General

Malware Config

Signatures

Files

• 05852b1048b0e2721a812e94440bcfb037ef877ccaa63a22ddfb56148f7e185c

  .exe windows:5 windows x86 arch:x86

  f5d59647da0ac5baae68a91ca46d7e37

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\vmagent_new\bin\joblist\532409\out\Release\SoftMgrLite.pdb

  Imports

  kernel32

  SetFilePointer

  SetEndOfFile

  VirtualQuery

  VirtualFree

  VirtualAlloc

  GetThreadContext

  HeapReAlloc

  SetThreadContext

  HeapAlloc

  HeapFree

  InterlockedCompareExchange

  Thread32First

  HeapDestroy

  HeapCreate

  Thread32Next

  OpenThread

  CreateToolhelp32Snapshot

  SuspendThread

  ResumeThread

  GetExitCodeThread

  GetSystemInfo

  GetFileSize

  MapViewOfFileEx

  Process32FirstW

  Process32NextW

  GlobalFree

  GetThreadLocale

  SetThreadLocale

  SetFilePointerEx

  IsBadReadPtr

  GetVolumeInformationW

  GetProcessHeap

  GetNativeSystemInfo

  ResetEvent

  CreateIoCompletionPort

  TerminateThread

  PostQueuedCompletionStatus

  GetQueuedCompletionStatus

  CreateSemaphoreW

  ReleaseSemaphore

  CreateMutexW

  SetFileTime

  GetFileTime

  CreateTimerQueueTimer

  UnmapViewOfFile

  GetStdHandle

  OpenMutexW

  ReleaseMutex

  FlushFileBuffers

  LoadLibraryA

  CreateTimerQueue

  SetEnvironmentVariableA

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  GetLocaleInfoW

  GetStringTypeA

  IsValidLocale

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  GetConsoleMode

  GetConsoleCP

  SetStdHandle

  InitializeCriticalSectionAndSpinCount

  QueryPerformanceCounter

  GetStartupInfoA

  GetFileType

  SetHandleCount

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetTimeZoneInformation

  IsValidCodePage

  GetOEMCP

  GetACP

  CompareStringA

  CompareStringW

  LCMapStringW

  LCMapStringA

  GetCPInfo

  GetStringTypeW

  RtlUnwind

  ExitProcess

  ExitThread

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TlsFree

  TlsAlloc

  HeapWalk

  HeapLock

  HeapUnlock

  TlsSetValue

  TlsGetValue

  LocalFileTimeToFileTime

  GetSystemTimeAsFileTime

  CreateFileA

  IsProcessorFeaturePresent

  HeapSize

  DeleteTimerQueueEx

  GetStartupInfoW

  GetLongPathNameW

  OpenProcess

  GetWindowsDirectoryW

  InterlockedExchange

  MapViewOfFile

  CreateFileMappingW

  GetModuleFileNameA

  CreateDirectoryW

  WaitForMultipleObjects

  WritePrivateProfileStructW

  GetPrivateProfileStructW

  DeleteTimerQueueTimer

  CreateProcessW

  OutputDebugStringW

  SetProcessWorkingSetSize

  FindClose

  FindNextFileW

  FindFirstFileW

  ExpandEnvironmentStringsW

  GetFileAttributesExW

  MoveFileExW

  WriteFile

  ReadFile

  GetFileSizeEx

  SetSystemPowerState

  GetDriveTypeW

  GetLogicalDriveStringsW

  SystemTimeToFileTime

  GetLocalTime

  lstrcmpW

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  SetLastError

  FlushInstructionCache

  GetTempFileNameW

  GetTempPathW

  GetPrivateProfileStringW

  GetPrivateProfileIntW

  GetVersion

  GetExitCodeProcess

  GetTickCount

  CreateThread

  CreateEventW

  SetEvent

  Sleep

  lstrlenA

  GetEnvironmentVariableW

  lstrcmpiA

  lstrcmpA

  WideCharToMultiByte

  CreateFileW

  DeviceIoControl

  TerminateProcess

  WritePrivateProfileStringW

  GetCurrentThreadId

  GetVersionExW

  SetErrorMode

  CopyFileW

  SetFileAttributesW

  InterlockedIncrement

  InterlockedDecrement

  LoadLibraryExW

  MultiByteToWideChar

  RaiseException

  lstrcmpiW

  lstrlenW

  WaitForSingleObject

  VirtualProtect

  GetModuleHandleA

  DeleteCriticalSection

  InitializeCriticalSection

  GetCurrentProcess

  DeleteFileW

  GetLastError

  CloseHandle

  EnterCriticalSection

  LeaveCriticalSection

  FindResourceExW

  GetModuleFileNameW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  FreeLibrary

