eb18696d0081fd9e7a30b94f6e7d4bd7e3f02f9476d25a23f5cbc00659b25f5f

Sharing

Copy URL Twitter E-mail

General

Target

eb18696d0081fd9e7a30b94f6e7d4bd7e3f02f9476d25a23f5cbc00659b25f5f
Size

4.9MB
MD5

381b461608bd7febeb1af2a4e5e48e99
SHA1

5bcc80e46ab020e51641ed349deb902c0fbae1bb
SHA256

eb18696d0081fd9e7a30b94f6e7d4bd7e3f02f9476d25a23f5cbc00659b25f5f
SHA512

47cdcb678b682d2bcc6edad73356d4c0a8d10a7b7386fd142aebf8a2c84ba269322310f06e4efd9fdc10a2d49c1e57bfc62c5cf576d85cdb82921cda4845171f
SSDEEP

49152:0e4XOUUaoLXiLw53y+etAYDIR4xTbRsPRan03TTkQIlb8p:ri/omLw53y+O8obRsPjtp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb18696d0081fd9e7a30b94f6e7d4bd7e3f02f9476d25a23f5cbc00659b25f5f

Files

eb18696d0081fd9e7a30b94f6e7d4bd7e3f02f9476d25a23f5cbc00659b25f5f
.dll regsvr32 windows:5 windows x86 arch:x86

cbd6ebea7bb242c82f6b341b80b7dfb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\533452\out\Release\AntiAdwa.pdb

Imports

kernel32

ExpandEnvironmentStringsW
SearchPathW
GetCurrentProcess
TlsGetValue
TlsSetValue
GetModuleHandleW
GetDriveTypeW
LocalAlloc
LocalFree
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
SetFilePointer
WriteFile
InitializeCriticalSection
GetSystemTime
GetLocalTime
GetFileSize
GetLogicalDriveStringsW
GetLongPathNameW
QueryDosDeviceW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileAttributesExW
ReadFile
GetTempPathW
ConnectNamedPipe
CreateNamedPipeW
GetCurrentThreadId
CreateProcessW
GetWindowsDirectoryW
GetVersionExW
FreeResource
GlobalAlloc
GlobalFree
lstrcmpiW
MoveFileExW
GlobalMemoryStatusEx
RemoveDirectoryW
GetPrivateProfileStringW
FileTimeToLocalFileTime
lstrcmpW
FileTimeToSystemTime
lstrcpynW
GetPrivateProfileIntW
WaitForMultipleObjects
GetCurrentDirectoryW
GetFileTime
SetFileAttributesW
GetCurrentProcessId
ProcessIdToSessionId
OpenProcess
MoveFileW
GetExitCodeProcess
WritePrivateProfileStringW
FlushFileBuffers
GetACP
CompareFileTime
CopyFileW
lstrlenW
GetFileSizeEx
LoadLibraryA
ExpandEnvironmentStringsA
GetSystemDirectoryA
ResumeThread
OpenFileMappingW
HeapCreate
GetEnvironmentVariableW
SystemTimeToTzSpecificLocalTime
GetVersion
TlsAlloc
TlsFree
GetStartupInfoW
ReadProcessMemory
SystemTimeToFileTime
GetSystemWindowsDirectoryW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
FreeLibraryAndExitThread
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
DeleteCriticalSection
GetShortPathNameW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapDestroy
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
SetThreadAffinityMask
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetThreadTimes
TerminateProcess
CreateSemaphoreW
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
CloseHandle
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OpenThread
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
GetModuleHandleA
TryEnterCriticalSection
QueryPerformanceCounter
GetStringTypeW
LCMapStringW
FormatMessageW
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
GetFileAttributesW
GetTempFileNameW
CreateFileW

user32

GetActiveWindow
SendMessageTimeoutW
WaitForInputIdle
CopyRect
EqualRect
FindWindowExW
GetWindowThreadProcessId
SystemParametersInfoW
MessageBoxW
FindWindowW
LoadStringW
DestroyIcon
RegisterWindowMessageW
PrivateExtractIconsW
GetSystemMetrics
PeekMessageW
DispatchMessageW
TranslateMessage
CharNextW
GetIconInfo

gdi32

BitBlt
GetObjectW
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC

advapi32

GetUserNameW
RevertToSelf
RegCloseKey
RegCreateKeyW
EnumServicesStatusW
StartServiceW
ChangeServiceConfigW
ImpersonateLoggedOnUser
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenCurrentUser
RegQueryInfoKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegOpenKeyW
RegEnumValueW
RegEnumKeyW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
GetAclInformation
GetAce
EqualSid
DeleteAce
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

CommandLineToArgvW
SHChangeNotify
ord68
ExtractIconExW
SHGetPathFromIDListW
SHGetSettings
SHGetSpecialFolderLocation
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
ord232
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteExW
ord165
ExtractIconW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
IIDFromString
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemRealloc

oleaut32

SysAllocString
VarBstrCmp
VariantInit
SysFreeString
VarUI4FromStr
SysStringLen
VariantCopy
VariantClear

shlwapi

SHDeleteKeyW
PathCombineW
PathFileExistsW
PathRemoveExtensionW
PathIsRootW
StrRChrW
PathRelativePathToW
StrStrW
UrlGetPartW
StrCmpNIW
StrCmpW
StrToIntW
StrCpyNW
StrDupW
PathIsDirectoryEmptyW
PathFindFileNameW
PathFindExtensionW
StrCmpIW
StrStrIW
StrChrW
PathAddBackslashW
PathAppendW
SHSetValueW
SHGetValueW
SHDeleteValueW
PathRemoveFileSpecW
PathIsDirectoryW

ws2_32

WSCEnumProtocols
WSCDeinstallProvider
WSCGetProviderPath
inet_ntoa
inet_addr
WSACleanup
WSAStartup

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetMappedFileNameW

ntdll

RtlNtStatusToDosError
LdrVerifyImageMatchesChecksum
RtlDllShutdownInProgress

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateProcessesW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

NetShareDel
NetShareEnum
NetApiBufferFree

Exports

Exports

Transparen
TransparentB
AntiWare_CombinationSafeFile
AntiWare_CreateHPControl
AntiWare_CreatePluginControl
AntiWare_CreatePluginControl2
AntiWare_SimpleAdwareScan
AntiWare_SimpleControl
TransparentBlt
CheckHomePage
TransparentBlt
CreateAntiInterFace
CreatePluginFactory
CreatePluginFactory2
CreateQuarantObjectFactory
CreateTrustListEntry
DllRegisterServer
DllUnregisterServer
Transparen
NewCreatePlugin
TransparentBlt
SetDeepscanPath
_CreatePluginFactoryEx@4

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 647KB - Virtual size: 646KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbd6ebea7bb242c82f6b341b80b7dfb7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

psapi

ntdll

wtsapi32

userenv

netapi32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 205KB - Virtual size: 208KB

.data Size: 33KB - Virtual size: 60KB

.rsrc Size: 647KB - Virtual size: 646KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 205KB - Virtual size: 208KB

.data
Size: 33KB - Virtual size: 60KB

.rsrc
Size: 647KB - Virtual size: 646KB