d61f5ce1e91bd8afe50d8a2d5915b74f11520f01ace1a3b6cbf0cc79b6cc2067

Sharing

Copy URL Twitter E-mail

General

Target

d61f5ce1e91bd8afe50d8a2d5915b74f11520f01ace1a3b6cbf0cc79b6cc2067
Size

13.0MB
MD5

9e7123fc386c02f4d26dad60a91bf6e7
SHA1

cbd65abe9198920e376954869069e4ae5311c129
SHA256

d61f5ce1e91bd8afe50d8a2d5915b74f11520f01ace1a3b6cbf0cc79b6cc2067
SHA512

7f622e75ec956b7db9a4bc6923a22178d63ad6a22289e39bd2d54ae05ba25e5b3f6e30254d9e39c7a6862e039888ee677b99c63c1979b8cb0c270234c614d453
SSDEEP

393216:nNbETnrxFmW2xuo4l5oSIi1/Cfb3ZBKWulUV0fPual0jEF:xs3mW2x+91/Cz3Z+OV0zlom

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d61f5ce1e91bd8afe50d8a2d5915b74f11520f01ace1a3b6cbf0cc79b6cc2067

Files

d61f5ce1e91bd8afe50d8a2d5915b74f11520f01ace1a3b6cbf0cc79b6cc2067
.exe windows:5 windows x86 arch:x86

9c57e630ecded2ddaec719641cc2f5a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\775986\out\Release\GameAssistantSetup.pdb

Imports

kernel32

FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetLongPathNameW
GetVolumeInformationW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
GlobalAlloc
GlobalFree
MoveFileExW
GetFileAttributesExW
GetCurrentProcess
OpenThread
GetModuleHandleExW
lstrcmpiW
GetThreadLocale
SetThreadLocale
GlobalMemoryStatusEx
GetVersionExW
SystemTimeToFileTime
GetLocalTime
GetCommandLineW
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
lstrcmpA
LocalFree
GetModuleHandleA
OpenProcess
GetPrivateProfileStringW
GetPrivateProfileIntW
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MapViewOfFile
GetCurrentThreadId
lstrlenA
LoadLibraryW
UnmapViewOfFile
CreateFileMappingW
WriteFile
SetFilePointer
GetFileSize
GetTimeZoneInformation
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FindClose
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
FreeResource
GetSystemWindowsDirectoryW
lstrcmpiA
InitializeSListHead
GetStartupInfoW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapDestroy
ReadFile
GetFileSizeEx
ExpandEnvironmentStringsW
GetModuleFileNameW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
GetUserDefaultLCID
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteFileW
SetFilePointerEx
FreeEnvironmentStringsW
IsDebuggerPresent
LeaveCriticalSection
GetStringTypeW
TryEnterCriticalSection
EnterCriticalSection
GetCPInfo
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableW
FormatMessageW
GetACP
MulDiv
GlobalSize
VerSetConditionMask
VerifyVersionInfoW
GlobalUnlock
GlobalLock
RaiseException
CloseHandle
SetFileTime
LCMapStringEx
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
HeapLock
HeapUnlock
HeapWalk
ReleaseMutex
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW

user32

FindWindowW
PostMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
GetWindowLongW
SetWindowLongW
CharLowerW
GetSystemMetrics
IntersectRect
OffsetRect
EqualRect
PtInRect
GetMonitorInfoW
EnumDisplayMonitors
AttachThreadInput
IsIconic
BringWindowToTop
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
GetDesktopWindow
DrawTextW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetAsyncKeyState
GetSysColor
ClientToScreen
SetCursor
UnionRect
MonitorFromPoint
IsZoomed
GetCursorPos
GetKeyState
ScreenToClient
SetWindowRgn
SendMessageTimeoutW
IsRectEmpty
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
InvalidateRect
ReleaseCapture
SetCapture
GetFocus
GetDC
CallWindowProcW
RegisterClassW
LoadCursorW
ReleaseDC
GetWindowThreadProcessId
wsprintfW
LoadImageW
SetWindowPos
IsWindowVisible
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostQuitMessage
SetTimer
KillTimer
GetClientRect
GetWindowRect
MapWindowPoints
GetParent
GetWindow
MonitorFromWindow
SetFocus
EnableWindow
SetWindowTextW
UpdateLayeredWindow

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
StartServiceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
ChangeServiceConfigW
SetSecurityDescriptorDacl
RegEnumKeyExA
GetTokenInformation
OpenProcessToken
QueryServiceStatus
OpenServiceW
OpenSCManagerW

shell32

ord165
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleInitialize
CreateStreamOnHGlobal
CoCreateGuid
OleUninitialize
CoTaskMemFree
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW
StrStrIW
StrCmpIW
PathCombineW
PathFindFileNameW
StrStrIA
PathRemoveFileSpecW
SHGetValueW
StrCmpNIW
PathCanonicalizeW
PathIsDirectoryW
PathIsPrefixW
PathIsRootW
PathRemoveBackslashW
PathAppendW
PathIsRelativeW
SHSetValueW
SHGetValueA
SHSetValueA
SHDeleteValueW
StrTrimA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW

gdiplus

GdipDeleteRegion
GdipSetPathGradientFocusScales
GdipFillRegion
GdipAddPathPath
GdiplusShutdown
GdipCreatePath
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipImageGetFrameDimensionsCount
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreatePen1
GdipSetPathGradientWrapMode
GdipImageGetFrameCount
GdiplusStartup
GdipDeleteBrush
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateRegionPath
GdipSetPathGradientPresetBlend
GdipCloneBrush
GdipCreateBitmapFromStream
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipDeletePath
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipMeasureString
GdipFillEllipse
GdipDrawEllipse
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipCreateLineBrushFromRectI
GdipFillPath
GdipCreateSolidFill
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateFromHDC
GdipClosePathFigure
GdipAddPathArc
GdipAddPathLine
GdipAddPathEllipse
GdipAddPathRectangle
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipLoadImageFromFile
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePathGradientFromPath

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

crypt32

CryptBinaryToStringA

winmm

timeKillEvent
timeSetEvent

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

msimg32

AlphaBlend

iphlpapi

GetAdaptersInfo

wininet

InternetConnectW
HttpQueryInfoW
InternetSetOptionW
InternetReadFile
HttpSendRequestW
InternetCrackUrlW
InternetOpenW
InternetCloseHandle
HttpOpenRequestW

gdi32

DeleteObject
GetObjectW
CreateRoundRectRgn
BitBlt
CreateFontIndirectW
GetDeviceCaps
GetWindowOrgEx
CreateRectRgnIndirect
SaveDC
ExtSelectClipRgn
RestoreDC
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
SetWindowOrgEx
SetStretchBltMode
StretchBlt
SetTextColor
SetBkColor
SetBkMode
GetObjectA
GetStockObject

Sections

.text
Size: 972KB - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19.5MB - Virtual size: 19.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c57e630ecded2ddaec719641cc2f5a4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

gdiplus

comctl32

crypt32

winmm

imm32

msimg32

iphlpapi

wininet

gdi32

Sections

.text Size: 972KB - Virtual size: 972KB

.rdata Size: 242KB - Virtual size: 242KB

.data Size: 35KB - Virtual size: 46KB

.rsrc Size: 19.5MB - Virtual size: 19.5MB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 972KB - Virtual size: 972KB

.rdata
Size: 242KB - Virtual size: 242KB

.data
Size: 35KB - Virtual size: 46KB

.rsrc
Size: 19.5MB - Virtual size: 19.5MB

.reloc
Size: 62KB - Virtual size: 61KB