  GetModuleHandleW

  GetProcAddress

  LoadLibraryW

  GetSystemDirectoryW

  GetCurrentProcessId

  MulDiv

  user32

  PostQuitMessage

  WaitForInputIdle

  wsprintfW

  GetAncestor

  GetDC

  UnregisterClassA

  ReleaseDC

  GetSystemMetrics

  CharNextW

  DefWindowProcW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  PeekMessageW

  DestroyWindow

  SetWindowPos

  ShowWindow

  IsWindowVisible

  IsWindow

  GetShellWindow

  GetWindowInfo

  EnumChildWindows

  ChildWindowFromPointEx

  DestroyIcon

  PrivateExtractIconsW

  IntersectRect

  DrawTextW

  BringWindowToTop

  IsIconic

  TrackMouseEvent

  SetLayeredWindowAttributes

  DrawIconEx

  OpenClipboard

  IsClipboardFormatAvailable

  GetForegroundWindow

  SetForegroundWindow

  LockWorkStation

  ExitWindowsEx

  GetActiveWindow

  GetDoubleClickTime

  GetIconInfo

  IsRectEmpty

  LoadStringW

  LoadIconW

  LoadStringA

  EndMenu

  CreatePopupMenu

  TrackPopupMenu

  AppendMenuW

  DestroyMenu

  MonitorFromPoint

  GetMonitorInfoW

  GetMenuItemCount

  GetMenuStringW

  GetMenuItemID

  GetMenuDefaultItem

  LoadMenuW

  GetSubMenu

  CheckMenuItem

  DeleteMenu

  SetWindowRgn

  EqualRect

  GetWindowThreadProcessId

  AttachThreadInput

  UnregisterHotKey

  RegisterHotKey

  MapWindowPoints

  MonitorFromWindow

  OffsetRect

  CallNextHookEx

  keybd_event

  SetWinEventHook

  UnhookWinEvent

  SetActiveWindow

  RegisterWindowMessageW

  GetWindowTextLengthW

  GetClipboardData

  CloseClipboard

  GetWindowRect

  UpdateLayeredWindow

  GetDlgItem

  SendMessageW

  SetWindowLongW

  GetWindowLongW

  CallWindowProcW

  SetRectEmpty

  MoveWindow

  FindWindowW

  WindowFromPoint

  FindWindowExW

  SendMessageTimeoutW

  GetClientRect

  PrintWindow

  KillTimer

  SetTimer

  RegisterClassExW

  CreateWindowExW

  GetCursorPos

  PtInRect

  PostMessageW

  CopyRect

  SetFocus

  SetRect

  SetCapture

  MsgWaitForMultipleObjects

  SystemParametersInfoW

  GetCapture

  GetWindowTextW

  GetParent

  EnableWindow

  MapVirtualKeyW

  GetKeyNameTextW

  GetClassInfoExW

  LoadCursorW

  SetWindowTextW

  BeginPaint

  EndPaint

  GetWindow

  GetFocus

  IsChild

  DestroyAcceleratorTable

  GetClassNameW

  GetSysColor

  RedrawWindow

  CreateAcceleratorTableW

  ClientToScreen

  ScreenToClient

  ReleaseCapture

  FillRect

  InvalidateRgn

  InvalidateRect

  GetDesktopWindow

  UnhookWindowsHookEx

  SetWindowsHookExW

  SetCursor

  UpdateWindow

  gdi32

  SetStretchBltMode

  SetPixel

  CombineRgn

  CreateRectRgn

  SetTextColor

  SetBkMode

  CreateFontIndirectW

  Rectangle

  CreatePen

  RestoreDC

  ExtSelectClipRgn

  CreateRectRgnIndirect

  StretchBlt

  CreateDIBSection

  SelectClipRgn

  CreateRoundRectRgn

  CreateFontW

  GetCurrentObject

  CreateSolidBrush

  BitBlt

  GetStockObject

  GetObjectW

  GetDeviceCaps

  DeleteObject

  CreateCompatibleDC

  SelectObject

  GetBitmapBits

  SetBitmapBits

  DeleteDC

  GetTextColor

  SetTextCharacterExtra

  SetBkColor

  TextOutW

  ExtCreatePen

  LineTo

  SaveDC

  MoveToEx

  GetObjectType

  CreateCompatibleBitmap

  comdlg32

  GetOpenFileNameW

  GetSaveFileNameW

  advapi32

  RegCloseKey

  GetTokenInformation

  GetUserNameW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  RegQueryValueExW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegOpenKeyExW

