1bcf74fddff2cfa570a0b6bdeff42e95b0a17d591d4195d7886541988f59e4d2

Sharing

Copy URL Twitter E-mail

General

Target

1bcf74fddff2cfa570a0b6bdeff42e95b0a17d591d4195d7886541988f59e4d2
Size

3.5MB
MD5

4b6e8a642400963ee3ecaba5144b228e
SHA1

9f02fb276d28bbd3e722e319c2035be5697dec24
SHA256

1bcf74fddff2cfa570a0b6bdeff42e95b0a17d591d4195d7886541988f59e4d2
SHA512

42d8f55e8978c7486f7385423dfee2643c88dec505390ef87e0994953004d4a37e6f735b9e4c48be60c4b3c7cc464984f14b39e4f76e3cb854a4bae7c8f42534
SSDEEP

49152:6Xob/BJCgLzDdwd9bk/RiF6xQf2V4d4gqjEBak+Sns:6A/BSY/RiAxpV9dqakzns

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bcf74fddff2cfa570a0b6bdeff42e95b0a17d591d4195d7886541988f59e4d2

Files

1bcf74fddff2cfa570a0b6bdeff42e95b0a17d591d4195d7886541988f59e4d2
.dll regsvr32 windows:6 windows x86 arch:x86

15ea91365ad63ea1d9b6bd525baaedd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\535148\out\Release\deepscan.pdb

Imports

kernel32

GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
ReadFile
GetModuleHandleW
CreateProcessW
GetVersionExW
InterlockedIncrement
InterlockedDecrement
OpenProcess
ReadProcessMemory
FindClose
ExpandEnvironmentStringsW
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
SearchPathW
GetVolumeInformationW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateThread
ReleaseSemaphore
GetFileSize
GetPrivateProfileIntW
WritePrivateProfileStringW
VirtualQueryEx
lstrlenW
Module32FirstW
Module32NextW
GetPrivateProfileStringW
GetTempPathW
GetTempFileNameW
QueryDosDeviceW
SetFileAttributesW
CopyFileW
GetSystemDefaultUILanguage
CreateDirectoryW
InterlockedExchange
LocalFree
GetShortPathNameW
GetLongPathNameW
GetCurrentThreadId
GetFileSizeEx
GetStartupInfoW
GetFileAttributesExW
CreatePipe
PeekNamedPipe
CreateProcessA
ExpandEnvironmentStringsA
MoveFileExW
ResumeThread
FlushInstructionCache
VirtualQuery
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetEnvironmentVariableW
GetACP
lstrcmpiW
GetExitCodeThread
FormatMessageW
GetEnvironmentStringsW
OutputDebugStringW
IsDBCSLeadByte
GetStdHandle
SetFileTime
MoveFileW
SetEndOfFile
SetFilePointerEx
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
SetEnvironmentVariableW
WritePrivateProfileSectionW
GetDriveTypeW
GetLogicalDrives
FreeLibraryAndExitThread
ReleaseMutex
OpenMutexW
OpenThread
Thread32First
Thread32Next
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetCommandLineW
GetSystemWindowsDirectoryW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
InterlockedFlushSList
RtlUnwind
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
LocalAlloc
DeleteFileW
RemoveDirectoryW
FindResourceExW
FindResourceW
SetFilePointer
WriteFile
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapDestroy
LockResource
InterlockedCompareExchange
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
TerminateProcess
CreateSemaphoreW
Sleep
CreateFileW
CreateEventW
CreateMutexW
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
GetCPInfo
GetStringTypeW
LCMapStringW
HeapUnlock
TlsFree
TlsGetValue
TlsAlloc
HeapWalk
HeapLock
TlsSetValue
SystemTimeToFileTime
CreateFileA
LocalFileTimeToFileTime
FreeResource
GetCommandLineA
GetPrivateProfileSectionW
SetLastError
GetLastError
RaiseException
CloseHandle
AreFileApisANSI
GetFullPathNameW
GetFileAttributesW
FreeEnvironmentStringsW

