetRect
SetCursor
OffsetRect
WaitForInputIdle
GetActiveWindow
MessageBoxW
SetWindowRgn
UpdateWindow
MonitorFromRect
DispatchMessageW

gdi32

SetTextColor
SetBkMode
SetBkColor
ExtTextOutW
Rectangle
CreatePen
GetTextExtentPoint32W
CreateFontIndirectW
SetViewportOrgEx
GetTextMetricsW
GetObjectA
GetPixel
CreateFontW
CreatePolygonRgn
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
EnumFontFamiliesW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

ConvertSidToStringSidW
RegEnumKeyExA
RegCreateKeyA
GetSidSubAuthority
DuplicateTokenEx
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
ord680
ExtractIconExW
ShellExecuteW
SHGetFolderPathW
ord165
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CreateStreamOnHGlobal
CoGetClassObject
CoTaskMemAlloc

oleaut32

SafeArrayUnlock
SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
DispCallFunc
SafeArrayCopy
SafeArrayGetVartype
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
VariantCopy
VarBstrCmp

shlwapi

StrChrW
StrCmpNW
wnsprintfW
PathUnquoteSpacesW
StrCmpW
PathCanonicalizeW
SHSetValueA
SHDeleteValueA
PathCompactPathW
PathAddBackslashW
PathStripPathW
PathStripToRootW
PathIsDirectoryW
SHGetValueA
PathFindFileNameW
ord437
StrCmpIW
PathRemoveFileSpecW
StrStrIW
PathIsRelativeW
PathFileExistsW
SHGetValueW
PathCombineW
PathAppendW
ColorRGBToHLS
ColorHLSToRGB
StrCmpNIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipResetPath
GdipSetStringFormatAlign
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
GdipSetStringFormatLineAlign
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipClosePathFigure
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipAddPathRectangleI
GdipCreateFromHDC
GdipAddPathArcI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenDashOffset
GdipSetPathGradientCenterColor
GdipCreateHBITMAPFromBitmap
GdipDrawImagePointRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetFontHeight
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipResetClip
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipFillPath
GdipFillRectangleI
GdipFillRectangle
GdipDrawPath
GdipDrawEllipseI
GdipDrawRectangleI
GdipDrawLineI
GdipDrawLine
GdipSetPixelOffsetMode
GdipGetPixelOffsetMode
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipSetPenDashStyle
GdipSetPenWidth
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipSetPathGradientGammaCorrection
GdipSetPathGradientCenterPoint
GdipAddPathLine2
GdipSetLinePresetBlend
GdipCreateLineBrushFromRect
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipAlloc
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipGetPathWorldBoundsI
GdipAddPathPie
GdipAddPathLine
GdipAddPathArc
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetInterpolationMode

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptStringToBinaryA
CertGetNameStringW
CryptBinaryToStringA

wininet

InternetQueryOptionW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
DeleteUrlCacheEntryW
InternetGetConnectedState

psapi

GetModuleFileNameExW

riched20

ord4

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

729115e660d22df63904ee7c0dbd38ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

wintrust

crypt32

wininet

psapi

riched20

userenv

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 239KB - Virtual size: 240KB

.data Size: 27KB - Virtual size: 52KB

.rsrc Size: 3.9MB - Virtual size: 3.9MB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 239KB - Virtual size: 240KB

.data
Size: 27KB - Virtual size: 52KB

.rsrc
Size: 3.9MB - Virtual size: 3.9MB