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegQueryValueExA

  RegDeleteKeyW

  shell32

  DragFinish

  DragQueryFileW

  DragAcceptFiles

  SHGetFolderPathW

  ord155

  SHAddToRecentDocs

  ord18

  SHBindToParent

  SHParseDisplayName

  SHGetSpecialFolderPathW

  ord165

  SHAppBarMessage

  ord680

  ShellExecuteW

  ShellExecuteExW

  ExtractIconExW

  ole32

  OleInitialize

  CLSIDFromString

  CLSIDFromProgID

  CoGetClassObject

  OleLockRunning

  StringFromGUID2

  CoTaskMemFree

  CreateStreamOnHGlobal

  OleUninitialize

  CoInitializeEx

  CoUninitialize

  CoInitialize

  CoCreateInstance

  CoTaskMemAlloc

  CoTaskMemRealloc

  oleaut32

  VarBstrCmp

  SysStringByteLen

  SysAllocStringByteLen

  SysAllocStringLen

  OleCreateFontIndirect

  DispCallFunc

  LoadTypeLi

  LoadRegTypeLi

  SysStringLen

  VariantClear

  VariantInit

  SysAllocString

  SysFreeString

  VarUI4FromStr

  shlwapi

  ord176

  SHSetValueW

  PathRemoveExtensionW

  PathIsNetworkPathW

  StrStrIW

  PathFindFileNameW

  PathIsRootW

  PathCombineW

  PathIsRelativeW

  PathFindExtensionW

  PathRemoveFileSpecW

  SHSetValueA

  SHGetValueA

  PathFileExistsW

  PathAppendW

  SHGetValueW

  StrCpyNW

  PathIsDirectoryW

  StrCmpIW

  StrCpyW

  UrlGetPartW

  comctl32

  _TrackMouseEvent

  InitCommonControlsEx

  msimg32

  AlphaBlend

  gdiplus

  GdipDisposeImage

  GdipAlloc

  GdiplusShutdown

  GdiplusStartup

  GdipCloneImage

  GdipFillRectangleI

  GdipCreateSolidFill

  GdipCreateBitmapFromStream

  GdipDrawRectangleI

  GdipCreateFromHDC

  GdipDeletePen

  GdipCreatePen1

  GdipFillEllipse

  GdipSetSmoothingMode

  GdipDeleteGraphics

  GdipGetImageGraphicsContext

  GdipScaleTextureTransform

  GdipTranslateTextureTransform

  GdipCreateTexture2I

  GdipCloneBrush

  GdipDeleteBrush

  GdipBitmapGetPixel

  GdipBitmapLockBits

  GdipCreateBitmapFromHICON

  GdipCreateBitmapFromScan0

  GdipGetImagePixelFormat

  GdipGetImageHeight

  GdipGetImageWidth

  GdipGetImageEncoders

  GdipGetImageEncodersSize

  GdipCreateBitmapFromHBITMAP

  GdipSaveImageToFile

  GdipCreateHBITMAPFromBitmap

  GdipCreateBitmapFromFile

  GdipFree

  iphlpapi

  GetIpAddrTable

  GetAdaptersAddresses

  GetAdaptersInfo

  imm32

  ImmReleaseContext

  ImmAssociateContext

  ImmDisableIME

  ImmGetContext

  netapi32

  Netbios

  crypt32

  CryptBinaryToStringA

  CryptStringToBinaryA

  version

  VerQueryValueW

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  psapi

  GetModuleFileNameExW

  GetModuleInformation

  wininet

  InternetOpenW

  InternetOpenUrlA

  InternetCloseHandle

  HttpQueryInfoW

  InternetReadFile

  HttpSendRequestW

  InternetCrackUrlW

  InternetConnectW

  HttpOpenRequestW

  InternetSetOptionW

  setupapi

  SetupIterateCabinetW

  msi

  ord173

  ord217

  Sections

  .text

  Size: 1.8MB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 315KB - Virtual size: 316KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 48KB - Virtual size: 72KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 415KB - Virtual size: 415KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