8de2fd12c142b386f6465f4fe39ab08bed03823e0a01fd0ea2794b2c21710e62

Sharing

Copy URL Twitter E-mail

General

Target

8de2fd12c142b386f6465f4fe39ab08bed03823e0a01fd0ea2794b2c21710e62
Size

2.9MB
MD5

4f146e4dcb5e5e4d7047a09cc9285cf9
SHA1

b8d21a5dfb186c78247ba8e9e4ef9577153692cb
SHA256

8de2fd12c142b386f6465f4fe39ab08bed03823e0a01fd0ea2794b2c21710e62
SHA512

49f8c4a30fb0d178a25a9f11afcaa476468d719e27f44831d3dd83bb851f141b00eabd443e9ecd5e50d41b4ab3b0e142b0e89ed89e72d175c9ca599398ec2539
SSDEEP

49152:bYkK4XOUUaoLXiLw53y+etAYDIR4xTbRsPRanBFYCa6pgXlJM8Cw07gRxBmlIt43:wi/omLw53y+O8obRsPdCa6pAON3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8de2fd12c142b386f6465f4fe39ab08bed03823e0a01fd0ea2794b2c21710e62

Files

8de2fd12c142b386f6465f4fe39ab08bed03823e0a01fd0ea2794b2c21710e62
.dll regsvr32 windows:5 windows x86 arch:x86

cbd6ebea7bb242c82f6b341b80b7dfb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\533452\out\Release\AntiAdwa.pdb

Imports

kernel32

ExpandEnvironmentStringsW
SearchPathW
GetCurrentProcess
TlsGetValue
TlsSetValue
GetModuleHandleW
GetDriveTypeW
LocalAlloc
LocalFree
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
SetFilePointer
WriteFile
InitializeCriticalSection
GetSystemTime
GetLocalTime
GetFileSize
GetLogicalDriveStringsW
GetLongPathNameW
QueryDosDeviceW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileAttributesExW
ReadFile
GetTempPathW
ConnectNamedPipe
CreateNamedPipeW
GetCurrentThreadId
CreateProcessW
GetWindowsDirectoryW
GetVersionExW
FreeResource
GlobalAlloc
GlobalFree
lstrcmpiW
MoveFileExW
GlobalMemoryStatusEx
RemoveDirectoryW
GetPrivateProfileStringW
FileTimeToLocalFileTime
lstrcmpW
FileTimeToSystemTime
lstrcpynW
GetPrivateProfileIntW
WaitForMultipleObjects
GetCurrentDirectoryW
GetFileTime
SetFileAttributesW
GetCurrentProcessId
ProcessIdToSessionId
OpenProcess
MoveFileW
GetExitCodeProcess
WritePrivateProfileStringW
FlushFileBuffers
GetACP
CompareFileTime
CopyFileW
lstrlenW
GetFileSizeEx
LoadLibraryA
ExpandEnvironmentStringsA
GetSystemDirectoryA
ResumeThread
OpenFileMappingW
HeapCreate
GetEnvironmentVariableW
SystemTimeToTzSpecificLocalTime
GetVersion
TlsAlloc
TlsFree
GetStartupInfoW
ReadProcessMemory
SystemTimeToFileTime
GetSystemWindowsDirectoryW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
FreeLibraryAndExitThread
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
DeleteCriticalSection
GetShortPathNameW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapDestroy
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
SetThreadAffinityMask
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetThreadTimes
TerminateProcess
CreateSemaphoreW
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
CloseHandle
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OpenThread
ReleaseMutex
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
GetModuleHandleA
TryEnterCriticalSection
QueryPerformanceCounter
GetStringTypeW
LCMapStringW
FormatMessageW
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
GetFileAttributesW
GetTempFileNameW
CreateFileW

user32

GetActiveWindow
SendMessageTimeoutW
WaitForInputIdle
CopyRect
EqualRect
FindWindowExW
GetWindowThreadProcessId
SystemParametersInfoW
MessageBoxW
FindWindowW
LoadStringW
DestroyIcon
RegisterWindowMessageW
PrivateExtractIconsW
GetSystemMetrics
PeekMessageW
DispatchMessageW
TranslateMessage
CharNextW
GetIconInfo

gdi32

BitBlt
GetObjectW
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC

advapi32

GetUserNameW
RevertToSelf
RegCloseKey
RegCreateKeyW
EnumServicesStatusW
StartServiceW
ChangeServiceConfigW
ImpersonateLoggedOnUser
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenCurrentUser
RegQueryInfoKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegOpenKeyW
RegEnumValueW
RegEnumKeyW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
GetAclInformation
GetAce
EqualSid
DeleteAce
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

CommandLineToArgvW
SHChangeNotify
ord68
ExtractIconExW
SHGetPathFromIDListW
SHGetSettings
SHGetSpecialFolderLocation
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
ord232
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteExW
ord165
ExtractIconW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
IIDFromString
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemRealloc

oleaut32

SysAllocString
VarBstrCmp
VariantInit
SysFreeString
VarUI4FromStr
SysStringLen
VariantCopy
VariantClear

shlwapi

SHDeleteKeyW
PathCombineW
PathFileExistsW
PathRemoveExtensionW
PathIsRootW
StrRChrW
PathRelativePathToW
StrStrW
UrlGetPartW
StrCmpNIW
StrCmpW
StrToIntW
StrCpyNW
StrDupW
PathIsDirectoryEmptyW
PathFindFileNameW
PathFindExtensionW
StrCmpIW
StrStrIW
StrChrW
PathAddBackslashW
PathAppendW
SHSetValueW
SHGetValueW
SHDeleteValueW
PathRemoveFileSpecW
PathIsDirectoryW

ws2_32

WSCEnumProtocols
WSCDeinstallProvider
WSCGetProviderPath
inet_ntoa
inet_addr
WSACleanup
WSAStartup

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetMappedFileNameW

ntdll

RtlNtStatusToDosError
LdrVerifyImageMatchesChecksum
RtlDllShutdownInProgress

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateProcessesW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

NetShareDel
NetShareEnum
NetApiBufferFree

Exports

Exports

AlphaBlend
AlphaBlend
AntiWare_CombinationSafeFile
AntiWare_CreateHPControl
AntiWare_CreatePluginControl
AntiWare_CreatePluginControl2
AntiWare_SimpleAdwareScan
AntiWare_SimpleControl
CbSectionRestore
CheckHomePage
Control_RunDLL
CreateAntiInterFace
CreatePluginFactory
CreatePluginFactory2
CreateQuarantObjectFactory
CreateTrustListEntry
DllRegisterServer
DllUnregisterServer
AlphaBlend
NewCreatePlugin
AlphaBlend
SetDeepscanPath
_CreatePluginFactoryEx@4

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbd6ebea7bb242c82f6b341b80b7dfb7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

psapi

ntdll

wtsapi32

userenv

netapi32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 205KB - Virtual size: 208KB

.data Size: 33KB - Virtual size: 60KB

.rsrc Size: 557KB - Virtual size: 556KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 205KB - Virtual size: 208KB

.data
Size: 33KB - Virtual size: 60KB

.rsrc
Size: 557KB - Virtual size: 556KB