user32

MessageBoxA
SendMessageTimeoutW
FindWindowW
LoadStringW
GetActiveWindow
CharUpperW
CharNextW
wsprintfW
GetWindowTextW
GetWindowThreadProcessId
FindWindowExW
SetWindowLongW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetWindowLongW
LoadCursorW
DestroyWindow
IsWindow

winspool.drv

GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryW

advapi32

RegQueryValueA
RevertToSelf
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
LookupAccountSidW
SetSecurityInfo
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
EnumServicesStatusW
ImpersonateLoggedOnUser
RegQueryInfoKeyW
RegSetValueA
RegQueryValueW
RegFlushKey
RegQueryInfoKeyA
RegSetValueW
ConvertSidToStringSidW
GetTokenInformation
CryptReleaseContext
CryptAcquireContextW
QueryServiceStatusEx
CreateServiceW
GetUserNameW
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegCreateKeyW
RegCreateKeyA
DeleteService
RegEnumValueW
RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA

shell32

SHGetMalloc
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
ord155
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetPathFromIDListW

ole32

CoInitializeEx
StgCreateStorageEx
StgCreateDocfileOnILockBytes
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
StringFromGUID2

oleaut32

VariantCopy
SysAllocStringLen
VariantClear
SysStringByteLen
VarBstrCat
VarCmp
VarUI4FromStr
VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantChangeType
SysAllocStringByteLen

shlwapi

StrCmpIW
SHCreateStreamOnFileW
StrStrW
StrToIntW
SHGetValueW
UrlUnescapeW
PathIsRelativeW
StrStrIW
StrDupW
StrCmpNW
PathMatchSpecW
PathFileExistsW
StrCmpW
PathFindFileNameW
PathFindExtensionW
StrRChrW
StrCmpNIW
StrChrW
PathAppendW
PathRemoveFileSpecW
PathRenameExtensionW
PathCombineW
PathIsDirectoryW
StrTrimA

ws2_32

inet_ntoa
gethostname
WSAStartup
WSACleanup
inet_addr

version

VerQueryValueW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules
EnumDeviceDrivers
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameW
GetProcessMemoryInfo
GetModuleInformation

setupapi

SetupFindNextMatchLineW
SetupGetIntField
SetupFindNextLine
SetupGetFieldCount
SetupOpenFileQueue
SetupCloseFileQueue
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupIterateCabinetW

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertFindCertificateInStore
CertGetNameStringW
CertOpenStore
CryptMsgGetParam
CryptMsgUpdate
CryptMsgClose
CertCloseStore
CryptMsgOpenToDecode

mpr

WNetGetConnectionW

iphlpapi

GetIpAddrTable

wldap32

ord73
ord13
ord127
ord167
ord142
ord77
ord41
ord79
ord208
ord26
ord145
ord36
ord27
ord147
ord301

netapi32

DsRoleGetPrimaryDomainInformation
NetUserGetInfo
NetApiBufferFree
DsGetDcNameW
NetShareGetInfo
DsRoleFreeMemory

ntdll

RtlInitUnicodeString
ZwClose
ZwReadFile
ZwWriteFile
ZwOpenFile

Exports

Exports

AlphaBlend
Create360Object
CreateQuarantObject
CreateQuarantObjectFactory
DSCreateOrUpdateTask
DSDeleteTaskByCom
DecRefats
DllRegisterServer
DllUnregisterServer
DsEmpEnum
DsEmpGetState
DsEmpIsSupported
DsEmpOpen
DsEmpRule
DsGetSetSuperKillerSuccFlag
DsRKM
DsSetScanItemSortList
EngLib_Init
EngSectionRestore
FixDkSec
GetDkSecStatus
GetModErrCode
IsAutoRunFilePath
IsAutoRunReg
IsSupportFeature
SetDsSrvExePath
SetDsSrvName
SetHijackEngIncludeMode
SetHijackExcludeOrIncludeSt
SetSpkByCk

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 522KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 261KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15ea91365ad63ea1d9b6bd525baaedd0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

psapi

setupapi

crypt32

mpr

iphlpapi

wldap32

netapi32

ntdll

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 522KB - Virtual size: 524KB

.data Size: 261KB - Virtual size: 300KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 522KB - Virtual size: 524KB

.data
Size: 261KB - Virtual size: 300KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB